| Copyright | © 2018-2021 IOHK |
|---|---|
| License | Apache-2.0 |
| Safe Haskell | None |
| Language | Haskell2010 |
Cardano.Wallet.Primitive.Passphrase
Description
Hashing of wallet passwords.
Synopsis
- newtype Passphrase (purpose :: Symbol ) = Passphrase { }
-
class
PassphraseMinLength
(purpose ::
Symbol
)
where
- passphraseMinLength :: Proxy purpose -> Int
-
class
PassphraseMaxLength
(purpose ::
Symbol
)
where
- passphraseMaxLength :: Proxy purpose -> Int
- validatePassphrase :: forall purpose. ( PassphraseMaxLength purpose, PassphraseMinLength purpose) => Text -> Either String ( Passphrase purpose)
- newtype PassphraseHash = PassphraseHash { }
- data PassphraseScheme
- currentPassphraseScheme :: PassphraseScheme
- data WalletPassphraseInfo = WalletPassphraseInfo { }
- encryptPassphrase :: MonadRandom m => Passphrase "user" -> m ( PassphraseScheme , PassphraseHash )
- encryptPassphrase' :: MonadRandom m => PassphraseScheme -> Passphrase "user" -> m PassphraseHash
- checkPassphrase :: PassphraseScheme -> Passphrase "user" -> PassphraseHash -> Either ErrWrongPassphrase ()
- preparePassphrase :: PassphraseScheme -> Passphrase "user" -> Passphrase "encryption"
- changePassphraseXPrv :: ( PassphraseScheme , Passphrase "user") -> ( PassphraseScheme , Passphrase "user") -> XPrv -> XPrv
- checkAndChangePassphraseXPrv :: MonadRandom m => (( PassphraseScheme , PassphraseHash ), Passphrase "user") -> Passphrase "user" -> XPrv -> m ( Either ErrWrongPassphrase (( PassphraseScheme , PassphraseHash ), XPrv ))
- data ErrWrongPassphrase
Passphrases from the user
newtype Passphrase (purpose :: Symbol ) Source #
An encapsulated passphrase. The inner format is free, but the wrapper helps readability in function signatures.
Some type parameters in use are:
-
"user"- a passphrase entered by the user through the API. TheFromTextinstance enforces password length rules. -
"lenient"- like"user", except without a minimum length restriction inFromText.` -
"encryption"- the user's passphrase, transformed so that it can be used as the key for encrypting wallet keys. -
"salt"- the random salt part of a hashed passphrase.
Constructors
| Passphrase | |
|
Fields |
|
Instances
| Eq ( Passphrase purpose) Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods (==) :: Passphrase purpose -> Passphrase purpose -> Bool Source # (/=) :: Passphrase purpose -> Passphrase purpose -> Bool Source # |
|
| Show ( Passphrase purpose) Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types |
|
| Semigroup ( Passphrase purpose) Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods (<>) :: Passphrase purpose -> Passphrase purpose -> Passphrase purpose Source # sconcat :: NonEmpty ( Passphrase purpose) -> Passphrase purpose Source # stimes :: Integral b => b -> Passphrase purpose -> Passphrase purpose Source # |
|
| Monoid ( Passphrase purpose) Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods mempty :: Passphrase purpose Source # mappend :: Passphrase purpose -> Passphrase purpose -> Passphrase purpose Source # mconcat :: [ Passphrase purpose] -> Passphrase purpose Source # |
|
| NFData ( Passphrase purpose) Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods rnf :: Passphrase purpose -> () Source # |
|
| ToJSON ( ApiT ( Passphrase purpose)) Source # | |
|
Defined in Cardano.Wallet.Api.Types Methods toJSON :: ApiT ( Passphrase purpose) -> Value Source # toEncoding :: ApiT ( Passphrase purpose) -> Encoding Source # toJSONList :: [ ApiT ( Passphrase purpose)] -> Value Source # toEncodingList :: [ ApiT ( Passphrase purpose)] -> Encoding Source # |
|
| ( PassphraseMaxLength purpose, PassphraseMinLength purpose) => FromJSON ( ApiT ( Passphrase purpose)) Source # | |
|
Defined in Cardano.Wallet.Api.Types Methods parseJSON :: Value -> Parser ( ApiT ( Passphrase purpose)) Source # parseJSONList :: Value -> Parser [ ApiT ( Passphrase purpose)] Source # |
|
| ByteArrayAccess ( Passphrase purpose) Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods length :: Passphrase purpose -> Int Source # withByteArray :: Passphrase purpose -> ( Ptr p -> IO a) -> IO a Source # copyByteArrayToPtr :: Passphrase purpose -> Ptr p -> IO () Source # |
