From 8af994320d3cd343e038bd9721c5ecc80e4b9246 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Mon, 26 Mar 2018 07:39:13 -0400
Subject: Updated to argon2-1.3.

New parameters are set to the old values and test suite passes so this
looks good.

This commit was sponsored by Nick Daly on Patreon.
---
 CHANGELOG        | 6 ++++++
 ExpensiveHash.hs | 7 +++----
 Tunables.hs      | 4 ++++
 keysafe.cabal    | 3 ++-
 stack.yaml       | 5 ++++-
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index af81330..f1b119d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,9 @@
+keysafe (0.20170812) UNRELEASED; urgency=medium
+
+  * Updated to argon2-1.3.
+
+ -- Joey Hess <id@joeyh.name>  Mon, 26 Mar 2018 07:33:45 -0400
+
 keysafe (0.20170811) unstable; urgency=medium
 
   * Updated to http-client 0.5.3, servant 0.11, and stackage lts-9.0.
diff --git a/ExpensiveHash.hs b/ExpensiveHash.hs
index 6fab15c..4a01194 100644
--- a/ExpensiveHash.hs
+++ b/ExpensiveHash.hs
@@ -11,6 +11,7 @@ import Tunables
 import Cost
 import Serialization ()
 import qualified Data.Text as T
+import Data.Text.Short (toText)
 import qualified Data.ByteString as B
 import qualified Crypto.Argon2 as Argon2
 import Raaz.Core.Encode
@@ -31,12 +32,10 @@ data Salt t = Salt t
 
 expensiveHash :: Encodable t => ExpensiveHashTunable -> Salt t -> B.ByteString -> ExpensiveHash
 expensiveHash (UseArgon2 cost opts) (Salt s) b = ExpensiveHash cost $
-	-- Using hashEncoded here and not hash,
-	-- because of this bug:
-	-- https://github.com/ocharles/argon2/issues/3
-	Argon2.hashEncoded opts b argonsalt
+	either hashfailed toText $ Argon2.hashEncoded opts b argonsalt
   where
 	-- argon salt cannot be shorter than 8 bytes, so pad with spaces.
 	argonsalt = 
 		let sb = toByteString s
 		in sb <> B.replicate (8 - B.length sb ) 32
+	hashfailed e = error ("hash generation failed: " ++ show e)
diff --git a/Tunables.hs b/Tunables.hs
index 5c28a39..2e96b8c 100644
--- a/Tunables.hs
+++ b/Tunables.hs
@@ -112,6 +112,8 @@ defaultTunables = Tunables
 			let Divisibility n = d
 			in fromIntegral n
 		, Argon2.hashVariant = Argon2.Argon2i
+		, Argon2.hashVersion = Argon2.Argon2Version13
+		, Argon2.hashLength = 64
 		}
 	d = Divisibility 4 -- argon2 uses 4 threads
 
@@ -156,6 +158,8 @@ proofOfWorkHashTunable addits =
 			, Argon2.hashMemory = 1000
 			, Argon2.hashParallelism = 4
 			, Argon2.hashVariant = Argon2.Argon2i
+			, Argon2.hashVersion = Argon2.Argon2Version13
+			, Argon2.hashLength = 64
 			}
   where
 	nits = 20 + addits
diff --git a/keysafe.cabal b/keysafe.cabal
index 188d02a..575a131 100644
--- a/keysafe.cabal
+++ b/keysafe.cabal
@@ -36,11 +36,12 @@ Executable keysafe
     -- changes to these could break backup/restore, so when loosening
     -- the version ranges, it's important to run keysafe --test
       secret-sharing == 1.0.*
-    , argon2 == 1.2.*
+    , argon2 == 1.3.*
     , raaz == 0.1.1
     , base (>= 4.5 && < 5.0)
     , bytestring == 0.10.*
     , text == 1.2.*
+    , text-short == 0.1.*
     -- Changes to these dependencies should not impact the data that
     -- keysafe backs up and restores.
     , deepseq == 1.4.*
diff --git a/stack.yaml b/stack.yaml
index 6704d6b..7baf51a 100644
--- a/stack.yaml
+++ b/stack.yaml
@@ -2,8 +2,11 @@ packages:
 - '.'
 resolver: lts-9.0
 extra-deps:
-- argon2-1.2.0
+- argon2-1.3.0.0
 - secret-sharing-1.0.0.3
 - dice-entropy-conduit-1.0.0.1
 - polynomial-0.7.3
+- finite-field-0.8.0
+- text-short-0.1.2
+- zxcvbn-c-1.0.1
 explicit-setup-deps:
-- 
cgit v1.2.3