Skip to content

Commit

Permalink
be in line with 674 label
Browse files Browse the repository at this point in the history
  • Loading branch information
@paweljakubas
paweljakubas committed Apr 25, 2024
1 parent 0e74ac3 commit bd17750
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 27 deletions.
20 changes: 11 additions & 9 deletions lib/api/src/Cardano/Wallet/Api/Http/Shelley/Server.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3156,8 +3156,9 @@ constructTransaction api argGenChange knownPools poolStatus apiWalletId body = d
. foldr (uncurry (Map.insertWith (<>))) Map.empty

-- When encryption is enabled we do the following:
-- (a) find field(s) `msg` in the first level value pairs for each key
-- (b) encrypt the 'msg' values if present, if there is no 'msg' value emit error
-- (a) find field `msg` in the object of "674" label
-- (b) encrypt the 'msg' value if present, if there is neither "674" label
-- nor 'msg' value inside object of it emit error
-- (c) update value of `msg` with the encrypted initial value(s) encoded in base64
-- [TxMetaText base64_1, TxMetaText base64_2, ..., TxMetaText base64_n]
-- (d) add `enc` field with encryption method value 'basic'
Expand All @@ -3167,9 +3168,9 @@ toMetadataEncrypted
-> Maybe ByteString
-> Either ErrConstructTx Cardano.TxMetadata
toMetadataEncrypted apiEncrypt payload saltM = do
msgValues <- findMsgValues
msgValues' <- mapM encryptingMsg msgValues
pure $ updateTxMetadata msgValues'
msgValue <- findMsgValue
msgValue' <- mapM encryptingMsg msgValue
pure $ updateTxMetadata msgValue'
where
pwd = BA.convert $ unPassphrase $ getApiT $ apiEncrypt ^. #passphrase
(secretKey, iv) = PBKDF2.generateKey PBKDF2Config
Expand All @@ -3187,14 +3188,15 @@ toMetadataEncrypted apiEncrypt payload saltM = do
merge (Just val) Nothing = Just val
merge Nothing Nothing = Nothing
merge (Just _) (Just _) = error "only one 'msg' field expected"
-- assumption: `msg` is not embedded beyond the first level
-- we could change that in the future
-- `msg` is not embedded beyond the first level
inspectMetaPair (Cardano.TxMetaMap pairs) =
foldl merge Nothing (getMsgValue <$> pairs)
inspectMetaPair _ = Nothing
findMsgValues =
keyAndValueCond k v =
k == 674 && (isJust $ inspectMetaPair v)
findMsgValue =
let (Cardano.TxMetadata themap) = payload ^. #txMetadataWithSchema_metadata
filteredMap = Map.filter (isJust . inspectMetaPair) themap
filteredMap = Map.filterWithKey keyAndValueCond themap
in if Map.size filteredMap >= 1 then
Right $ Map.toList filteredMap
else
Expand Down
36 changes: 18 additions & 18 deletions lib/unit/test/unit/Cardano/Wallet/Api/TypesSpec.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1184,19 +1184,19 @@ spec = do
describe "toMetadataEncrypted openssl goldens" $ do
-- $ echo -n '"secret data"' | openssl enc -e -aes-256-cbc -pbkdf2 -iter 10000 -a -k "cardano" -nosalt
-- vBSywXY+WGcrckHUCyjJcQ==
it "msg is 0-level deep short - no salt" $ do
it "short msg - no salt" $ do
let apiEncrypt = ApiEncryptMetadata
{ passphrase = ApiT $ Passphrase "cardano"
, enc = Nothing
}
schemaBefore = TxMetadataWithSchema TxMetadataNoSchema $ Cardano.TxMetadata $ Map.fromList
[( 0, Cardano.TxMetaMap
[( 674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaText "secret data")
])
]
schemaAfter = Cardano.TxMetadata $ Map.fromList $
[ (0, Cardano.TxMetaMap
[ (674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaList [Cardano.TxMetaText "vBSywXY+WGcrckHUCyjJcQ=="])
, (Cardano.TxMetaText "enc", Cardano.TxMetaText "basic")
Expand All @@ -1208,19 +1208,19 @@ spec = do
-- $ echo -n '"secret data that is long enough to produce more than 64 bytes"' | openssl enc -e -aes-256-cbc -pbkdf2 -iter 10000 -a -k "cardano" -nosalt
-- OLSOdRF+P56rW9gUopHcs0HHcdmPP5ujhSuB+r84VJgvsMOsqmIZx2etosnkyOc8
-- ygjbu25gCdhJh7iEpAJVaA==
it "msg is 0-level deep long - no salt" $ do
it "long msg - no salt" $ do
let apiEncrypt = ApiEncryptMetadata
{ passphrase = ApiT $ Passphrase "cardano"
, enc = Nothing
}
schemaBefore = TxMetadataWithSchema TxMetadataNoSchema $ Cardano.TxMetadata $ Map.fromList
[( 0, Cardano.TxMetaMap
[( 674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaText "secret data that is long enough to produce more than 64 bytes")
])
]
schemaAfter = Cardano.TxMetadata $ Map.fromList $
[ (0, Cardano.TxMetaMap
[ (674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaList
[ Cardano.TxMetaText "OLSOdRF+P56rW9gUopHcs0HHcdmPP5ujhSuB+r84VJgvsMOsqmIZx2etosnkyOc8"
Expand All @@ -1234,13 +1234,13 @@ spec = do
-- $ echo -n '["Invoice-No: 123456789","Order-No: 7654321","Email: john@doe.com"]' | openssl enc -e -aes-256-cbc -pbkdf2 -iter 10000 -a -k "cardano" -nosalt
-- IBcjjGQ7akr/CV2Zb0HtCvEPQNndZujCZ7iaFGMjOX3q3PJg5aRUvHgO3gPnDzYE
-- 7jFsGUK1bCdwsrn8kqI92NccbG8oAtPJUktZTTcO/bg=
it "msg is 0-level deep complex - no salt" $ do
it "cip msg - no salt" $ do
let apiEncrypt = ApiEncryptMetadata
{ passphrase = ApiT $ Passphrase "cardano"
, enc = Nothing
}
schemaBefore = TxMetadataWithSchema TxMetadataNoSchema $ Cardano.TxMetadata $ Map.fromList
[( 0, Cardano.TxMetaMap
[( 674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaList
[ Cardano.TxMetaText "Invoice-No: 123456789"
Expand All @@ -1250,7 +1250,7 @@ spec = do
])
]
schemaAfter = Cardano.TxMetadata $ Map.fromList $
[ (0, Cardano.TxMetaMap
[ (674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaList
[ Cardano.TxMetaText "IBcjjGQ7akr/CV2Zb0HtCvEPQNndZujCZ7iaFGMjOX3q3PJg5aRUvHgO3gPnDzYE"
Expand All @@ -1263,19 +1263,19 @@ spec = do

