From ff99a7b7025956d1374736bb5a19cc8bdc8cd232 Mon Sep 17 00:00:00 2001 From: Daniel Rutz Date: Sat, 3 Feb 2018 14:44:13 +0100 Subject: [PATCH 1/8] Cryptohash is deprecated. Use Cryptonite instead. P.S. Probably my first real line of Haskell. Don't be that harsh to me if it is bad style. --- Flatr-App-Core.cabal | 3 ++- app/Util.hs | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Flatr-App-Core.cabal b/Flatr-App-Core.cabal index c0dc931..2d6c76e 100644 --- a/Flatr-App-Core.cabal +++ b/Flatr-App-Core.cabal @@ -36,7 +36,8 @@ executable Flatr-App-Core-exe , word8 , bytestring , base16-bytestring >=0.1 - , cryptohash >=0.11 + , cryptonite >=0.24 + , memory default-language: Haskell2010 source-repository head diff --git a/app/Util.hs b/app/Util.hs index c5854b5..291ce8f 100644 --- a/app/Util.hs +++ b/app/Util.hs @@ -9,8 +9,9 @@ module Util where import Control.Arrow import Control.Monad.IO.Class import Control.Monad.Logger (LoggingT, runStdoutLoggingT) -import qualified Crypto.Hash.SHA512 as SHA +import Crypto.Hash import Data.Aeson hiding (json) +import qualified Data.ByteArray as BA import qualified Data.ByteString as BS import qualified Data.ByteString.Base16 as B16 import qualified Data.Text as T @@ -42,7 +43,7 @@ decodeHex = fst . B16.decode . E.encodeUtf8 hashPassword :: T.Text -> BS.ByteString -> T.Text hashPassword password salt = - makeHex . SHA.finalize $ SHA.updates SHA.init [salt, E.encodeUtf8 password] + makeHex $ BA.convert . hashFinalize $ hashUpdates (hashInitWith SHA512) [salt, E.encodeUtf8 password] runSQL :: (HasSpock m, SpockConn m ~ SqlBackend) From 6fbf06e8a3c0491b8007ccce30c6bcd5466d20ce Mon Sep 17 00:00:00 2001 From: Daniel Rutz Date: Sat, 3 Feb 2018 15:04:25 +0100 Subject: [PATCH 2/8] Import the cryptonite module qualifiedly. --- app/Util.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Util.hs b/app/Util.hs index 291ce8f..3a1dc2a 100644 --- a/app/Util.hs +++ b/app/Util.hs @@ -9,7 +9,7 @@ module Util where import Control.Arrow import Control.Monad.IO.Class import Control.Monad.Logger (LoggingT, runStdoutLoggingT) -import Crypto.Hash +import qualified Crypto.Hash as Hash import Data.Aeson hiding (json) import qualified Data.ByteArray as BA import qualified Data.ByteString as BS @@ -43,7 +43,7 @@ decodeHex = fst . B16.decode . E.encodeUtf8 hashPassword :: T.Text -> BS.ByteString -> T.Text hashPassword password salt = - makeHex $ BA.convert . hashFinalize $ hashUpdates (hashInitWith SHA512) [salt, E.encodeUtf8 password] + makeHex $ BA.convert . Hash.hashFinalize $ Hash.hashUpdates (Hash.hashInitWith Hash.SHA512) [salt, E.encodeUtf8 password] runSQL :: (HasSpock m, SpockConn m ~ SqlBackend) From e4efd1694787cf184e6f870cc1f98e8ebdda9f51 Mon Sep 17 00:00:00 2001 From: Daniel Rutz Date: Sat, 3 Feb 2018 16:04:23 +0100 Subject: [PATCH 3/8] Replace cryptohash by cryptonite in the nix file. --- Flatr-App-Core.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Flatr-App-Core.nix b/Flatr-App-Core.nix index 27b02e7..ce62b60 100644 --- a/Flatr-App-Core.nix +++ b/Flatr-App-Core.nix @@ -16,7 +16,7 @@ mkDerivation { libraryHaskellDepends = [ base ]; executableHaskellDepends = [ aeson base base16-bytestring bytestring configurator containers - cryptohash http-types hvect jwt monad-logger mtl persistent + cryptonite http-types hvect jwt monad-logger mtl persistent persistent-sqlite persistent-template random Spock text time transformers word8 iso8601-time From 3d7e59c812c1044fbb0f41829a3c76d84d4830cf Mon Sep 17 00:00:00 2001 From: Daniel Rutz Date: Sat, 3 Feb 2018 16:28:17 +0100 Subject: [PATCH 4/8] Fix Symbol not found. --- Flatr-App-Core.