From 5decbad3eb779b1bbe11245cbde84701909e9c68 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 11 Aug 2016 15:52:50 -0400 Subject: nearly able to generate shards now --- ExpensiveHash.hs | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) (limited to 'ExpensiveHash.hs') diff --git a/ExpensiveHash.hs b/ExpensiveHash.hs index e089957..48acba2 100644 --- a/ExpensiveHash.hs +++ b/ExpensiveHash.hs @@ -3,38 +3,50 @@ module ExpensiveHash where import Types -import Versions +import Tunables import Cost import Serialization () +import qualified Data.Text as T import qualified Data.ByteString as B -import Raaz.Core.Encode import qualified Crypto.Argon2 as Argon2 +import Raaz.Core.Encode import Data.Time.Clock import Control.DeepSeq +import Data.Monoid -- | A hash that is expensive to calculate. -- -- This is a lynchpin of keysafe's security, because using this hash -- as an encryption key forces brute force attackers to generate -- hashes over and over again, taking a very long time. -data ExpensiveHash = ExpensiveHash (Cost CreationOp) B.ByteString +data ExpensiveHash = ExpensiveHash (Cost CreationOp) T.Text deriving (Show) data Salt t = Salt t -expensiveHash :: Encodable t => Tunables -> Salt t -> Password -> ExpensiveHash -expensiveHash tunables (Salt s) (Password password) = +-- | Would rather use haskell argon2 library, but it doesn't build +-- from source, and is buggy. https://github.com/ocharles/argon2/issues/3 +expensiveHash :: Encodable t => Tunables -> Salt t -> B.ByteString -> ExpensiveHash +expensiveHash tunables (Salt s) b = case expensiveHashTunable tunables of UseArgon2 opts cost -> ExpensiveHash cost $ - Argon2.hash opts password (toByteString s) + -- Using hashEncoded here and not hash, + -- because of this bug: + -- https://github.com/ocharles/argon2/issues/3 + Argon2.hashEncoded opts b argonsalt + where + -- argon salt cannot be shorter than 8 bytes, so pad with spaces. + argonsalt = + let sb = toByteString s + in sb <> B.replicate (8 - B.length sb ) 32 benchmarkExpensiveHash :: Tunables -> IO (Benchmark (Cost CreationOp)) benchmarkExpensiveHash tunables = do start <- getCurrentTime - let ExpensiveHash expected b = expensiveHash tunables - (Salt (KeyIdent gpgKey (Name ("benchmark" :: B.ByteString)))) - (Password ("himom" :: B.ByteString)) - end <- b `deepseq` getCurrentTime + let ExpensiveHash expected t = expensiveHash tunables + (Salt (KeyId gpgKey ("benchmark" :: B.ByteString))) + ("himom" :: B.ByteString) + end <- t `deepseq` getCurrentTime let diff = floor $ end `diffUTCTime` start let actual = CPUCost $ Seconds diff return $ Benchmark -- cgit v1.2.3