fix: merge conflicts

Usage.md

@@ -0,0 +1,23 @@
+# Usage
+
+## Simulation mode
+
+### Bulid and run docker containers
+
+```bash
+$ cd mercurylayer
+$ docker compose -f docker-compose-sim.yml up --build
+```
+### Add mmnemonics
+
+```bash
+$ docker exec -it mercurylayer-enclave-sgx-1 bash
+$ curl -X POST http://0.0.0.0:18080/add_mnemonic \
+-H "Content-Type: application/json" \
+-d '{
+    "mnemonic": "achieve merry hidden lyrics element brand student armed dismiss vague fury avocado grief crazy garlic gallery blur spider bag bless motor crawl surround copper",
+    "password": "b1gHKyfXTzs6",
+    "index": 0,
+    "threshold": 2
+}'
+```

build_compose_hw_run.sh

@@ -0,0 +1,5 @@
+set -e
+
+docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=rw aesmd-socket
+
+docker compose -f docker-compose-hw.yml up --build

clients/react-app/src/main/index.js

@@ -72,8 +72,10 @@ app.whenReady().then(async () => {
 
   try {
     // where to put that code?
+    const appDataPath = app.getPath('appData');
     const databaseFile = 'wallet.db' // config.get('databaseFile')
-    db = new sqlite3.Database(databaseFile)
+    const dbFilePath = path.join(appDataPath, databaseFile)
+    db = new sqlite3.Database(dbFilePath)
     await sqliteManager.createTables(db)
   } catch (error) {
     console.log('Database intialization Error:', error)

clients/rust/rust-toolchain.toml

@@ -0,0 +1,2 @@
+[toolchain]
+channel = "1.76.0"

docker-compose-hw.yml

@@ -0,0 +1,75 @@
+version: '3.8'
+
+services:
+  aesm:
+    build:
+      context: enclave
+      dockerfile: Dockerfiles/HW/Dockerfile
+      target: aesm
+    image: sgx_aesm
+    devices:
+      - /dev/isgx
+    volumes:
+      - aesmd-socket:/var/run/aesmd
+    stdin_open: true
+    tty: true
+
+  enclave-sgx:
+    build:
+      context: enclave
+      dockerfile: Dockerfiles/HW/Dockerfile
+      target: sample
+    depends_on:
+      - aesm
+      - db_enclave
+    environment:
+      - ENCLAVE_DATABASE_URL=postgres://postgres:postgres@db_enclave:5432/enclave
+    devices:
+      - /dev/isgx
+    volumes:
+      - aesmd-socket:/var/run/aesmd
+    stdin_open: true
+    tty: true
+
+  mercury-server:
+    build:
+      context: .
+      dockerfile: server/Dockerfile
+    depends_on:
+      - db_server
+    environment:
+      - LOCKBOX_URL=http://enclave-sgx:18080
+      - BITCOIN_NETWORK=testnet
+      - LOCKHEIGHT_INIT=1000
+      - LH_DECREMENT=10
+      - DATABASE_CONNECTION_STRING=postgres://postgres:postgres@db_server:5432/mercury
+    ports:
+      - "8000:8000"
+
+  db_enclave:
+    image: postgres:16.2
+    environment:
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: enclave
+    ports:
+      - "5433:5432"
+    volumes:
+      - postgres_enclave_data:/var/lib/postgresql/data
+
+  db_server:
+    image: postgres:16.2
+    environment:
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: mercury
+    ports:
+      - "5432:5432"
+    volumes:
+      - postgres_server_data:/var/lib/postgresql/data
+
+
+volumes:
+  aesmd-socket:
+    external: true
+  postgres_enclave_data:
+  postgres_server_data:
+

