Merge pull request #1399 from psibi/cryptonite

Move yesod-auth to Cryptonite (from cryptohash)

.travis.yml

@@ -53,9 +53,9 @@ matrix:
   - env: BUILD=cabal GHCVER=7.10.3 CABALVER=1.22 HAPPYVER=1.19.5 ALEXVER=3.1.7
     compiler: ": #GHC 7.10.3"
     addons: {apt: {packages: [cabal-install-1.22,ghc-7.10.3,happy-1.19.5,alex-3.1.7], sources: [hvr-ghc]}}
-  - env: BUILD=cabal GHCVER=8.0.1 CABALVER=head HAPPYVER=1.19.5 ALEXVER=3.1.7
-    compiler: ": #GHC 8.0.1"
-    addons: {apt: {packages: [cabal-install-head,ghc-8.0.1,happy-1.19.5,alex-3.1.7], sources: [hvr-ghc]}}
+  - env: BUILD=cabal GHCVER=8.0.2 CABALVER=1.24 HAPPYVER=1.19.5 ALEXVER=3.1.7
+    compiler: ": #GHC 8.0.2"
+    addons: {apt: {packages: [cabal-install-1.24,ghc-8.0.2,happy-1.19.5,alex-3.1.7], sources: [hvr-ghc]}}
 
   # Build with the newest GHC and cabal-install. This is an accepted failure,
   # see below.

stack.yaml

@@ -23,6 +23,20 @@ extra-deps:
 - persistent-2.5
 - persistent-sqlite-2.5
 - cookie-0.4.2
+- cryptonite-0.23
+- foundation-0.0.9
+- memory-0.14.5
+- hfsevents-0.1.6
+- x509-1.6.5
+- x509-store-1.6.2
+- x509-system-1.6.4
+- x509-validation-1.6.5
+- tls-1.3.8
+- Win32-notify-0.3.0.1
+- asn1-parse-0.9.4
+- asn1-types-0.3.2
+- connection-0.2.8
+- socks-0.5.5
 
 - conduit-extra-1.1.14
 - streaming-commons-0.1.16

yesod-auth/ChangeLog.md

@@ -1,3 +1,7 @@
+## 1.4.17.2
+
+* Move to cryptonite from cryptohash
+
 ## 1.4.17.1
 
 * Some translation fixes

yesod-auth/Yesod/Auth/Email.hs

@@ -117,9 +117,8 @@ import qualified Yesod.Auth.Message       as Msg
 import           Yesod.Core
 import           Yesod.Form
 import qualified Yesod.PasswordStore      as PS
-
 import           Control.Applicative      ((<$>), (<*>))
-import qualified Crypto.Hash.MD5          as H
+import qualified Crypto.Hash              as H
 import qualified Crypto.Nonce             as Nonce
 import           Data.ByteString.Base16   as B16
 import           Data.Text                (Text)
@@ -134,6 +133,7 @@ import           System.IO.Unsafe         (unsafePerformIO)
 import qualified Text.Email.Validate
 import           Data.Aeson.Types (Parser, Result(..), parseMaybe, withObject, (.:?))
 import           Data.Maybe (isJust, isNothing, fromJust)
+import Data.ByteArray (convert)
 
 loginR, registerR, forgotPasswordR, setpassR :: AuthRoute
 loginR = PluginR "email" ["login"]
@@ -811,7 +811,7 @@ saltPass = fmap (decodeUtf8With lenientDecode)
 
 saltPass' :: String -> String -> String
 saltPass' salt pass =
-    salt ++ T.unpack (TE.decodeUtf8 $ B16.encode $ H.hash $ TE.encodeUtf8 $ T.pack $ salt ++ pass)
+    salt ++ T.unpack (TE.decodeUtf8 $ B16.encode $ convert (H.hash (TE.encodeUtf8 $ T.pack $ salt ++ pass) :: H.Digest H.MD5))
 
 isValidPass :: Text -- ^ cleartext password
             -> SaltedPass -- ^ salted password

yesod-auth/Yesod/PasswordStore.hs

@@ -102,16 +102,14 @@ module Yesod.PasswordStore (
         importSalt              -- :: ByteString -> Salt
   ) where
 
-
+import qualified Crypto.MAC.HMAC as CH
 import qualified Crypto.Hash as CH
-import qualified Crypto.Hash.SHA256 as H
 import qualified Data.ByteString.Char8 as B
 import qualified Data.ByteString as BS
 import qualified Data.ByteString.Lazy as BL
 import qualified Data.Binary as Binary
 import Control.Monad
 import Control.Monad.ST
-import Data.Byteable (toBytes)
 import Data.STRef
 import Data.Bits
 import Data.ByteString.Char8 (ByteString)
@@ -120,6 +118,7 @@ import System.IO
 import System.Random
 import Data.Maybe
 import qualified Control.Exception
+import Data.ByteArray (convert)
 
 ---------------------
 -- Cryptographic base
@@ -134,14 +133,18 @@ import qualified Control.Exception
 -- matches.
 pbkdf1 :: ByteString -> Salt -> Int -> ByteString
 pbkdf1 password (SaltBS salt) iter = hashRounds first_hash (iter + 1)
-    where first_hash = H.finalize $ H.init `H.update` password `H.update` salt
+  where
+    first_hash =
+      convert $
+      ((CH.hashFinalize $ CH.hashInit `CH.hashUpdate` password `CH.hashUpdate` salt) :: CH.Digest CH.SHA256)
+
 
 -- | Hash a 'ByteString' for a given number of rounds. The number of rounds is 0
 -- or more. If the number of rounds specified is 0, the ByteString will be
 -- returned unmodified.
 hashRounds :: ByteString -> Int -> ByteString
 hashRounds (!bs) 0 = bs
-hashRounds bs rounds = hashRounds (H.hash bs) (rounds - 1)
+hashRounds bs rounds = hashRounds (convert (CH.hash bs :: CH.Digest CH.SHA256)) (rounds - 1)
 
 -- | Computes the hmacSHA256 of the given message, with the given 'Salt'.
 hmacSHA256 :: ByteString
@@ -151,7 +154,7 @@ hmacSHA256 :: ByteString
            -> ByteString
            -- ^ The encoded message
 hmacSHA256 secret msg =
-    toBytes (CH.hmacGetDigest (CH.hmac secret msg) :: CH.Digest CH.SHA256)
+    convert (CH.hmacGetDigest (CH.hmac secret msg) :: CH.Digest CH.SHA256)
 
 -- | PBKDF2 key-derivation function.
 -- For details see @http://tools.ietf.org/html/rfc2898@.

yesod-auth/yesod-auth.cabal

@@ -1,5 +1,5 @@
 name:            yesod-auth
-version:         1.4.17.1
+version:         1.4.17.2
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman, Patrick Brisbin
@@ -27,7 +27,8 @@ library
                    , wai                     >= 1.4
                    , template-haskell
                    , base16-bytestring
-                   , cryptohash
+                   , cryptonite
+                   , memory
                    , random                  >= 1.0.0.2
                    , text                    >= 0.7
                    , mime-mail               >= 0.3