more cost calculation and refactored Tunables

1 files changed, 41 insertions, 0 deletions

diff --git a/Tunables.hs b/Tunables.hs
new file mode 100644
index 0000000..5c39a2d
--- /dev/null
+++ b/Tunables.hs
@@ -0,0 +1,41 @@
+module Tunables where
+
+import Types
+import Cost
+import qualified Crypto.Argon2 as Argon2
+
+data Tunables = Tunables
+	{ argonOptions :: Argon2.HashOptions
+	, argonCost :: Cost CreationOp
+	-- ^ should correspond to the argonOptions
+	, decryptionCost :: Cost DecryptionOp
+	-- ^ controls the decryption cost
+	}
+
+defaultTunables :: Tunables
+defaultTunables = Tunables
+	{ argonOptions = Argon2.HashOptions
+		{ Argon2.hashIterations = 10000
+		, Argon2.hashMemory = 131072 -- 128 mebibtyes per thread
+		, Argon2.hashParallelism = 4 -- 4 threads
+		, Argon2.hashVariant = Argon2.Argon2i
+		}
+	-- argon2 is GPU and ASIC resistent, so it uses CPU time.
+	-- The above HashOptions were benchmarked at 661 seconds CPU time
+	-- on a 2 core Intel(R) Core(TM) i5-4210Y CPU @ 1.50GHz.
+	, argonCost = CPUCost (Seconds 600)
+	-- AES can be calculated more efficiently by a GPU, so this
+	-- cost is a GPU cost.
+	-- This is set to only 1 minute because GPUs are quite a lot
+	-- faster than CPUs at AES, and so setting it higher would make
+	-- clients too slow at key recovery.
+	, decryptionCost = GPUCost (Seconds 60)
+	}
+
+-- | Dials back cryptographic difficulty, not for production use.
+testModeTunables :: Tunables
+testModeTunables = Tunables
+	{ argonOptions = Argon2.defaultHashOptions
+	, argonCost = CPUCost (Seconds 0)
+	, decryptionCost = GPUCost (Seconds 0)
+	}