From 71f2c74efbad1ec0f5802356e0bc2119cb3121cc Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Tue, 8 Mar 2022 11:55:46 +0100 Subject: haskellPackages.cryptonite: Disable Argon2 on aarch64-darwin A workaround for packages that don't use this hash function. See https://github.com/haskell-crypto/cryptonite/issues/360 --- .../haskell-modules/configuration-darwin.nix | 3 + .../patches/cryptonite-remove-argon2.patch | 69 ++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 pkgs/development/haskell-modules/patches/cryptonite-remove-argon2.patch (limited to 'pkgs/development') diff --git a/pkgs/development/haskell-modules/configuration-darwin.nix b/pkgs/development/haskell-modules/configuration-darwin.nix index 825262fe4b47..84be174e97e8 100644 --- a/pkgs/development/haskell-modules/configuration-darwin.nix +++ b/pkgs/development/haskell-modules/configuration-darwin.nix @@ -289,4 +289,7 @@ self: super: ({ # https://github.com/fpco/inline-c/issues/127 inline-c-cpp = dontCheck super.inline-c-cpp; + + # https://github.com/haskell-crypto/cryptonite/issues/360 + cryptonite = appendPatch ./patches/cryptonite-remove-argon2.patch super.cryptonite; }) diff --git a/pkgs/development/haskell-modules/patches/cryptonite-remove-argon2.patch b/pkgs/development/haskell-modules/patches/cryptonite-remove-argon2.patch new file mode 100644 index 000000000000..1d571b61e532 --- /dev/null +++ b/pkgs/development/haskell-modules/patches/cryptonite-remove-argon2.patch @@ -0,0 +1,69 @@ +diff --git a/Crypto/KDF/Argon2.hs b/Crypto/KDF/Argon2.hs +index 044ba00..31dc6f1 100644 +--- a/Crypto/KDF/Argon2.hs ++++ b/Crypto/KDF/Argon2.hs +@@ -12,6 +12,7 @@ + -- File started from Argon2.hs, from Oliver Charles + -- at https://github.com/ocharles/argon2 + -- ++{-# LANGUAGE DataKinds #-} + module Crypto.KDF.Argon2 + ( + Options(..) +@@ -32,6 +33,7 @@ import Control.Monad (when) + import Data.Word + import Foreign.C + import Foreign.Ptr ++import Data.Proxy + + -- | Which variant of Argon2 to use. You should choose the variant that is most + -- applicable to your intention to hash inputs. +@@ -100,33 +102,12 @@ defaultOptions = + } + + hash :: (ByteArrayAccess password, ByteArrayAccess salt, ByteArray out) +- => Options ++ => [Proxy "cryptonite:Crypto.KDF.Argon2.hash is known to be broken on this architecture. See https://github.com/haskell-crypto/cryptonite/issues/360"] + -> password + -> salt + -> Int + -> CryptoFailable out +-hash options password salt outLen +- | saltLen < saltMinLength = CryptoFailed CryptoError_SaltTooSmall +- | outLen < outputMinLength = CryptoFailed CryptoError_OutputLengthTooSmall +- | outLen > outputMaxLength = CryptoFailed CryptoError_OutputLengthTooBig +- | otherwise = CryptoPassed $ B.allocAndFreeze outLen $ \out -> do +- res <- B.withByteArray password $ \pPass -> +- B.withByteArray salt $ \pSalt -> +- argon2_hash (iterations options) +- (memory options) +- (parallelism options) +- pPass +- (csizeOfInt passwordLen) +- pSalt +- (csizeOfInt saltLen) +- out +- (csizeOfInt outLen) +- (cOfVariant $ variant options) +- (cOfVersion $ version options) +- when (res /= 0) $ error "argon2: hash: internal error" +- where +- saltLen = B.length salt +- passwordLen = B.length password ++hash options password salt outLen = error "cryptonite:Crypto.KDF.Argon2.hash is known to be broken on this architecture. See https://github.com/haskell-crypto/cryptonite/issues/360" + + data Pass + data Salt +diff --git a/tests/KAT_Argon2.hs b/tests/KAT_Argon2.hs +index a347fc5..fdba079 100644 +--- a/tests/KAT_Argon2.hs ++++ b/tests/KAT_Argon2.hs +@@ -32,7 +32,7 @@ kdfTests = zipWith toKDFTest is vectors + where + toKDFTest i v = + testCase (show i) +- (CryptoPassed (kdfResult v) @=? Argon2.hash (kdfOptions v) (kdfPass v) (kdfSalt v) (B.length $ kdfResult v)) ++ (pure ()) + + is :: [Int] + is = [1..] -- cgit 1.4.1