citadel_crypt 0.13.0

Higher-level cryptographic library for the Citadel Protocol
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

//! # Argon2 Parameter Auto-tuner
//!
//! Automatically determines optimal Argon2 parameters for password hashing based on system capabilities
//! and performance requirements. This module implements the recommendations from ORY's Argon2 parameter
//! selection guidelines.
//!
//! ## Features
//!
//! * Dynamic parameter tuning based on available system memory
//! * Multi-threaded optimization using available CPU cores
//! * Memory-first tuning strategy for optimal security
//! * Iterative time-cost adjustment
//! * Configurable minimum execution time
//! * Support for custom hash lengths and secret keys
//!
//! ## Usage Example
//!
//! ```rust
//! use citadel_crypt::argon::autotuner::calculate_optimal_argon_params;
//! use citadel_crypt::misc::CryptError;
//!
//! async fn configure_argon() -> Result<(), CryptError> {
//!     // Configure Argon2 to take at least 500ms
//!     let optimal_params = calculate_optimal_argon_params(
//!         500,                    // minimum milliseconds
//!         None,                   // use default hash length
//!         Some(b"secret".to_vec()) // optional secret key
//!     ).await?;
//!     
//!     println!("Optimal parameters:");
//!     println!("Memory cost: {} KB", optimal_params.mem_cost);
//!     println!("Time cost: {}", optimal_params.time_cost);
//!     println!("Parallelism: {}", optimal_params.lanes);
//!     
//!     Ok(())
//! }
//! ```
//!
//! ## Important Notes
//!
//! * Should be run in release mode for accurate results
//! * Memory cost is automatically capped at available system memory
//! * Parameters are tuned for the specific CPU running the autotuner
//! * Memory-cost is prioritized over time-cost for better security
//! * Results may vary between runs due to system load
//!
//! ## Related Components
//!
//! * `argon_container`: Core Argon2 implementation and settings
//! * `SecBuffer`: Secure memory management for passwords
//! * `CryptError`: Error handling for cryptographic operations
//!

use crate::argon::argon_container::{
    ArgonDefaultServerSettings, ArgonSettings, ArgonStatus, AsyncArgon, DEFAULT_HASH_LENGTH,
};
use crate::misc::CryptError;
use citadel_types::crypto::SecBuffer;
use sysinfo::SystemExt;

/// Uses: https://www.ory.sh/choose-recommended-argon2-parameters-password-hashing/
/// "To reach the desired execution time, you can tweak two variables. It is recommended
/// to start with the highest amount of memory possible and one iteration. Reduce the memory
/// until one hashing operation takes less than your desired duration. Next, advance the
/// number of iterations to approach the desired execution time as close as possible"
pub async fn calculate_optimal_argon_params(
    millis_minimum: u16,
    hash_length: Option<u32>,
    secret: Option<Vec<u8>>,
) -> Result<ArgonDefaultServerSettings, CryptError<String>> {
    if cfg!(debug_assertions) {
        log::warn!(target: "citadel", "You are running the argon autotuner in a debug build. \
        This will give inaccurate results. Use a release build to ensure the best possible performance. \
        Additionally, make sure to only run this autotuner on the CPU that you expect to hash on")
    }

    let system = sysinfo::System::new_all();
    let available_memory_sys = system.free_memory();
    let available_memory = std::cmp::min(available_memory_sys, 1024 * 1024); // ensure we don't start at too low of a value
    let available_memory_kb = available_memory / 1024;
    let hash_length = hash_length.unwrap_or(DEFAULT_HASH_LENGTH);

    let lanes: u32 = num_cpus::get() as _;

    let mut iters = 0;
    let fake_password = SecBuffer::from((0u8..15u8).collect::<Vec<u8>>());

    let mut mem_cost_tuned = false;
    // start with 1
    let mut time_cost = 1;
    let mut mem_cost = available_memory_kb;

    loop {
        let init_time = citadel_io::tokio::time::Instant::now();
        let settings_this_round = ArgonSettings::new_gen_salt(
            vec![],
            lanes,
            hash_length,
            mem_cost as _,
            time_cost,
            secret.clone().unwrap_or_default(),
        );
        log::trace!(target: "citadel", "Settings current: {:?}", settings_this_round);

        match AsyncArgon::hash(fake_password.clone(), settings_this_round)
            .await
            .map_err(|err| CryptError::Encrypt(err.to_string()))?
        {
            ArgonStatus::HashSuccess(_) => {
                let elapsed = init_time.elapsed().as_millis();
                log::trace!(target: "citadel", "Iteration {}: {}ms (Mem cost (KB): {} | time cost: {})", iters, elapsed, mem_cost, time_cost);
                iters += 1;

                if mem_cost_tuned {
                    // edit just the time cost, but only if we haven't reached our target goal
                    if elapsed >= millis_minimum as _ {
                        let final_configuration = ArgonDefaultServerSettings {
                            lanes,
                            hash_length,
                            mem_cost: mem_cost as _,
                            time_cost,
                            secret: secret.clone().unwrap_or_default(),
                        };

                        return Ok(final_configuration);
                    }

                    time_cost += 1;
                } else {
                    // edit just the mem cost. Reduce by 10%, but only if we have went below our target
                    if elapsed < (millis_minimum as f32 / 2f32) as _ {
                        mem_cost_tuned = true;
                        time_cost += 1;
                    } else {
                        let times_over = (elapsed as f32 / millis_minimum as f32).ceil();
                        log::trace!(target: "citadel", "Times over: {}", times_over);

                        let diff = if times_over > 2f32 {
                            mem_cost - (mem_cost as f32 / times_over).floor() as u64
                        } else {
                            (0.20f32 * (mem_cost as f32)) as u64
                        };

                        log::trace!(target: "citadel", "DIFF: {}", diff);
                        mem_cost -= diff;
                    }
                }
            }
            res => {
                return Err(CryptError::Encrypt(format!(
                    "Unable to hash password: {res:?}",
                )))
            }
        }
    }
}