integration test decrypt plus fix

cardano-foundation · Nov 8, 2023 · 367e64b · 367e64b
1 parent f3860ef
commit 367e64b
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 10 deletions.
diff --git a/lib/crypto-primitives/src/Crypto/Encryption/ChaChaPoly1305.hs b/lib/crypto-primitives/src/Crypto/Encryption/ChaChaPoly1305.hs
@@ -33,7 +33,6 @@ import qualified Crypto.KDF.PBKDF2 as PBKDF2
 import qualified Data.ByteArray as BA
 import qualified Data.ByteString as BS
 
-
 -- | ChaCha20/Poly1305 encrypting the payload with passphrase and nonce.
 -- | The caller must ensure that the passphrase length is 32 bytes and
 -- | nonce is 12 bytes
@@ -45,7 +44,7 @@ encryptPayload
     -> ByteString
         -- ^ Payload to be encrypted
     -> ByteString
-        -- ^ Ciphertext with a 128-bit crypto-tag appended.
+        -- ^ Ciphertext with a 16-byte crypto-tag appended.
 encryptPayload passphrase nonce payload = unsafeSerialize $ do
     nonced <- Poly.nonce12 nonce
     st1 <- Poly.finalizeAAD <$> Poly.initialize passphrase nonced
@@ -56,7 +55,7 @@ encryptPayload passphrase nonce payload = unsafeSerialize $ do
     unsafeSerialize =
         CBOR.toStrictByteString . CBOR.encodeBytes . useInvariant
     -- Encryption fails if the key is the wrong size, but that won't happen
-    -- if the key was created with 'xxx'.
+    -- if the key was created with 'toSymmetricKey'.
     useInvariant = \case
         CryptoPassed res -> res
         CryptoFailed err -> error $ "encryptPayload: " ++ show err

diff --git a/lib/wallet/api/http/Cardano/Wallet/Api/Http/Shelley/Server.hs b/lib/wallet/api/http/Cardano/Wallet/Api/Http/Shelley/Server.hs
@@ -3016,6 +3016,9 @@ constructTransaction api argGenChange knownPools poolStatus apiWalletId body = d
             . Map.toList
             . foldr (uncurry (Map.insertWith (<>))) Map.empty
 
+encryptionNonce :: ByteString
+encryptionNonce = "encrypt-data"
+
 -- When encryption is enabled we do the following:
 -- (a) toJSON on metadata,
 -- (b) encrypt it
@@ -3034,8 +3037,8 @@ toMetadataEncrypted apiEncrypt =
   where
     toBytes = BL.toStrict . Aeson.encode
 
-    nonce = "encrypt-data"
-    encrypt = encryptPayload (toMetadataEncryptedKey apiEncrypt) nonce
+    encrypt = BS.drop 2 .
+        encryptPayload (toMetadataEncryptedKey apiEncrypt) encryptionNonce
 
     toChunks bs res =
         if bs == BS.empty then
@@ -3089,9 +3092,8 @@ fromMetadataEncrypted apiEncrypt metadata =
         else
             Right $ Map.foldl BS.append BS.empty $ Map.map extractBytes themap
 
-    nonce = "encrypt-data"
     decrypt payload =
-        case decryptPayload (toMetadataEncryptedKey apiEncrypt) nonce payload of
+        case decryptPayload (toMetadataEncryptedKey apiEncrypt) encryptionNonce payload of
             CryptoPassed res -> Right res
             CryptoFailed err -> Left $ ErrDecodeTxDecryptMetadata err
 

diff --git a/lib/wallet/api/http/Cardano/Wallet/Api/Types/SchemaMetadata.hs b/lib/wallet/api/http/Cardano/Wallet/Api/Types/SchemaMetadata.hs
@@ -50,7 +50,7 @@ data TxMetadataWithSchema = TxMetadataWithSchema
     { -- | How to codec the metadata into json
         txMetadataWithSchema_schema :: TxMetadataSchema
     , -- | The metadata
-        txMetadataWithSchema_metadata :: TxMetadata
+         txMetadataWithSchema_metadata :: TxMetadata
     }
     deriving (Show, Eq, Generic, NFData)
 

diff --git a/lib/wallet/integration/src/Test/Integration/Scenario/API/Shelley/TransactionsNew.hs b/lib/wallet/integration/src/Test/Integration/Scenario/API/Shelley/TransactionsNew.hs
@@ -519,9 +519,9 @@ spec = describe "NEW_SHELLEY_TRANSACTIONS" $ do
         \ctx -> runResourceT $ do
 
         wa <- fixtureWallet ctx
+        let metadataRaw = TxMetadata (Map.fromList [(1,TxMetaText "hello")])
         let metadataToBeEncrypted =
-                TxMetadataWithSchema TxMetadataNoSchema $
-                TxMetadata (Map.fromList [(1,TxMetaText "hello")])
+                TxMetadataWithSchema TxMetadataNoSchema metadataRaw
         let encryptMetadata =
                 ApiEncryptMetadata $ ApiT $ Passphrase "metadata-secret"
         let payload = Json [json|{
@@ -542,6 +542,36 @@ spec = describe "NEW_SHELLEY_TRANSACTIONS" $ do
             , expectField (#fee . #getQuantity) (`shouldSatisfy` (>0))
             ]
 
+        let ApiSerialisedTransaction apiTx _ = getFromResponse #transaction rTx
+        signedTx <- signTx ctx wa apiTx [ expectResponseCode HTTP.status202 ]
+        submittedTx <- submitTxWithWid ctx wa signedTx
+        verify submittedTx
+            [ expectSuccess
+            , expectResponseCode HTTP.status202
+            ]
+
+        let decodePayloadEncrypted = Json (toJSON signedTx)
+        let expMetadataEncrypted = ApiT expEncryptedMetadata
+        rDecodedTxEncrypted <- request @(ApiDecodedTransaction n) ctx
+            (Link.decodeTransaction @'Shelley wa) Default decodePayloadEncrypted
+        verify rDecodedTxEncrypted
+            [ expectResponseCode HTTP.status202
+            , expectField #metadata
+                (`shouldBe` (ApiTxMetadata (Just expMetadataEncrypted)))
+            ]
+
+        let decodePayloadDecrypted = Json [json|{
+                "decrypt_metadata": #{toJSON encryptMetadata},
+                "transaction": #{serialisedTxSealed signedTx}
+            }|]
+        rDecodedTxDecrypted <- request @(ApiDecodedTransaction n) ctx
+            (Link.decodeTransaction @'Shelley wa) Default decodePayloadDecrypted
+        verify rDecodedTxDecrypted
+            [ expectResponseCode HTTP.status202
+            , expectField #metadata
+                (`shouldBe` (ApiTxMetadata (Just (ApiT metadataRaw))))
+            ]
+
     it "TRANS_NEW_CREATE_03a - Withdrawal from self, 0 rewards" $ \ctx -> runResourceT $ do
         wa <- fixtureWallet ctx
         let initialBalance = wa ^. #balance . #available . #getQuantity