docker-compose-sim.yml

@@ -0,0 +1,52 @@
+version: '3.8'
+
+services:
+  enclave-sgx:
+    build:
+      context: enclave
+      dockerfile: Dockerfiles/SIM/Dockerfile
+    depends_on:
+      - db_enclave
+    environment:
+      - ENCLAVE_DATABASE_URL=postgres://postgres:postgres@db_enclave:5432/enclave
+
+  mercury-server:
+    build:
+      context: .
+      dockerfile: server/Dockerfile
+    depends_on:
+      - db_server
+    environment:
+      - LOCKBOX_URL=http://enclave-sgx:18080
+      - BITCOIN_NETWORK=testnet
+      - LOCKHEIGHT_INIT=1000
+      - LH_DECREMENT=10
+      - DATABASE_CONNECTION_STRING=postgres://postgres:postgres@db_server:5432/mercury
+    ports:
+      - "8000:8000"
+
+  db_enclave:
+    image: postgres:16.2
+    environment:
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: enclave
+    ports:
+      - "5433:5432"
+    volumes:
+      - postgres_enclave_data:/var/lib/postgresql/data
+
+  db_server:
+    image: postgres:16.2
+    environment:
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: mercury
+    ports:
+      - "5432:5432"
+    volumes:
+      - postgres_server_data:/var/lib/postgresql/data
+
+
+volumes:
+  postgres_enclave_data:
+  postgres_server_data:
+

docs/README.md

@@ -48,7 +48,7 @@ The design changes required are then as follows:
 
 ### Blind two-party Schnorr signatures
 
-Mercury layer by default employs Schnorr signatures via Taproot addresses for statecoins. To enable a signature to be generated over a shared public key (by the two private key shares of the server and owner) a blinded variant of the Musig2 protocol is employed. In this variant, one of the co-signing parties (the server) does not learn of 1) The full shared public key or 2) The final signature generated. An ephemeral key commitment scheme is employed to ensure Wagner based attacks are not possible. 
+Mercury layer by default employs Schnorr signatures via Taproot addresses for statecoins. To enable a signature to be generated over a shared public key (by the two private key shares of the server and owner) a blinded variant of the Musig2 protocol is employed. In this variant, one of the co-signing parties (the server) does not learn of 1) The full shared public key or 2) The final signature generated. 
 
 ### Client transaction verification
 

enclave/App/App.cpp

@@ -49,15 +49,16 @@ void ocall_print_hex(const unsigned char** key, const int *keylen)
     printf("%s\n", key_to_string(*key, *keylen).c_str());
 }
 
-void initialize_encrypted_data(chacha20_poly1305_encrypted_data& encrypted_data, size_t data_len) {
+// TODO: duplicated. Remove this.
+std::string getDatabaseConnectionString() {
+    const char* value = std::getenv("ENCLAVE_DATABASE_URL");
 
-    // initialize encrypted_data
-    encrypted_data.data_len = data_len;
-    encrypted_data.data = new unsigned char[encrypted_data.data_len];
-    memset(encrypted_data.data, 0, encrypted_data.data_len);
-
-    memset(encrypted_data.mac, 0, sizeof(encrypted_data.mac));
-    memset(encrypted_data.nonce, 0, sizeof(encrypted_data.nonce));
+    if (value == nullptr) {
+        auto config = toml::parse_file("Settings.toml");
+        return config["intel_sgx"]["database_connection_string"].as_string()->get();
+    } else {
+        return std::string(value);        
+    }
 }
 
 int SGX_CDECL main(int argc, char *argv[])
@@ -70,9 +71,6 @@ int SGX_CDECL main(int argc, char *argv[])
     sgx_enclave_id_t enclave_id = 0;
     std::mutex mutex_enclave_id; // protects map_aggregate_key_data
 
-    auto config = toml::parse_file("Settings.toml");
-    auto database_connection_string = config["intel_sgx"]["database_connection_string"].as_string()->get();
-
     {
         const std::lock_guard<std::mutex> lock(mutex_enclave_id);
 
@@ -229,7 +227,9 @@ int SGX_CDECL main(int argc, char *argv[])
     });
 
