Encrypt metadata impl #4204
Encrypt metadata impl #4204
Conversation
paweljakubas
force-pushed
the
paweljakubas/adp-322/encrypt-metadata-impl
branch
2 times, most recently
from
367e64b to
c412cf1
Compare
paweljakubas
requested review from
HeinrichApfelmus,
jonathanknowles,
Anviking,
Unisay and
paolino
paweljakubas
force-pushed
the
paweljakubas/adp-322/encrypt-metadata-impl
branch
4 times, most recently
from
ad14d04 to
c3a2d7f
Compare
| :: ByteString | ||
| -- ^ Symmetric key / passphrase, 32-byte long | ||
| -> ByteString | ||
| -- ^ Nonce, 12-byte long | ||
| -> ByteString | ||
| -- ^ Payload to be encrypted |
There was a problem hiding this comment.
I suggest to use newtypes or Tagged to distinguish parameters on the type level.
| -- | The caller must ensure that the passphrase length is 32 bytes and | ||
| -- | nonce is 12 bytes | ||
| encryptPayload | ||
| :: ByteString |
There was a problem hiding this comment.
Consider using https://hackage.haskell.org/package/memory-0.18.0/docs/Data-ByteArray.html#t:ScrubbedBytes to store sensitive bytes?
| unsafeSerialize = | ||
| CBOR.toStrictByteString . CBOR.encodeBytes . useInvariant | ||
| -- Encryption fails if the key is the wrong size, but that won't happen | ||
| -- if the key was created with 'toSymmetricKey'. |
There was a problem hiding this comment.
Another upside of using newtypes is that you can enforce this invariant avoiding partiality.
| toSymmetricKey | ||
| :: ByteString | ||
| -> ByteString |
There was a problem hiding this comment.
| toSymmetricKey | |
| :: ByteString | |
| -> ByteString | |
| toSymmetricKey :: ByteString -> ByteString |
| :: ByteString | ||
| -> ByteString | ||
| toSymmetricKey rawKey = | ||
| PBKDF2.generate |
There was a problem hiding this comment.
Argon2 was specifically crafted to fix the inherent flaws of compute bounded key derivation functions like pbkdf2. With pbkdf2, you can double your iterations, which will double the time you have to wait to unlock your vault, but also double the time an attacker will take to crack your password (if they have your masterpasswordhash). In contrast to this, argon2 is not just compute-bounded but also memory bounded. This means that - for the same unlock time for you - password cracking will be significantly slower for an attacker attempting to crack your password on a GPU or ASIC, because an attacker cannot run as many instances of argon2 in parallel on a GPU, as they could with PBKDF2 due to memory limitations. This means that for the same unlock time for the user, password cracking becomes orders of magnitude slower compared to pbkdf2.
OWASP recommends Argon2
| (PBKDF2.prfHMAC SHA512) | ||
| (PBKDF2.Parameters 500 32) | ||
| rawKey | ||
| ("metadata-encryption" :: ByteString) |
There was a problem hiding this comment.
What is the point of this bytestring?
| @@ -3013,6 +3028,90 @@ constructTransaction api argGenChange knownPools poolStatus apiWalletId body = d | |||
| . Map.toList | |||
| . foldr (uncurry (Map.insertWith (<>))) Map.empty | |||
|
|
|||
| encryptionNonce :: ByteString | |||
| encryptionNonce = "encrypt-data" | |||
| toMetadata = | ||
| Cardano.TxMetadata . | ||
| Map.fromList . | ||
| zipWith (,) [0..] . |
There was a problem hiding this comment.
| zipWith (,) [0..] . | |
| zip [0..] . |
| @@ -3330,3 +3357,143 @@ spec = describe "SHARED_TRANSACTIONS" $ do | |||
| (#balance . #available . #getQuantity) | |||
| (`shouldBe` amt) | |||
| ] | |||
|
|
|||
| checkMetadataEncrytion | |||
There was a problem hiding this comment.
Typo:
| checkMetadataEncrytion | |
| checkMetadataEncryption |
| @@ -50,7 +50,7 @@ data TxMetadataWithSchema = TxMetadataWithSchema | |||
| { -- | How to codec the metadata into json | |||
| txMetadataWithSchema_schema :: TxMetadataSchema | |||
| , -- | The metadata | |||
| txMetadataWithSchema_metadata :: TxMetadata | |||
| txMetadataWithSchema_metadata :: TxMetadata | |||
There was a problem hiding this comment.
| txMetadataWithSchema_metadata :: TxMetadata | |
| txMetadataWithSchema_metadata :: TxMetadata |
| toMetadataEncryptedKey apiEncrypt = | ||
| toSymmetricKey (BA.convert $ unPassphrase passphrase) | ||
| where | ||
| (ApiEncryptMetadata (ApiT passphrase)) = apiEncrypt |
There was a problem hiding this comment.
| (ApiEncryptMetadata (ApiT passphrase)) = apiEncrypt | |
| ApiEncryptMetadata (ApiT passphrase) = apiEncrypt |
| toMetadataEncrypted | ||
| :: ApiEncryptMetadata | ||
| -> TxMetadataWithSchema | ||
| -> Cardano.TxMetadata |
There was a problem hiding this comment.
Metadata encryption is not a HTTP API concern, and therefore shouldn't be placed in the lib/wallet/api/http/**.
paweljakubas
force-pushed
the
paweljakubas/adp-322/encrypt-metadata-impl
branch
2 times, most recently
from
936a644 to
a212ebe
Compare
paweljakubas
force-pushed
the
paweljakubas/adp-322/encrypt-metadata-impl
branch
3 times, most recently
from
73a474f to
e752ce8
Compare
paweljakubas
force-pushed
the
paweljakubas/adp-322/encrypt-metadata-impl
branch
from
e6887f4 to
4223ba6
Compare
|
closing in favor of #4667 |
Comments
spec and api defined in #4176
Issue Number
adp-322