Merge #2767

2767: cabal: Add a flag to enable/disable scrypt r=rvl a=rvl

### Issue Number

ADP-842
Fixes #2578.

### Overview

- Adds cabal flag so that cardano-wallet can be compiled without the `scrypt` package.
- Replaces `scrypt` with `cryptonite` for the integration tests only

If `scrypt` does not compile for your target system, then disable it with:

```
cabal configure --disable-tests --enable-benchmarks -f-scrypt
```

### Comments

I'm not too keen on changing the scrypt package in the main code, for the time being. But we can replace this package in the integration tests, without too much risk.

Need to use conditional modules instead of CPP because that breaks stylish-haskell.


Co-authored-by: Rodney Lorrimar <[email protected]>
Co-authored-by: Hamish Mackenzie <[email protected]>
Co-authored-by: Johannes Lund <[email protected]>
Co-authored-by: IOHK <[email protected]>

lib/cli/src/Cardano/CLI.hs

@@ -165,15 +165,11 @@ import Cardano.Wallet.Api.Types
 import Cardano.Wallet.Orphans
     ()
 import Cardano.Wallet.Primitive.AddressDerivation
-    ( Depth (..)
-    , DerivationType (..)
-    , Index (..)
-    , Passphrase (..)
-    , PassphraseMaxLength
-    , PassphraseMinLength
-    )
+    ( Depth (..), DerivationType (..), Index (..) )
 import Cardano.Wallet.Primitive.AddressDiscovery.Sequential
     ( AddressPoolGap, defaultAddressPoolGap )
+import Cardano.Wallet.Primitive.Passphrase
+    ( Passphrase (..), PassphraseMaxLength, PassphraseMinLength )
 import Cardano.Wallet.Primitive.SyncProgress
     ( SyncTolerance (..) )
 import Cardano.Wallet.Primitive.Types
@@ -795,7 +791,7 @@ cmdTransactionCreate isShelley mkTxClient mkWalletClient =
         res <- sendRequest wPort $ getWallet mkWalletClient $ ApiT wId
         case res of
             Right _ -> do
-                wPwd <- getPassphrase @"raw" "Please enter your passphrase: "
+                wPwd <- getPassphrase @"user" "Please enter your passphrase: "
                 runClient wPort Aeson.encodePretty $ postTransaction
                     mkTxClient
                     (ApiT wId)

lib/core-integration/cardano-wallet-core-integration.cabal

@@ -81,7 +81,6 @@ library
     , resourcet
     , retry
     , say
-    , scrypt
     , serialise
     , string-interpolate
     , template-haskell

lib/core-integration/src/Test/Integration/Framework/DSL.hs

@@ -273,14 +273,12 @@ import Cardano.Wallet.Primitive.AddressDerivation
     , HardDerivation (..)
     , Index (..)
     , NetworkDiscriminant (..)
-    , Passphrase (..)
     , PaymentAddress (..)
     , PersistPublicKey (..)
     , Role (..)
     , WalletKey (..)
     , fromHex
     , hex
-    , preparePassphrase
     )
 import Cardano.Wallet.Primitive.AddressDerivation.Byron
     ( ByronKey (..) )
@@ -292,6 +290,10 @@ import Cardano.Wallet.Primitive.AddressDiscovery.Sequential
     ( coinTypeAda )
 import Cardano.Wallet.Primitive.AddressDiscovery.Shared
     ( CredentialType (..) )
+import Cardano.Wallet.Primitive.Passphrase
+    ( Passphrase (..), preparePassphrase )
+import Cardano.Wallet.Primitive.Passphrase.Legacy
+    ( encryptPassphraseTestingOnly )
 import Cardano.Wallet.Primitive.SyncProgress
     ( SyncProgress (..) )
 import Cardano.Wallet.Primitive.Types
@@ -451,15 +453,12 @@ import qualified Cardano.Wallet.Primitive.AddressDerivation.Byron as Byron
 import qualified Cardano.Wallet.Primitive.AddressDerivation.Icarus as Icarus
 import qualified Cardano.Wallet.Primitive.AddressDerivation.Shared as Shared
 import qualified Cardano.Wallet.Primitive.AddressDerivation.Shelley as Shelley
-import qualified Cardano.Wallet.Primitive.Types as W
+import qualified Cardano.Wallet.Primitive.Passphrase.Types as W
 import qualified Cardano.Wallet.Primitive.Types.Coin as Coin
 import qualified Cardano.Wallet.Primitive.Types.TokenBundle as TokenBundle
 import qualified Cardano.Wallet.Primitive.Types.TokenMap as TokenMap
 import qualified Cardano.Wallet.Primitive.Types.TokenQuantity as TokenQuantity
 import qualified Codec.Binary.Bech32 as Bech32
-import qualified Codec.CBOR.Encoding as CBOR
-import qualified Codec.CBOR.Write as CBOR
-import qualified Crypto.Scrypt as Scrypt
 import qualified Data.Aeson as Aeson
 import qualified Data.ByteArray as BA
 import qualified Data.ByteString as BS
@@ -1280,17 +1279,8 @@ emptyRandomWalletWithPasswd ctx rawPwd = do
             $ hex
             $ Byron.getKey
             $ Byron.generateKeyFromSeed seed pwd
-    pwdH <- liftIO $ T.decodeUtf8 . hex <$> encryptPasswordWithScrypt pwd
+    pwdH <- liftIO $ toText <$> encryptPassphraseTestingOnly pwd
     emptyByronWalletFromXPrvWith ctx "random" ("Random Wallet", key, pwdH)
-  where
-    encryptPasswordWithScrypt =
-        fmap Scrypt.getEncryptedPass
-        . Scrypt.encryptPassIO Scrypt.defaultParams
-        . Scrypt.Pass
-        . CBOR.toStrictByteString
-        . CBOR.encodeBytes
-        . BA.convert
-
 
