From 82eeaffc282648a8a7e558d01131f8b9608fc3fe Mon Sep 17 00:00:00 2001
From: Heinrich Apfelmus <apfelmus@quantentunnel.de>
Date: Tue, 13 Feb 2024 17:12:05 +0100
Subject: [PATCH] Switch to verification for `EncryptWithScrypt` using
 `cryptonite`

---
 .../src/Cardano/Wallet/Primitive/Passphrase.hs  |  8 ++++----
 .../Wallet/Primitive/Passphrase/Legacy.hs       | 17 ++++++-----------
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/lib/secrets/src/Cardano/Wallet/Primitive/Passphrase.hs b/lib/secrets/src/Cardano/Wallet/Primitive/Passphrase.hs
index 112de67d394..2276b426df6 100644
--- a/lib/secrets/src/Cardano/Wallet/Primitive/Passphrase.hs
+++ b/lib/secrets/src/Cardano/Wallet/Primitive/Passphrase.hs
@@ -74,10 +74,10 @@ checkPassphrase
     -> Either ErrWrongPassphrase ()
 checkPassphrase scheme received stored = case scheme of
     EncryptWithPBKDF2 -> PBKDF2.checkPassphrase prepared stored
-    EncryptWithScrypt -> case Scrypt.checkPassphrase prepared stored of
-        Just True -> Right ()
-        Just False -> Left ErrWrongPassphrase
-        Nothing -> Left (ErrPassphraseSchemeUnsupported scheme)
+    EncryptWithScrypt ->
+        if Scrypt.checkPassphrase prepared stored
+        then Right ()
+        else Left ErrWrongPassphrase
   where
     prepared = preparePassphrase scheme received
 
diff --git a/lib/secrets/src/Cardano/Wallet/Primitive/Passphrase/Legacy.hs b/lib/secrets/src/Cardano/Wallet/Primitive/Passphrase/Legacy.hs
index 110d8110324..029a8959127 100644
--- a/lib/secrets/src/Cardano/Wallet/Primitive/Passphrase/Legacy.hs
+++ b/lib/secrets/src/Cardano/Wallet/Primitive/Passphrase/Legacy.hs
@@ -94,13 +94,13 @@ In order to ensure that the new package produces the same result as the
 old one, we proceed as follows:
 
     * in production:
-        * use `scrypt` package if available
-        * use `cryptonite` on `aarch64-darwin`
+        * use `cryptonite`
     * in testing:
         * generate random passphrases,
-            encrypted with `scrypt` package if available.
+            encrypted with `scrypt` package if available
         * check that these encrypted passphrases
-            are verified correctly with the `cryptonite` package
+            * are verified correctly with the `cryptonite` package
+            * are verified correctly with the `scrypt` package
 
 These tests ensure that the code using `cryptonite` can verify
 hashed passphrases that were created with `scrypt`.
@@ -112,13 +112,8 @@ hashed passphrases that were created with `scrypt`.
 ------------------------------------------------------------------------------}
 -- | Verify a wallet spending password using the legacy Byron scrypt encryption
 -- scheme.
-checkPassphrase :: Passphrase "encryption" -> PassphraseHash -> Maybe Bool
-#if HAVE_SCRYPT
-checkPassphrase pwd stored = Just $ checkPassphraseScrypt pwd stored
-#else
--- Stub function for when compiled without @scrypt@.
-checkPassphrase _ _ = Nothing
-#endif
+checkPassphrase :: Passphrase "encryption" -> PassphraseHash -> Bool
+checkPassphrase = checkPassphraseCryptonite
 
 -- | Encrypt a wallet spending password using
 -- the legacy Byron scrypt encryption scheme.