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Flatr-App-Core.nix b/Flatr-App-Core.nix index ce62b60..752d722 100644 --- a/Flatr-App-Core.nix +++ b/Flatr-App-Core.nix @@ -1,5 +1,5 @@ { mkDerivation, aeson, base, base16-bytestring, bytestring -, configurator, containers, cryptohash, http-types +, configurator, containers, cryptonite, http-types , hvect, jwt, monad-logger, mtl, persistent, persistent-sqlite , persistent-template, random, Spock, stdenv, text, time , transformers, word8, iso8601-time From 6d2931bb3b669c333aef43d5f19023556df84c08 Mon Sep 17 00:00:00 2001 From: Daniel Rutz Date: Sat, 3 Feb 2018 16:41:43 +0100 Subject: [PATCH 5/8] DONT MERGE! Use the Argon2 KDF for derivation of the password hash. TODO: Evaluate ideal options and length. --- app/Util.hs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Util.hs b/app/Util.hs index 3a1dc2a..4be0406 100644 --- a/app/Util.hs +++ b/app/Util.hs @@ -9,9 +9,9 @@ module Util where import Control.Arrow import Control.Monad.IO.Class import Control.Monad.Logger (LoggingT, runStdoutLoggingT) -import qualified Crypto.Hash as Hash +import qualified Crypto.KDF.Argon2 as Ar2 +import Crypto.Error (throwCryptoError) import Data.Aeson hiding (json) -import qualified Data.ByteArray as BA import qualified Data.ByteString as BS import qualified Data.ByteString.Base16 as B16 import qualified Data.Text as T @@ -43,7 +43,7 @@ decodeHex = fst . B16.decode . E.encodeUtf8 hashPassword :: T.Text -> BS.ByteString -> T.Text hashPassword password salt = - makeHex $ BA.convert . Hash.hashFinalize $ Hash.hashUpdates (Hash.hashInitWith Hash.SHA512) [salt, E.encodeUtf8 password] + makeHex . throwCryptoError $ Ar2.hash Ar2.defaultOptions (E.encodeUtf8 password) salt 1024 runSQL :: (HasSpock m, SpockConn m ~ SqlBackend) From 14a7f14372f2ba217dd2a43e861ee276dc498c52 Mon Sep 17 00:00:00 2001 From: Daniel Rutz Date: Sat, 3 Feb 2018 18:36:49 +0100 Subject: [PATCH 6/8] Comment on possible Exception. --- app/Util.hs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Util.hs b/app/Util.hs index 4be0406..9b43a5c 100644 --- a/app/Util.hs +++ b/app/Util.hs @@ -43,7 +43,8 @@ decodeHex = fst . B16.decode . E.encodeUtf8 hashPassword :: T.Text -> BS.ByteString -> T.Text hashPassword password salt = - makeHex . throwCryptoError $ Ar2.hash Ar2.defaultOptions (E.encodeUtf8 password) salt 1024 + makeHex . throwCryptoError $ Ar2.hash Ar2.defaultOptions (E.encodeUtf8 password) salt 1024 + -- throwCryptoError can in theory throw, crashing the program. But this will happen only if salt length or output size are invalid. As this will never be the case (as long as we provide acceptable salts), this will never happen. runSQL :: (HasSpock m, SpockConn m ~ SqlBackend) From 20e8c3b7f866e514ad712723db45bdd2580ca44a Mon Sep 17 00:00:00 2001 From: Daniel Rutz Date: Sun, 4 Feb 2018 00:49:22 +0100 Subject: [PATCH 7/8] Implement Travis CI. --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..8dc5a83 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,4 @@ +language: haskell +ghc: + - "8.2" + - "8.0" \ No newline at end of file From 78a22b7fa635b835e446c2f7e66eff31c87b0b61 Mon Sep 17 00:00:00 2001 From: Daniel Rutz Date: Sun, 4 Feb 2018 11:58:14 +0100 Subject: [PATCH 8/8] Remove memory from Cabal config. --- Flatr-App-Core.cabal | 1 - 1 file changed, 1 deletion(-) diff --git a/Flatr-App-Core.cabal b/Flatr-App-Core.cabal index 2d6c76e..d10dda4 100644 --- a/Flatr-App-Core.cabal +++ b/Flatr-App-Core.cabal @@ -37,7 +37,6 @@ executable Flatr-App-Core-exe , bytestring , base16-bytestring >=0.1 , cryptonite >=0.24 - , memory default-language: Haskell2010 source-repository head