From c42044d1a5aad92c65510ff50778b30bc44612e8 Mon Sep 17 00:00:00 2001 From: Pawel Jakubas Date: Thu, 9 Nov 2023 16:02:13 +0100 Subject: [PATCH] improvments --- .../Cardano/Wallet/Api/Http/Shelley/Server.hs | 4 +- .../api/http/Cardano/Wallet/Api/Types.hs | 2 +- specifications/api/metadata-encrypt.md | 53 ++++++++++++++++++- 3 files changed, 55 insertions(+), 4 deletions(-) diff --git a/lib/wallet/api/http/Cardano/Wallet/Api/Http/Shelley/Server.hs b/lib/wallet/api/http/Cardano/Wallet/Api/Http/Shelley/Server.hs index 559847d9c86..e2dc557e97f 100644 --- a/lib/wallet/api/http/Cardano/Wallet/Api/Http/Shelley/Server.hs +++ b/lib/wallet/api/http/Cardano/Wallet/Api/Http/Shelley/Server.hs @@ -3291,7 +3291,7 @@ decodeSharedTransaction -> ApiDecodeTransactionPostData -> Handler (ApiDecodedTransaction n) decodeSharedTransaction ctx (ApiT wid) postData = do - let (ApiDecodeTransactionPostData (ApiT sealed) decryptMetadata ) = postData + let ApiDecodeTransactionPostData (ApiT sealed) decryptMetadata = postData when (isJust decryptMetadata) $ error "not implemented" era <- liftIO $ NW.currentNodeEra nl (txinsOutsPaths, collateralInsOutsPaths, outsPath, pp, certs, txId, fee @@ -3456,7 +3456,7 @@ decodeTransaction -> Handler (ApiDecodedTransaction n) decodeTransaction ctx@ApiLayer{..} (ApiT wid) postData = do - let (ApiDecodeTransactionPostData (ApiT sealed) decryptMetadata ) = postData + let ApiDecodeTransactionPostData (ApiT sealed) decryptMetadata = postData when (isJust decryptMetadata) $ error "not implemented" era <- liftIO $ NW.currentNodeEra netLayer withWorkerCtx ctx wid liftE liftE $ \wrk -> do diff --git a/lib/wallet/api/http/Cardano/Wallet/Api/Types.hs b/lib/wallet/api/http/Cardano/Wallet/Api/Types.hs index e59620fd935..691b389fdb1 100644 --- a/lib/wallet/api/http/Cardano/Wallet/Api/Types.hs +++ b/lib/wallet/api/http/Cardano/Wallet/Api/Types.hs @@ -1203,7 +1203,7 @@ data ApiMultiDelegationAction deriving anyclass NFData newtype ApiEncryptMetadata = ApiEncryptMetadata - { passphrase :: (ApiT (Passphrase "lenient")) } + { passphrase :: ApiT (Passphrase "lenient") } deriving (Eq, Generic, Show) deriving (FromJSON, ToJSON) via DefaultRecord ApiEncryptMetadata deriving anyclass NFData diff --git a/specifications/api/metadata-encrypt.md b/specifications/api/metadata-encrypt.md index 6ec89663fba..b2c28530b21 100644 --- a/specifications/api/metadata-encrypt.md +++ b/specifications/api/metadata-encrypt.md @@ -8,7 +8,7 @@ In addition "Transactions New > Decode" HTTP endpoint is described in the contex Encryption of metadata is optional and when chosen the metadata in transaction is to be encrypted via AEAD scheme using ChaCha20 and Poly1305 (see [RFC 7539][ref]). PBKDF2 password stretching is used to get a 32-byte symmetric key that is required for the adopted encryption algorithm. In detail, PBKDF2 encryption uses HMAC with the hash algorithm SHA512. -As a consequence the encrypted metadata, rather than raw, is going to be stored in blockchain. +As a consequence the encrypted metadata, not its raw version, is going to be stored in blockchain. [ref]: https://datatracker.ietf.org/doc/html/rfc7539 @@ -48,6 +48,57 @@ Specifically: Metadata encryption can be used for shared wallet style when calling `/shared-wallets/{walletId}/transactions-construct` endpoint with the same `POST` payload. + Example: + ``` + { + ... + "encrypt_metadata": + { "passphrase": "metadata-secret" + }, + "metadata": {"1":"hello"} + ... + } + ``` + will return + ``` + { + ... + "metadata": {"0":"0x0aa4f9a016215f71ef007b60601708dec0d10b4ade6071b387295f95b4"} + ... + } + ``` + + Example: + ``` + { + ... + "encrypt_metadata": + { "passphrase": "metadata-secret" + }, + "metadata": + { "1": "Hard times create strong men." + , "2": "Strong men create good times." + , "3": "Good times create weak men." + , "4": "And, weak men create hard times." + } + ... + } + ``` + will return + ``` + { + ... + "metadata": + { "0": "0x0aa4f9a016217f75f10834367493f6d7e74197417ca25c7615cae02bc345382906fb6990daf8f138b2d9192e057d0d0b555f9d5fb287abb1842928c90f26e597" + , "1": "0x559ee85f00f1588b3ee32e81dc4c84aee208a10c1eec97fffe6e0e66c69d4e0b1e3e22d7edc1618df3b20b484527d86bc3bebad4295a2ad888d034b5fec38077" + , "2": "0x8d42154f681230124c64630ea68b841aec22f0530ec830cb662d59ef423ef23d7ff3" + } + ... + } + ``` + as metadata values have 64-byte limit. In that case the encrypted metadata is encoded in the successive bytes. + + ## Metadata decryption 2. Decoding transaction with encrypted metadata is possible by using the same passphrase as upon encryption in `encrypt_metadata` field. It is realized by calling `POST` on `/wallets/{walletId}/transactions-decode` endpoint with `POST` data: