jedisct1
commented
1 year ago Existing APIs cannot be changed. That would break all existing applications and bindings.
For Argon2 and other functions that can use multiple threads, we may want additional functions that accept the parallelism parameter, but also the actual maximum number of threads to use. And actual threading still has to be implemented (and not just on Unix).
But the low level functions are only there for consistency with NaCl. Functions that applications should use are the high-level crypto_pwhash functions only.
Different hash functions may accept different parameters in addition to the memory limit and work factor.
So, like what was done in the Zig standard library, high-level crypto_pwhash functions could accept an opaque options parameter. For Argon2, the parallelism and actual. number of threads could go there.
Maybe that would be a good opportunity to make these slow operations interruptible/resumable by the way.
So, something like
int crypto_pwhash_str(
crypto_pwhash_state *state,
char out[crypto_pwhash_STRBYTES],
const char * const passwd, unsigned long long passwdlen,
const crypto_pwhash_options *options)state can be NULL. If not, one of the options could be the maximum number of interactions to run before the function returns an EINPROGRESS error code.
z3bra
This effectively add a new parameters "joblimit" to the Argon2 specific fonctions exposed by the
crypto_pwhashAPI.Parallelism is one of the 3 parameters that define the Argon2 algorithm, but it cannot be changed using the API. This makes libsodium incompatible with any other implementation, and incompatible with RFC 9106 recommended settings for Argon2.
In order to keep compatibility with previous version, I didn't change the
crypto_pwhash()function, which is now where the parallelism value of1Uis hardcoded. By using the argon2 specific function, users can can change this parameter, which is already fully implemented and working internally. This MR only expose the parameter to the API.