     CROW_ROUTE(app,"/delete_statechain/<string>")
-        .methods("DELETE"_method)([&database_connection_string](std::string statechain_id){
+        .methods("DELETE"_method)([](std::string statechain_id){
+
+        auto database_connection_string = getDatabaseConnectionString();
 
         std::string error_message;
         pqxx::connection conn(database_connection_string);
@@ -262,18 +262,20 @@ int SGX_CDECL main(int argc, char *argv[])
             }
 
             if (req_body.count("mnemonic") == 0 || 
+                req_body.count("password") == 0 || 
                 req_body.count("index") == 0 ||
                 req_body.count("threshold") == 0) {
-                return crow::response(400, "Invalid parameters. They must be 'mnemonic', 'index' and 'threshold'.");
+                return crow::response(400, "Invalid parameters. They must be 'mnemonic', 'password', 'index' and 'threshold'.");
             }
 
             std::string mnemonic = req_body["mnemonic"].s();
+            std::string password = req_body["password"].s();
             int64_t index = req_body["index"].i();
             int64_t threshold = req_body["threshold"].i();
 
             const std::lock_guard<std::mutex> lock(mutex_enclave_id);
 
-            auto ret = sealing_key_manager.addMnemonic(enclave_id, mnemonic, (size_t) index, (size_t) threshold);
+            auto ret = sealing_key_manager.addMnemonic(enclave_id, mnemonic, password, (size_t) index, (size_t) threshold);
 
             if (!ret.success) {
                 return crow::response(ret.code, ret.message);

enclave/App/database/db_manager.cpp

@@ -10,6 +10,17 @@
 #include <string>
 namespace db_manager {
 
+    std::string getDatabaseConnectionString() {
+        const char* value = std::getenv("ENCLAVE_DATABASE_URL");
+
+        if (value == nullptr) {
+            auto config = toml::parse_file("Settings.toml");
+            return config["intel_sgx"]["database_connection_string"].as_string()->get();
+        } else {
+            return std::string(value);        
+        }
+    }
+
     // Assumes the buffer is large enough. In a real application, ensure buffer safety.
     void serialize(const chacha20_poly1305_encrypted_data* src, unsigned char* buffer, size_t* serialized_len) {
         // Copy `data_len`, `nonce`, and `mac` directly
@@ -60,8 +71,7 @@ namespace db_manager {
         const std::string& statechain_id,
         std::string& error_message) {
 
-        auto config = toml::parse_file("Settings.toml");
-        auto database_connection_string = config["intel_sgx"]["database_connection_string"].as_string()->get();
+        auto database_connection_string = getDatabaseConnectionString();
 
         try
         {
@@ -131,8 +141,7 @@ namespace db_manager {
         unsigned char* public_nonce, const size_t public_nonce_size, 
         std::string& error_message)
     {
-        auto config = toml::parse_file("Settings.toml");
-        auto database_connection_string = config["intel_sgx"]["database_connection_string"].as_string()->get();
+        auto database_connection_string = getDatabaseConnectionString();
 
         try
         {
@@ -217,8 +226,7 @@ namespace db_manager {
         const chacha20_poly1305_encrypted_data& encrypted_secnonce, 
         std::string& error_message) 
     {
-        auto config = toml::parse_file("Settings.toml");
-        auto database_connection_string = config["intel_sgx"]["database_connection_string"].as_string()->get();
+        auto database_connection_string = getDatabaseConnectionString();
 
         try
         {
@@ -264,8 +272,7 @@ namespace db_manager {
 
     bool update_sig_count(const std::string& statechain_id) 
     {
-        auto config = toml::parse_file("Settings.toml");
-        auto database_connection_string = config["intel_sgx"]["database_connection_string"].as_string()->get();
+        auto database_connection_string = getDatabaseConnectionString();
 
         try
         {
@@ -293,8 +300,7 @@ namespace db_manager {
 
     bool signature_count(const std::string& statechain_id, int& sig_count) {
 
-        auto config = toml::parse_file("Settings.toml");
-        auto database_connection_string = config["intel_sgx"]["database_connection_string"].as_string()->get();
+        auto database_connection_string = getDatabaseConnectionString();
 
         try
         {
@@ -336,8 +342,7 @@ namespace db_manager {
         const std::string& statechain_id,
         std::string& error_message) 
     {
-        auto config = toml::parse_file("Settings.toml");
-        auto database_connection_string = config["intel_sgx"]["database_connection_string"].as_string()->get();
+        auto database_connection_string = getDatabaseConnectionString();
 
         try
         {