Functions, Methods, and Data Structures
Data Structures
The essential parameters required for chacha20poly1305flow are defined in the following data structure:
EncryptedParams
A data structure that is visible to all network participants and can be transmitted over non-secure channels
EncryptedPayload
Data meant to be encrypted and stored in the payload field of EncryptedParams
Custom Contract Message
Your contract must define an endpoint where a user can pass all the required fields of the EncryptedParams. E.g:
If you want to define a custom message, rename the fields, or add additional fields, there is a helpful trait WithEncryption that you can implement. It simply tells the compiler how to extract the essential parameters from your custom message and turn it into EncryptedParams
Implementing the trait for your message will allow you to use other useful methods of the SDK (like handle_encrypted_wrapper) that significantly simplify the development experience.
Example of the implementation for the ExecuteMsg is as follows:
Extending existing data structures
The SDK has multiple data structures that already implement WithEncryption trait and also use the template engine of Rust to make them easily extendable. Take for example the following message:
You can define a new message that extends the GatewayExecuteMsg by simply providing a new type for the Extension instead of the default Option<Empty> like this:
Your extended type in this case is available under MyGatewayExecuteMsg::Extension variant and you can use it in your contract like this:
Functions and methods
handle_encrypted_wrapper
The encryption logic, handle_encrypted_wrapper, is where the encryption magic happens ⭐
You can review the function in the SDK . It has the following functionality:
Check if Message is Encrypted:
If the message is encrypted (msg.is_encrypted()), it proceeds with decryption.
Extract Encryption Parameters:
uses chacha20poly1305 algorithm
Constructs a CosmosCredential from the decrypted data.
Inserts the nonce into storage to mark it as used.
Verifies the sender using the verify_arbitrary function with the credential.
Deserialize Inner Message:
Converts the decrypted payload into the original message type E.
Ensures the decrypted message is not encrypted (nested encryption is not allowed).
Return Decrypted Message and Updated Info:
Returns the decrypted message and updated MessageInfo with the verified sender.
chacha20poly1305_decrypt
The following function uses the following types for as the input parameters:
Various authentication utilities
To verify a message that was was signed through a method cosmos arbitrary (036) message format, you can use the following function:
The method takes in a CosmosCredential struct as an argument which is a a helpful wrapper over essential required fields required for the verification:
Both CosmosCredential and EncryptedParams can be used with String or base64 encoded Binary types
To generate a preamble message for the cosmos arbitrary (036) message format, you can use the following utility function:
The function uses a hardcoded JSON string with all the required keys present and sorted.