|
| ToText ( Passphrase purpose) Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods toText :: Passphrase purpose -> Text Source # |
|
| ( PassphraseMaxLength purpose, PassphraseMinLength purpose) => FromText ( Passphrase purpose) Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods fromText :: Text -> Either TextDecodingError ( Passphrase purpose) Source # |
|
| MonadRandom ((->) ( Passphrase "salt") :: Type -> Type ) Source # |
Little trick to be able to provide our own "random" salt in order to
deterministically re-compute a passphrase hash from a known salt. Note that,
this boils down to giving an extra argument to the
encryptPassphrase :: MonadRandom m => Passphrase purpose -> m (Hash purpose) ~ encryptPassphrase :: Passphrase purpose -> Passphrase "salt" -> m (Hash purpose)
|
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods getRandomBytes :: ByteArray byteArray => Int -> Passphrase "salt" -> byteArray Source # |
|
class PassphraseMinLength (purpose :: Symbol ) where Source #
Methods
passphraseMinLength :: Proxy purpose -> Int Source #
Minimal Length for a passphrase, for lack of better validations
Instances
| PassphraseMinLength "lenient" Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods passphraseMinLength :: Proxy "lenient" -> Int Source # |
|
| PassphraseMinLength "user" Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods passphraseMinLength :: Proxy "user" -> Int Source # |
|
class PassphraseMaxLength (purpose :: Symbol ) where Source #
Instances
| PassphraseMaxLength "lenient" Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods passphraseMaxLength :: Proxy "lenient" -> Int Source # |
|
| PassphraseMaxLength "user" Source # | |
|
Defined in Cardano.Wallet.Primitive.Passphrase.Types Methods passphraseMaxLength :: Proxy "user" -> Int Source # |
|
validatePassphrase :: forall purpose. ( PassphraseMaxLength purpose, PassphraseMinLength purpose) => Text -> Either String ( Passphrase purpose) Source #
Wallet passphrases stored as hashes
newtype PassphraseHash Source #
Constructors
| PassphraseHash | |
|
Fields |
|
Instances
data PassphraseScheme Source #
A type to capture which encryption scheme should be used
Constructors
| EncryptWithScrypt |
Legacy encryption scheme for passphrases |
| EncryptWithPBKDF2 |
Encryption scheme used since cardano-wallet |
Instances
data WalletPassphraseInfo Source #
Constructors
| WalletPassphraseInfo | |
|
Fields |
|
Instances
Operations
encryptPassphrase :: MonadRandom m => Passphrase "user" -> m ( PassphraseScheme , PassphraseHash ) Source #
Hashes a
Passphrase
into a format that is suitable for storing on
disk. It will always use the current scheme: pbkdf2-hmac-sha512.
encryptPassphrase' :: MonadRandom m => PassphraseScheme -> Passphrase "user" -> m PassphraseHash Source #
checkPassphrase :: PassphraseScheme -> Passphrase "user" -> PassphraseHash -> Either ErrWrongPassphrase () Source #
Check whether a
Passphrase
matches with a stored
Hash
preparePassphrase :: PassphraseScheme -> Passphrase "user" -> Passphrase "encryption" Source #
Manipulation done on legacy passphrases before used for encryption.
Arguments
| :: ( PassphraseScheme , Passphrase "user") |
Old passphrase |
| -> ( PassphraseScheme , Passphrase "user") |
New passphrase |
| -> XPrv |
Key to re-encrypt |
| -> XPrv |
Re-encrypts a wallet private key with a new passphrase.
- *Important**: This function doesn't check that the old passphrase is correct! Caller is expected to have already checked that. Using an incorrect passphrase here will lead to very bad thing.
checkAndChangePassphraseXPrv Source #
Arguments
| :: MonadRandom m | |
| => (( PassphraseScheme , PassphraseHash ), Passphrase "user") |
Old passphrase |
| -> Passphrase "user" |
New passphrase |
| -> XPrv |
Key to re-encrypt |
| -> m ( Either ErrWrongPassphrase (( PassphraseScheme , PassphraseHash ), XPrv )) |
Re-encrypts a wallet private key with a new passphrase.
data ErrWrongPassphrase Source #
Indicate a failure when checking for a given
Passphrase
match