feat: add omni_exportBundlerPrivateKey RPC method (#3746)

Author: silva-fj

tee-worker/omni-executor/.env.example

@@ -63,6 +63,9 @@ OE_WILDMETA_API_URL=
 # Wildmeta Backend ECDSA Public Key (for WildmetaBackend auth signature verification)
 OE_WILDMETA_BACKEND_ECDSA_PUBKEY=020000000000000000000000000000000000000000000000000000000000000000
 
+# Bundler Key Export Authorized Public Key (for bundler key export authorization)
+OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY=020000000000000000000000000000000000000000000000000000000000000000
+
 # Solana
 OE_SOLANA_URL=
 

tee-worker/omni-executor/.env.test

@@ -26,3 +26,4 @@ OE_OMNI_FACTORY_ADDRESS=0x0000000000000000000000000000000000000000
 OE_ENTRY_POINT_ADDRESS=0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789
 OE_WILDMETA_API_URL=http://127.0.0.1:3456/wildmeta
 OE_WILDMETA_BACKEND_ECDSA_PUBKEY=020000000000000000000000000000000000000000000000000000000000000000
+OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY=020000000000000000000000000000000000000000000000000000000000000000

tee-worker/omni-executor/Dockerfile

@@ -48,6 +48,9 @@ FROM gramineproject/gramine:1.9-jammy AS sgx-builder
 ARG OE_WILDMETA_BACKEND_ECDSA_PUBKEY="020000000000000000000000000000000000000000000000000000000000000000"
 ENV OE_WILDMETA_BACKEND_ECDSA_PUBKEY=$OE_WILDMETA_BACKEND_ECDSA_PUBKEY
 
+ARG OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY="020000000000000000000000000000000000000000000000000000000000000000"
+ENV OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY=$OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY
+
 RUN apt-get update
 
 RUN apt-get install -y \
@@ -78,6 +81,12 @@ RUN make SGX=1 SGX_DEBUG=0 SOURCE_DATE_EPOCH=1700000000 CARGO_PROFILE_RELEASE_DE
 FROM gramineproject/gramine:1.9-jammy AS release
 LABEL maintainer="Trust Computing GmbH <info@litentry.com>"
 
+ARG OE_WILDMETA_BACKEND_ECDSA_PUBKEY="020000000000000000000000000000000000000000000000000000000000000000"
+ENV OE_WILDMETA_BACKEND_ECDSA_PUBKEY=$OE_WILDMETA_BACKEND_ECDSA_PUBKEY
+
+ARG OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY="020000000000000000000000000000000000000000000000000000000000000000"
+ENV OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY=$OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY
+
 ENV HOME=/home/ubuntu
 ENV BUILD_DIR=$HOME/tee-worker/omni-executor
 ENV BIN_DIR=/wkdir

tee-worker/omni-executor/config-loader/src/config.rs

@@ -62,6 +62,8 @@ const DEFAULT_ENTRY_POINT_ADDRESS: &str = "0x5FF137D4b0FDCD49DcA30c7CF57E578a026
 const DEFAULT_WILDMETA_API_URL: &str = "https://test-dex-api.heima.network";
 const DEFAULT_WILDMETA_BACKEND_ECDSA_PUBKEY: &str =
 	"020000000000000000000000000000000000000000000000000000000000000000";
+const DEFAULT_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY: &str =
+	"020000000000000000000000000000000000000000000000000000000000000000";
 
 #[derive(Debug, Clone)]
 pub struct MailerConfig {
@@ -108,6 +110,7 @@ pub struct ConfigLoader {
 	pub entry_point_address: String,
 	pub wildmeta_api_url: String,
 	pub wildmeta_backend_ecdsa_pubkey: String,
+	pub bundler_key_export_authorized_pubkey: String,
 }
 
 struct EnvVar {
@@ -323,6 +326,15 @@ impl ConfigLoader {
 					optional: false,
 				},
 			),
+			(
+				"bundler_key_export_authorized_pubkey",
+				EnvVar {
+					env_key: "OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY",
+					default: DEFAULT_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY,
+					sensitive: false,
+					optional: false,
+				},
+			),
 		]);
 
 		let alchemy_key = std::env::var("OE_ALCHEMY_KEY").unwrap_or_default();
@@ -362,6 +374,7 @@ impl ConfigLoader {
 			entry_point_address: get("entry_point_address"),
 			wildmeta_api_url: get("wildmeta_api_url"),
 			wildmeta_backend_ecdsa_pubkey: get("wildmeta_backend_ecdsa_pubkey"),
+			bundler_key_export_authorized_pubkey: get("bundler_key_export_authorized_pubkey"),
 		}
 	}
 

tee-worker/omni-executor/executor-worker/src/main.rs

@@ -494,6 +494,26 @@ async fn main() -> Result<(), ()> {
 				pubkey_array
 			};
 
+			let bundler_key_export_authorized_pubkey =
+				{
+					use executor_primitives::utils::hex::decode_hex;
+					let pubkey_hex = &config_loader.bundler_key_export_authorized_pubkey;
+					let pubkey_bytes =
+						decode_hex(pubkey_hex).map_err(|e| {
+							error!("Failed to decode bundler key export authorized ECDSA public key: {:?}", e);
+						})?;
+					if pubkey_bytes.len() != 33 {
+						error!(
+						"Invalid bundler key export authorized ECDSA public key length: expected 33 bytes, got {}",
+						pubkey_bytes.len()
+					);
+						return Err(());
+					}
+					let mut pubkey_array = [0u8; 33];
+					pubkey_array.copy_from_slice(&pubkey_bytes);
+					pubkey_array
+				};
+
 			start_rpc_server(
 				worker_url.port().expect("Missing worker port"),
 				shielding_key,
@@ -506,6 +526,8 @@ async fn main() -> Result<(), ()> {
 				wildmeta_api,
 				wildmeta_timestamp_storage,
 				wildmeta_backend_ecdsa_pubkey,
+				evm_accounting_ecdsa_signer_key,
+				bundler_key_export_authorized_pubkey,
 				Arc::new(ethereum_intent_executor),
 				Arc::new(solana_intent_executor),
 				Arc::new(cross_chain_intent_executor),

tee-worker/omni-executor/omni-executor.manifest.template

@@ -87,6 +87,7 @@ loader.env.OE_OMNI_FACTORY_ADDRESS = { passthrough = true }
 loader.env.OE_ENTRY_POINT_ADDRESS = { passthrough = true }
 loader.env.OE_WILDMETA_API_URL = { passthrough = true }
 loader.env.OE_WILDMETA_BACKEND_ECDSA_PUBKEY = "{{ env.get('OE_WILDMETA_BACKEND_ECDSA_PUBKEY', '020000000000000000000000000000000000000000000000000000000000000000') }}"
+loader.env.OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY = "{{ env.get('OE_BUNDLER_KEY_EXPORT_AUTHORIZED_PUBKEY', '020000000000000000000000000000000000000000000000000000000000000000') }}"
 
 # This key is a workaround because gramine-direct doesn't provide _sgx_mrsigner key
 {{'' if env.get('SGX', '0') == '1' else 'fs.insecure__keys.fake_sgx_mrsigner = "ffeeddccbbaa99887766554433221100"'}}