Implement BLAKE3 for PIN hashing

2023-01-27 11:01:05 -06:00 · 2023-01-27 11:01:05 -06:00 · a17e8d6f2a
commit a17e8d6f2a
parent 6d14ccd48a
2 changed files with 14 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [Unreleased]
+
+### Changed
+
+- Implement `BLAKE3` for PIN hashing.
+
 ## [1.2.2] - 2023-01-25

 ### Fixed
--- a/src/ZGoBackend.hs
+++ b/src/ZGoBackend.hs
@ -797,6 +797,10 @@ routes pipe config = do
  post "/api/validateuser" $ do
    providedPin <- param "pin"
    sess <- param "session"
+    let pinHash =
+          BLK.hash
+            [ BA.pack . BS.unpack . C.pack . T.unpack $ providedPin <> sess :: BA.Bytes
+            ]
    user <- liftAndCatchIO $ run (findUser sess)
    case user of
      Nothing -> status noContent204 --`debug` "No user match"
@ -805,7 +809,10 @@ routes pipe config = do
        case parsedUser of
          Nothing -> status noContent204 --`debug` "Couldn't parse user"
          Just pUser -> do
-            let ans = upin pUser == T.pack providedPin
+            let ans =
+                  upin pUser ==
+                  (T.pack . show $
+                   (pinHash :: BLK.Digest BLK.DEFAULT_DIGEST_LEN))
            if ans
              then do
                liftAndCatchIO $ run (validateUser sess)