-- $ $ echo -n '"secret data"' | openssl enc -e -aes-256-cbc -pbkdf2 -iter 10000 -a -k "cardano" -S 3030303030303030
-- U2FsdGVkX18wMDAwMDAwMF0ea/2sHeptB3SvZtgc600=
it "msg is 0-level deep short - salted" $ do
it "short msg - salted" $ do
let apiEncrypt = ApiEncryptMetadata
{ passphrase = ApiT $ Passphrase "cardano"
, enc = Nothing
}
schemaBefore = TxMetadataWithSchema TxMetadataNoSchema $ Cardano.TxMetadata $ Map.fromList
[( 0, Cardano.TxMetaMap
[( 674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaText "secret data")
])
]
schemaAfter = Cardano.TxMetadata $ Map.fromList $
[ (0, Cardano.TxMetaMap
[ (674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaList
[Cardano.TxMetaText "U2FsdGVkX18wMDAwMDAwMF0ea/2sHeptB3SvZtgc600="])
Expand All @@ -1289,19 +1289,19 @@ spec = do
-- $ echo -n '"secret data that is long enough to produce more than 64 bytes"' | openssl enc -e -aes-256-cbc -pbkdf2 -iter 10000 -a -k "cardano" -S 3030303030303030
-- U2FsdGVkX18wMDAwMDAwMPNdhZQON/Hlwqvk4+sNRCa90QrAVpIGUlWgZhgNlwKh
-- PbR/qyT2q0tejHQmsHdORif5rvZYTzJGsTutA0RIcFU=
it "msg is 0-level deep long - salted" $ do
it "long msg - salted" $ do
let apiEncrypt = ApiEncryptMetadata
{ passphrase = ApiT $ Passphrase "cardano"
, enc = Nothing
}
schemaBefore = TxMetadataWithSchema TxMetadataNoSchema $ Cardano.TxMetadata $ Map.fromList
[( 0, Cardano.TxMetaMap
[( 674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaText "secret data that is long enough to produce more than 64 bytes")
])
]
schemaAfter = Cardano.TxMetadata $ Map.fromList $
[ (0, Cardano.TxMetaMap
[ (674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaList
[ Cardano.TxMetaText "U2FsdGVkX18wMDAwMDAwMPNdhZQON/Hlwqvk4+sNRCa90QrAVpIGUlWgZhgNlwKh"
Expand All @@ -1316,13 +1316,13 @@ spec = do
-- $ $ echo -n '["Invoice-No: 123456789","Order-No: 7654321","Email: john@doe.com"]' | openssl enc -e -aes-256-cbc -pbkdf2 -iter 10000 -a -k "cardano" -S 3030303030303030
-- U2FsdGVkX18wMDAwMDAwMFlOS4b0tXrZA7U5aQaHeI/sP74h84EPEjGv0wl4D8Do
-- +SIXXn04a9xkoFHk4ZH281nIfH5lpClsO16p2vRpSsdBDFO78aTPX3bsHsRE0L2A
it "msg is 0-level deep complex - no salt" $ do
it "cip msg - no salt" $ do
let apiEncrypt = ApiEncryptMetadata
{ passphrase = ApiT $ Passphrase "cardano"
, enc = Nothing
}
schemaBefore = TxMetadataWithSchema TxMetadataNoSchema $ Cardano.TxMetadata $ Map.fromList
[( 0, Cardano.TxMetaMap
[( 674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaList
[ Cardano.TxMetaText "Invoice-No: 123456789"
Expand All @@ -1332,7 +1332,7 @@ spec = do
])
]
schemaAfter = Cardano.TxMetadata $ Map.fromList $
[ (0, Cardano.TxMetaMap
[ (674, Cardano.TxMetaMap
[ (Cardano.TxMetaText "field", Cardano.TxMetaNumber 123)
, (Cardano.TxMetaText "msg", Cardano.TxMetaList
[ Cardano.TxMetaText "U2FsdGVkX18wMDAwMDAwMFlOS4b0tXrZA7U5aQaHeI/sP74h84EPEjGv0wl4D8Do"
Expand Down

0 comments on commit bd17750

Please sign in to comment.