 postWallet'
     :: (MonadIO m, MonadUnliftIO m)

lib/core-integration/src/Test/Integration/Plutus.hs

@@ -38,7 +38,7 @@ import Cardano.Wallet.Api.Types
 import Cardano.Wallet.Primitive.Types.Hash
     ( Hash (..) )
 import Cardano.Wallet.Unsafe
-    ( unsafeFromHex, unsafeRight )
+    ( unsafeFromHexText, unsafeRight )
 import Codec.Binary.Bech32.TH
     ( humanReadablePart )
 import Codec.Serialise
@@ -100,7 +100,7 @@ alwaysTrueValidator =
 
 hashScript :: Text -> ApiT (Hash "TokenPolicy")
 hashScript =
-    ApiT . Hash . blake2b224 . unsafeFromHex . ("01" <>) . T.encodeUtf8
+    ApiT . Hash . blake2b224 . unsafeFromHexText . ("01" <>)
 
 --
 -- Ping Pong
@@ -365,7 +365,7 @@ currencyTx input = Aeson.object
         , CBOR.TBool True, CBOR.TNull
         ]
     transaction_witness_set = CBOR.TMap
-        [ (c_plutus_script, CBOR.TList [ CBOR.TBytes (fromHex policy) ])
+        [ (c_plutus_script, CBOR.TList [CBOR.TBytes (unsafeFromHexText policy)])
         , (c_plutus_data, CBOR.TList [])      -- leave empty
         ]
     [c_plutus_script, c_plutus_data] = map CBOR.TInt [3,4]
@@ -395,9 +395,6 @@ currencyTx input = Aeson.object
 toHex :: BS.ByteString -> Text
 toHex = T.decodeUtf8 . Base16.encode
 
-fromHex :: Text -> BS.ByteString
-fromHex = Base16.decodeLenient . T.encodeUtf8
-
 -- | Minting policy that mints 1_000 units of "apfel" and 1 unit of "banana"
 -- when a specific UTxO is spent (which can be done only once).
 mkCurrencyPolicy :: ApiWalletInput n -> (Text, ApiT (Hash "TokenPolicy"))

lib/core-integration/src/Test/Integration/Scenario/API/Byron/Wallets.hs

@@ -26,11 +26,13 @@ import Cardano.Wallet.Api.Types
     , WalletStyle (..)
     )
 import Cardano.Wallet.Primitive.AddressDerivation
-    ( PassphraseMaxLength (..), PassphraseMinLength (..), PaymentAddress )
+    ( PaymentAddress )
 import Cardano.Wallet.Primitive.AddressDerivation.Byron
     ( ByronKey )
 import Cardano.Wallet.Primitive.AddressDerivation.Icarus
     ( IcarusKey )
+import Cardano.Wallet.Primitive.Passphrase
+    ( PassphraseMaxLength (..), PassphraseMinLength (..) )
 import Cardano.Wallet.Primitive.SyncProgress
     ( SyncProgress (..) )
 import Control.Monad
@@ -287,8 +289,8 @@ spec = describe "BYRON_WALLETS" $ do
             ]
 
