Send encrypted secret on metadata #2853
Conversation
andrevmatos
added
enhancement
Codecov Report
@@ Coverage Diff @@
## master #2853 +/- ##
==========================================
+ Coverage 93.59% 93.69% +0.10%
==========================================
Files 110 110
Lines 6071 6110 +39
Branches 1100 1107 +7
==========================================
+ Hits 5682 5725 +43
+ Misses 334 329 -5
- Partials 55 56 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
andrevmatos
force-pushed
the
feature/secret
branch
6 times, most recently
from
8ef40d2 to
3dfb227
Compare
andrevmatos
force-pushed
the
feature/secret
branch
4 times, most recently
from
7448d38 to
257bc3f
Compare
|
Rebased and squashed the last commit about |
| return metadata; | ||
| else if (metadata) log?.warn('Invalid address metadata', { address, metadata }); | ||
| ): [metadata: AddressMetadata, pubkey: PublicKey] | undefined { | ||
| if (!metadata) return; |
There was a problem hiding this comment.
Before we were logging a warning here, is this intended?
There was a problem hiding this comment.
I don't think anything was logged if !metadata. The log call was only issued if metadata existed, so in the spirit of the happy case to the left, I check the undefined case early and just skip in that case.
| ) | ||
| .toPromise(); | ||
| this.store.dispatch( | ||
| transfer.request( |
There was a problem hiding this comment.
Wouldn't it be nicer to have a new action for this, instead of adding this resolved parameter? Something like resolveTransfer.
There was a problem hiding this comment.
I thought about it, but decided for the resolved tagged union because the whole metadata and most of the payload would overlap, and I'm not sure it's worth it to create a mostly similar copy of this action in order to split those. But I don't have hard feelings for it, it was mostly about code deduplication, but if you think it'd be better to have the copy, I can do it.
They're needed for encrypted secret handling and public key calculation.
since sending encrypted secrets use only target's pubkey, it doesn't require our private key, so it can be enabled by default. target will of course only be able to act on it if they've the private key available (e.g. ether's Wallet, as default in CLI and with Raiden key)
utils's `dispatchRequestAndGetResponse` now accepts an array of AACs, and will generic on the `request` to allow multiple types to be sent in a single instantiation.
Needed in order to encrypt secrets to given peer
'transfer' method was getting too much logic. This makes the `transfer.request` action contain some intersection to tagged unions (resolved: boolean) which chooses into 2 modes: the resolved=false is handled by the new `transferRequestResolveEpic` and will call e.g. pathFind.request (previously done in `Raiden.transfer`) and after resolving everything needed, will emit `transfer.request` again with resolved=true. This allows the API's transfer.request to be way simpler. Also, `expiration` is moved to the `locked` epic, so it's more precisely calculated when the resolved action is handled.
and decode it if we can. decoding is always attempted in the receiving side. partner support is checked against `caps.immutableMetadata`, and we always attempt to send it to any target regardless of their capabilities. If they don't support it, they'll just ignore it.
Initiator never tries to call over RTC, and instead just whitelist target's. target then is to decide whether to call initiator, and does it only if 'secret' is not in transfer.metadata, meaning we'll need to ask them for it.
Just minor typing and coding usage, no logic change.
andrevmatos
force-pushed
the
feature/secret
branch
from
257bc3f to
3a023c0
Compare
This helps unify code which validates metadata and create a presence update from it.
andrevmatos
force-pushed
the
feature/secret
branch
from
3a023c0 to
d6c4206
Compare
Fixes #2730
Based on top of #2766
Implements raiden-network/spec#344
Short description
This PR uses
immutableMetadata(base PR) to send a new property in metadata:metadata.secretwhich is an hex-string containing the the secret object encrypted with target's public key using ECIES. The decrypted object has the format{ secret: HexString<32>; amount: UInt<32>; payment_identifier: UInt<8> }. The target can then decrypt it with its private key (only when available, e.g.Wallet), validate the received amount is larger than or equal the expected amount andpaymentIdmatches.There's no capability for this. It's added/kept only if next hop/partner supports
immutableMetadata, and targets which don't want, can't use it or validation fail will just fallback to requesting the secret as usual, so this is fully backwards compatible.Definition of Done
Steps to manually test the change (dApp)
SecretRequest/Revealmessage exchange between initiator and target