Add ChaCha20-Poly1305 encryption scheme

This commit adds ChaCha20-Poly1305 algorithm to be used to encrypt any enclave data instead of using the SGX built-in functions. This way, the data can be decrypted on another machine as long the same encryption key be used. SGX functions are still used to seal and unseal the encryption key.
commerceblock · Apr 5, 2024 · ea8d1ed · ea8d1ed
1 parent 95056b3
commit ea8d1ed
Show file tree

Hide file tree

Showing 34 changed files with 4,845 additions and 947 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 /target
+.vscode
diff --git a/clients/rust/Settings.toml b/clients/rust/Settings.toml
@@ -1,9 +1,10 @@
-#statechain_entity = "http://127.0.0.1:8000"
-statechain_entity = "http://j23wevaeducxuy3zahd6bpn4x76cymwz2j3bdixv7ow4awjrg5p6jaid.onion"
+statechain_entity = "http://127.0.0.1:8000"
+#statechain_entity = "http://j23wevaeducxuy3zahd6bpn4x76cymwz2j3bdixv7ow4awjrg5p6jaid.onion"
 #electrum_server = "tcp://127.0.0.1:50001"
 electrum_server = "tcp://signet-electrumx.wakiyamap.dev:50001"
+electrum_type = "electrs"
 network = "signet"
 fee_rate_tolerance = 5
 database_file="wallet.db"
 confirmation_target = 2
-tor_proxy = "socks5h://localhost:9050"
+#tor_proxy = "socks5h://localhost:9050"
diff --git a/clients/rust/src/client_config.rs b/clients/rust/src/client_config.rs
@@ -11,6 +11,8 @@ pub struct ClientConfig {
     pub electrum_client: electrum_client::Client,
     /// Electrum server url
     pub electrum_server_url: String,
+    /// Electrum server type (e.g. electrs, electrumx, etc.)
+    pub electrum_type: String,
     /// Bitcoin network name (testnet, regtest, mainnet)
     pub network: Network,
     /// Fee rate tolerance
@@ -32,6 +34,7 @@ impl ClientConfig {
 
         let statechain_entity = settings.get_string("statechain_entity").unwrap();
         let electrum_server = settings.get_string("electrum_server").unwrap();
+        let electrum_type = settings.get_string("electrum_type").unwrap();
         let network = settings.get_string("network").unwrap();
         let fee_rate_tolerance = settings.get_int("fee_rate_tolerance").unwrap() as u32;
         let database_file = settings.get_string("database_file").unwrap();
@@ -75,6 +78,7 @@ impl ClientConfig {
             statechain_entity,
             electrum_client,
             electrum_server_url: electrum_server,
+            electrum_type,
             network,
             fee_rate_tolerance,
             confirmation_target,

diff --git a/clients/rust/src/wallet.rs b/clients/rust/src/wallet.rs
@@ -1,6 +1,6 @@
 use anyhow::Result;
 use electrum_client::ElectrumApi;
-use mercury_lib::wallet::{Wallet, generate_mnemonic};
+use mercury_lib::wallet::{generate_mnemonic, Settings, Wallet};
 
 use crate::{utils::info_config, client_config::ClientConfig};
 
@@ -15,19 +15,45 @@ pub async fn create_wallet(
     let block_header = client_config.electrum_client.block_headers_subscribe_raw()?;
     let blockheight = block_header.height as u32;
 
+    let electrum_endpoint = client_config.electrum_server_url.to_string();
+    let (electrum_protocol, rest) = electrum_endpoint.split_once("://").expect("Could not find protocol separator");
+
+    let (electrum_host, electrum_port) = rest.rsplit_once(':').expect("Could not find port separator");
+
+    let notifications = false;
+    let tutorials = false;
+
+    let settings = Settings {
+        network: client_config.network.to_string(),
+        block_explorerURL: None,
+        torProxyHost: None,
+        torProxyPort: None,
+        torProxyControlPassword: None,
+        torProxyControlPort: None,
+        statechainEntityApi: client_config.statechain_entity.to_string(),
+        torStatechainEntityApi: None,
+        electrumProtocol: electrum_protocol.to_string(),
+        electrumHost: electrum_host.to_string(),
+        electrumPort: electrum_port.to_string(),
+        electrumType: client_config.electrum_type.to_string(),
+        notifications,
+        tutorials,
+    };
+
     let wallet = Wallet {
         name: name.to_string(),
         mnemonic,
         version: String::from("0.1.0"),
         state_entity_endpoint: client_config.statechain_entity.to_string(),
-        electrum_endpoint: client_config.electrum_server_url.to_string(),
+        electrum_endpoint,
         network: client_config.network.to_string(),
         blockheight,
         initlock: server_info.initlock,
         interval: server_info.interval,
         tokens: Vec::new(),
         activities: Vec::new(),
-        coins: Vec::new()
+        coins: Vec::new(),
+        settings,
     };
 
     // save wallet to database

diff --git a/docs/tokens.md b/docs/tokens.md
@@ -61,5 +61,5 @@ The logic for initialising a statecoin deposit proceeds as follows:
 
 1. First deposit screen: user selects statecoin deposit amount
 2. Wallet accesses `tokens` array. If there is a `token_id` with `confirmed = true` and `spent = false`, then deposit init is performed using this `token_id`. Once deposit init has completed, that `token_id` in the tokens array is updated as status `spent = true` and the wallet saved.
-3. If there is a `token_id` with `confirmed = false` and `spent = false`, then the `tokens/token_verify/<token_id>` endpoint is called. If it returns `true`, then update `token_id` entry in `tokens` to `confirmed = true` and save the wallet. Then deposit init is performed using this `token_id`. Once deposit init has completed, that `token_id` in the tokens array is updated as status `spent = true` and the wallet saved. If `tokens/token_verify/<token_id>` returns `false`, go to next step.
-4. Otherwise, call `tokens/token_init` endpoint. Save returned `token_id` and `processor_id` in `tokens` array with `confirmed = false` and `spent = false`. Use `processor_id` to get invoice and fee address from the payment processor and display (as QR codes) in the wallet UI. Then poll `tokens/token_verify/<token_id>` until it returns `true`, and then update `token_id` entry in `tokens` to `confirmed = true` and save the wallet. Then deposit init is performed using this `token_id`. Once deposit init has completed, that `token_id` in the tokens array is updated as status `spent = true` and the wallet saved.
+3. If there is a `token_id` with `confirmed = false` and `spent = false`, then the `token/token_verify/<token_id>` endpoint is called. If it returns `true`, then update `token_id` entry in `tokens` to `confirmed = true` and save the wallet. Then deposit init is performed using this `token_id`. Once deposit init has completed, that `token_id` in the tokens array is updated as status `spent = true` and the wallet saved. If `token/token_verify/<token_id>` returns `false`, go to next step.
+4. Otherwise, call `token/token_init` endpoint. Save returned `token_id` and `processor_id` in `tokens` array with `confirmed = false` and `spent = false`. Use `processor_id` to get invoice and fee address from the payment processor and display (as QR codes) in the wallet UI. Then poll `token/token_verify/<token_id>` until it returns `true`, and then update `token_id` entry in `tokens` to `confirmed = true` and save the wallet. Then deposit init is performed using this `token_id`. Once deposit init has completed, that `token_id` in the tokens array is updated as status `spent = true` and the wallet saved.
diff --git a/enclave/.gitignore b/enclave/.gitignore
@@ -37,4 +37,5 @@ App/Enclave_u.h
 Enclave/Enclave_t.c
 Enclave/Enclave_t.h
 app
-Settings.toml
+Settings.toml
+node.sealed_seed