     describe "BYRON_RESTORE_06 - Passphrase" $ do
-        let minLength = passphraseMinLength (Proxy @"raw")
-        let maxLength = passphraseMaxLength (Proxy @"raw")
+        let minLength = passphraseMinLength (Proxy @"user")
+        let maxLength = passphraseMaxLength (Proxy @"user")
         let matrix =
                 [ ( show minLength ++ " char long"
                   , T.pack (replicate minLength 'ź')

lib/core-integration/src/Test/Integration/Scenario/API/Shared/Wallets.hs

@@ -39,9 +39,11 @@ import Cardano.Wallet.Api.Types
 import Cardano.Wallet.Compat
     ( (^?) )
 import Cardano.Wallet.Primitive.AddressDerivation
-    ( DerivationIndex (..), Passphrase (..), Role (..) )
+    ( DerivationIndex (..), Role (..) )
 import Cardano.Wallet.Primitive.AddressDiscovery.Shared
     ( CredentialType (..) )
+import Cardano.Wallet.Primitive.Passphrase
+    ( Passphrase (..) )
 import Cardano.Wallet.Primitive.SyncProgress
     ( SyncProgress (..) )
 import Control.Monad

lib/core-integration/src/Test/Integration/Scenario/API/Shelley/Wallets.hs

@@ -33,12 +33,7 @@ import Cardano.Wallet.Api.Types
     , WalletStyle (..)
     )
 import Cardano.Wallet.Primitive.AddressDerivation
-    ( DerivationIndex (..)
-    , PassphraseMaxLength (..)
-    , PassphraseMinLength (..)
-    , PaymentAddress
-    , Role (..)
-    )
+    ( DerivationIndex (..), PaymentAddress, Role (..) )
 import Cardano.Wallet.Primitive.AddressDerivation.Byron
     ( ByronKey )
 import Cardano.Wallet.Primitive.AddressDerivation.Icarus
@@ -47,12 +42,14 @@ import Cardano.Wallet.Primitive.AddressDerivation.Shelley
     ( ShelleyKey )
 import Cardano.Wallet.Primitive.AddressDiscovery.Sequential
     ( AddressPoolGap (..) )
+import Cardano.Wallet.Primitive.Passphrase
+    ( PassphraseMaxLength (..), PassphraseMinLength (..) )
 import Cardano.Wallet.Primitive.SyncProgress
     ( SyncProgress (..) )
 import Cardano.Wallet.Primitive.Types
     ( walletNameMaxLength, walletNameMinLength )
 import Cardano.Wallet.Unsafe
-    ( unsafeFromHex, unsafeXPub )
+    ( unsafeFromHexText, unsafeXPub )
 import Control.Monad
     ( forM, forM_ )
 import Control.Monad.IO.Class
@@ -411,8 +408,8 @@ spec = describe "SHELLEY_WALLETS" $ do
             verify r [ expectResponseCode HTTP.status201 ]
 
     describe "WALLETS_CREATE_07 - Passphrase" $ do
-        let minLength = passphraseMinLength (Proxy @"raw")
-        let maxLength = passphraseMaxLength (Proxy @"raw")
+        let minLength = passphraseMinLength (Proxy @"user")
+        let maxLength = passphraseMaxLength (Proxy @"user")
         let matrix =
                 [ ( show minLength ++ " char long"
                   , T.pack (replicate minLength 'ź') )
@@ -768,8 +765,8 @@ spec = describe "SHELLEY_WALLETS" $ do
         expectField #passphrase (`shouldNotBe` originalPassUpdateDateTime) rg
 
     describe "WALLETS_UPDATE_PASS_02 - New passphrase values" $ do
-        let minLength = passphraseMinLength (Proxy @"raw")
-        let maxLength = passphraseMaxLength (Proxy @"raw")
+        let minLength = passphraseMinLength (Proxy @"user")
+        let maxLength = passphraseMaxLength (Proxy @"user")
         let matrix =
                 [ ( show minLength ++ " char long"
                   , T.pack (replicate minLength 'ź')
@@ -815,8 +812,8 @@ spec = describe "SHELLEY_WALLETS" $ do
 
