module Tunables where

import Types
import Cost
import qualified Crypto.Argon2 as Argon2

data Tunables = Tunables
	{ argonOptions :: Argon2.HashOptions
	, argonCost :: Cost CreationOp
	-- ^ should correspond to the argonOptions
	, decryptionCost :: Cost DecryptionOp
	-- ^ controls the decryption cost
	}

defaultTunables :: Tunables
defaultTunables = Tunables
	{ argonOptions = Argon2.HashOptions
		{ Argon2.hashIterations = 10000
		, Argon2.hashMemory = 131072 -- 128 mebibtyes per thread
		, Argon2.hashParallelism = 4 -- 4 threads
		, Argon2.hashVariant = Argon2.Argon2i
		}
	-- argon2 is GPU and ASIC resistent, so it uses CPU time.
	-- The above HashOptions were benchmarked at 661 seconds CPU time
	-- on a 2 core Intel(R) Core(TM) i5-4210Y CPU @ 1.50GHz.
	, argonCost = CPUCost (Seconds 600)
	-- AES can be calculated more efficiently by a GPU, so this
	-- cost is a GPU cost.
	-- This is set to only 1 minute because GPUs are quite a lot
	-- faster than CPUs at AES, and so setting it higher would make
	-- clients too slow at key recovery.
	, decryptionCost = GPUCost (Seconds 60)
	}

-- | Dials back cryptographic difficulty, not for production use.
testModeTunables :: Tunables
testModeTunables = Tunables
	{ argonOptions = Argon2.defaultHashOptions
	, argonCost = CPUCost (Seconds 0)
	, decryptionCost = GPUCost (Seconds 0)
	}