implement client-server Proof Of Work

Mashed up a argon2-based PoW with token buckets and bloom filters.
This is intended to prevent a few abuses including:

* Using a keysafe server for general file storage, by storing a whole
  lot of chunks.
* An attacker guessing names that people will use, and uploading junk
  to keysafe servers under those names, to make it harder for others to use
  keysafe later.
* An attacker trying to guess the names used for objects on keysafe
  servers in order to download them and start password cracking.
  (As a second level of defense, since the name generation hash
  is expensive already.)

Completely untested, but it builds!

This commit was sponsored by Andreas on Patreon.

1 files changed, 17 insertions, 0 deletions

diff --git a/Tunables.hs b/Tunables.hs
index d7e5ac7..1d087bf 100644
--- a/Tunables.hs
+++ b/Tunables.hs
@@ -9,6 +9,7 @@ module Tunables where
 
 import Cost
 import qualified Crypto.Argon2 as Argon2
+import Data.Word
 
 -- | To determine the tunables used for a key name the expensive hash of the
 -- name is calculated, using a particular configuration, and if the
@@ -139,3 +140,19 @@ knownObjectSizes :: [Int]
 knownObjectSizes = map (calc . snd) knownTunings
   where
 	calc t = objectSize t * shareOverhead t
+
+-- Hash for client-server Proof Of Work. This is tuned to take around
+-- 4 seconds to calculate the hash on a 4 core machine, with 0 added
+-- iterations. Adding more iterations will increase that somewhat.
+--
+-- This is not included in Tunables because it doesn't affect object
+-- encryption and storage.
+proofOfWorkHashTunable :: Word32 -> ExpensiveHashTunable
+proofOfWorkHashTunable addits = 
+	UseArgon2 (CPUCost (Seconds (4 + (4 * fromIntegral addits `div` 20))) (Divisibility 4)) $ 
+		Argon2.HashOptions
+			{ Argon2.hashIterations = 20 + addits
+			, Argon2.hashMemory = 131072 -- 128 mebibtyes per thread
+			, Argon2.hashParallelism = 4
+			, Argon2.hashVariant = Argon2.Argon2i
+			}