     describe "WALLETS_UPDATE_PASS_03 - Can update pass from pass that's boundary\
     \ value" $ do
-        let minLength = passphraseMinLength (Proxy @"raw")
-        let maxLength = passphraseMaxLength (Proxy @"raw")
+        let minLength = passphraseMinLength (Proxy @"user")
+        let maxLength = passphraseMaxLength (Proxy @"user")
         let matrix =
                 [ ( show minLength ++ " char long"
                   , T.pack (replicate minLength 'ź') )
@@ -836,7 +833,7 @@ spec = describe "SHELLEY_WALLETS" $ do
                      "passphrase": #{oldPass}
                      } |]
             w <- unsafeResponse <$> postWallet ctx createPayload
-            let len = passphraseMaxLength (Proxy @"raw")
+            let len = passphraseMaxLength (Proxy @"user")
             let newPass = T.pack $ replicate len '💘'
             let payload = updatePassPayload oldPass newPass
             rup <- request @ApiWallet ctx
@@ -1153,7 +1150,7 @@ spec = describe "SHELLEY_WALLETS" $ do
         let sigBytes = BL.toStrict $ getFromResponse id rSig
         let sig = CC.xsignature sigBytes
         let key = unsafeXPub $ fst (getFromResponse #getApiVerificationKey rKey) <> dummyChainCode
-        let msgHash = unsafeFromHex "1228cd0fea46f9a091172829f0c492c0516dceff67de08f585a4e048a28a6c9f"
+        let msgHash = unsafeFromHexText "1228cd0fea46f9a091172829f0c492c0516dceff67de08f585a4e048a28a6c9f"
         liftIO $ CC.verify key msgHash <$> sig `shouldBe` Right True
 
         let goldenSig = "680739414d89eb9f4377192171ce3990c7beea6132a04f327d7c954ae9e7fcfe747dd7b4b9b11acefa1aa75216b837fc81e59c24001b96356ba65598ec159d0c" :: ByteString

lib/core-integration/src/Test/Integration/Scenario/CLI/Byron/Wallets.hs

@@ -15,7 +15,7 @@ import Prelude
 
 import Cardano.Wallet.Api.Types
     ( ApiByronWallet, ApiUtxoStatistics, DecodeAddress )
-import Cardano.Wallet.Primitive.AddressDerivation
+import Cardano.Wallet.Primitive.Passphrase
     ( PassphraseMaxLength (..), PassphraseMinLength (..) )
 import Cardano.Wallet.Primitive.SyncProgress
     ( SyncProgress (..) )
@@ -218,8 +218,8 @@ spec = describe "BYRON_CLI_WALLETS" $ do
         it' "ledger" (genMnemonics M24) scenarioSuccess -- ✔️
 
     describe "CLI_BYRON_RESTORE_06 - Passphrase" $ do
-        let minLength = passphraseMinLength (Proxy @"raw")
-        let maxLength = passphraseMaxLength (Proxy @"raw")
+        let minLength = passphraseMinLength (Proxy @"user")
+        let maxLength = passphraseMaxLength (Proxy @"user")
         let matrix =
                 [ ( show minLength ++ " char long"
                   , T.pack (replicate minLength 'ź')
@@ -311,8 +311,8 @@ spec = describe "BYRON_CLI_WALLETS" $ do
             T.unpack e `shouldContain` errMsg403WrongPass
 
     describe "CLI_BYRON_UPDATE_PASS_03 - Pass length incorrect" $ do
-        let minLength = passphraseMinLength (Proxy @"raw")
-        let maxLength = passphraseMaxLength (Proxy @"raw")
+        let minLength = passphraseMinLength (Proxy @"user")
+        let maxLength = passphraseMaxLength (Proxy @"user")
         let passTooShort = replicate (minLength - 1) 'o'
         let errMsgTooShort = "passphrase is too short: expected at least 10 characters"
         let passTooLong = replicate (maxLength + 1) 'o'

lib/core-integration/src/Test/Integration/Scenario/CLI/Shelley/Wallets.hs

@@ -26,10 +26,10 @@ import Cardano.Wallet.Api.Types
     , EncodeAddress (..)
     , getApiT
     )
-import Cardano.Wallet.Primitive.AddressDerivation
-    ( PassphraseMaxLength (..), PassphraseMinLength (..) )
 import Cardano.Wallet.Primitive.AddressDiscovery.Sequential
     ( AddressPoolGap (..) )
+import Cardano.Wallet.Primitive.Passphrase
+    ( PassphraseMaxLength (..), PassphraseMinLength (..) )
 import Cardano.Wallet.Primitive.SyncProgress
     ( SyncProgress (..) )
 import Cardano.Wallet.Primitive.Types
@@ -343,7 +343,7 @@ spec = describe "SHELLEY_CLI_WALLETS" $ do
                 \ words are expected."
 
     describe "WALLETS_CREATE_07 - Passphrase is valid" $ do
-        let proxy_ = Proxy @"raw"
+        let proxy_ = Proxy @"user"
         let passphraseMax = replicate (passphraseMaxLength proxy_) 'ą'
         let passBelowMax = replicate (passphraseMaxLength proxy_ - 1) 'ć'
         let passphraseMin = replicate (passphraseMinLength proxy_) 'ń'
@@ -366,7 +366,7 @@ spec = describe "SHELLEY_CLI_WALLETS" $ do
             expectCliField #passphrase (`shouldNotBe` Nothing) j
 
     describe "WALLETS_CREATE_07 - When passphrase is invalid" $ do
-        let proxy_ = Proxy @"raw"
+        let proxy_ = Proxy @"user"
         let passAboveMax = replicate (passphraseMaxLength proxy_ + 1) 'ą'
         let passBelowMin = replicate (passphraseMinLength proxy_ - 1) 'ń'
         let passMinWarn = "passphrase is too short: expected at \
@@ -540,8 +540,8 @@ spec = describe "SHELLEY_CLI_WALLETS" $ do
             expectCliField #passphrase (`shouldNotBe` initPassUpdateTime) j
 
     describe "WALLETS_UPDATE_PASS_02 - New passphrase values" $ do
-        let minLength = passphraseMinLength (Proxy @"raw")
-        let maxLength = passphraseMaxLength (Proxy @"raw")
+        let minLength = passphraseMinLength (Proxy @"user")
+        let maxLength = passphraseMaxLength (Proxy @"user")
         let matrix =
                 [ ( show minLength ++ " char long"
                   , replicate minLength 'ź'
@@ -598,8 +598,8 @@ spec = describe "SHELLEY_CLI_WALLETS" $ do
             exitCode `shouldBe` ExitFailure 1
 
     describe "WALLETS_UPDATE_PASS_03 - Old passphrase values" $ do
-        let minLength = passphraseMinLength (Proxy @"raw")
-        let maxLength = passphraseMaxLength (Proxy @"raw")
+        let minLength = passphraseMinLength (Proxy @"user")
+        let maxLength = passphraseMaxLength (Proxy @"user")
         let matrix =
                 [ ( show (minLength - 1) ++ " char long"
                   , replicate (minLength - 1) 'ź'
@@ -631,8 +631,8 @@ spec = describe "SHELLEY_CLI_WALLETS" $ do
 
     describe "WALLETS_UPDATE_PASS_03 - \
         \Can update pass from pass that's boundary value" $ do
-        let minLength = passphraseMinLength (Proxy @"raw")
-        let maxLength = passphraseMaxLength (Proxy @"raw")
+        let minLength = passphraseMinLength (Proxy @"user")
+        let maxLength = passphraseMaxLength (Proxy @"user")
         let matrix =
                 [ ( show minLength ++ " char long"
                   , replicate minLength 'ź'

lib/core/bench/db-bench.hs

@@ -84,7 +84,6 @@ import Cardano.Wallet.Primitive.AddressDerivation
     , Depth (..)
     , Index (..)
     , NetworkDiscriminant (..)
-    , Passphrase (..)
     , PaymentAddress (..)
     , PersistPrivateKey
     , WalletKey (..)
@@ -107,6 +106,8 @@ import Cardano.Wallet.Primitive.AddressDiscovery.Sequential
     )
 import Cardano.Wallet.Primitive.Model
     ( Wallet, initWallet, unsafeInitWallet )
+import Cardano.Wallet.Primitive.Passphrase
+    ( Passphrase (..) )
 import Cardano.Wallet.Primitive.Slotting
     ( TimeInterpreter, hoistTimeInterpreter, mkSingleEraInterpreter )
 import Cardano.Wallet.Primitive.Types