feat: password hashing limits can be applied with CLI parameters

- `--password-ops-limit` and `--password-mem-limit` are both CLI parameters for Agent start and bootstrap.
- Some methods for reading the keyPair now returns the limits alongside the keys in a tuple.
- Wrapping the memory error with a keys' domain error.

Author: tegefaulkes

src/bin/agent/CommandStart.ts

@@ -37,6 +37,8 @@ class CommandStart extends CommandPolykey {
     this.addOption(binOptions.backgroundErrFile);
     this.addOption(binOptions.fresh);
     this.addOption(binOptions.privateKeyFile);
+    this.addOption(binOptions.passwordOpsLimit);
+    this.addOption(binOptions.passwordMemLimit);
     this.action(async (options) => {
       options.clientHost =
         options.clientHost ?? config.defaults.networkConfig.clientHost;
@@ -89,19 +91,16 @@ class CommandStart extends CommandPolykey {
       const [seedNodes, defaults] = options.seedNodes;
       let seedNodes_ = seedNodes;
       if (defaults) seedNodes_ = { ...options.network, ...seedNodes };
-      const fastPasswordHash = process.env.PK_FAST_PASSWORD_HASH === 'true';
       const agentConfig = {
         password,
         nodePath: options.nodePath,
         keyRingConfig: {
           recoveryCode: recoveryCodeIn,
           privateKeyPath: options.privateKeyFile,
-          passwordOpsLimit: fastPasswordHash
-            ? keysUtils.passwordOpsLimits.min
-            : undefined,
-          passwordMemLimit: fastPasswordHash
-            ? keysUtils.passwordMemLimits.min
-            : undefined,
+          passwordOpsLimit:
+            keysUtils.passwordOpsLimits[options.passwordOpsLimit],
+          passwordMemLimit:
+            keysUtils.passwordMemLimits[options.passwordMemLimit],
         },
         proxyConfig: {
           connConnectTime: options.connectionTimeout,

src/bin/bootstrap/CommandBootstrap.ts

@@ -11,8 +11,11 @@ class CommandBootstrap extends CommandPolykey {
     this.addOption(binOptions.recoveryCodeFile);
     this.addOption(binOptions.fresh);
     this.addOption(binOptions.privateKeyFile);
+    this.addOption(binOptions.passwordOpsLimit);
+    this.addOption(binOptions.passwordMemLimit);
     this.action(async (options) => {
       const bootstrapUtils = await import('../../bootstrap/utils');
+      const keysUtils = await import('../../keys/utils/index');
       const password = await binProcessors.processNewPassword(
         options.passwordFile,
         this.fs,
@@ -27,6 +30,10 @@ class CommandBootstrap extends CommandPolykey {
         keyRingConfig: {
           recoveryCode: recoveryCodeIn,
           privateKeyPath: options.privateKeyFile,
+          passwordOpsLimit:
+            keysUtils.passwordOpsLimits[options.passwordOpsLimit],
+          passwordMemLimit:
+            keysUtils.passwordMemLimits[options.passwordMemLimit],
         },
         fresh: options.fresh,
         fs: this.fs,

src/bin/utils/options.ts

@@ -29,7 +29,6 @@ const nodePath = new commander.Option(
 const format = new commander.Option('-f, --format <format>', 'Output Format')
   .choices(['human', 'json'])
   .default('human');
-
 /**
  * Sets log level, defaults to 0, multiple uses will increase verbosity level
  */
@@ -158,6 +157,30 @@ const noPing = new commander.Option('--no-ping', 'Skip ping step').default(
   true,
 );
 
+// We can't reference the object here so we recreate the list of choices
+const passwordLimitChoices = [
+  'min',
+  'max',
+  'interactive',
+  'moderate',
+  'sensitive',
+];
+const passwordOpsLimit = new commander.Option(
+  '--password-ops-limit <passwordOpsLimit>',
+  'Limit the password generation operations',
+)
+  .choices(passwordLimitChoices)
+  .env('PK_PASSWORD_OPS_LIMIT')
+  .default('moderate');
+
+const passwordMemLimit = new commander.Option(
+  '--password-mem-limit <passwordMemLimit>',
+  'Limit the password generation memory',
+)
+  .choices(passwordLimitChoices)
+  .env('PK_PASSWORD_MEM_LIMIT')
+  .default('moderate');
+
 const privateKeyFile = new commander.Option(
   '--private-key-file <privateKeyFile>',
   'Override key creation with a private key JWE from a file',
@@ -187,4 +210,6 @@ export {
   forceNodeAdd,
   noPing,
   privateKeyFile,
+  passwordOpsLimit,
+  passwordMemLimit,
 };

src/bootstrap/utils.ts

@@ -1,5 +1,6 @@
 import type { FileSystem } from '../types';
 import type { RecoveryCode, Key, PrivateKey } from '../keys/types';
+import type { PasswordMemLimit, PasswordOpsLimit } from '../keys/types';
 import path from 'path';
 import Logger from '@matrixai/logger';
 import { DB } from '@matrixai/db';
@@ -40,6 +41,8 @@ async function bootstrapState({
     recoveryCode?: RecoveryCode;
     privateKey?: PrivateKey;
     privateKeyPath?: string;
+    passwordOpsLimit?: PasswordOpsLimit;
+    passwordMemLimit?: PasswordMemLimit;
   };
   fresh?: boolean;
   fs?: FileSystem;

src/keys/KeyRing.ts

@@ -707,12 +707,7 @@ class KeyRing {
       'ciphertext' in privateObject &&
       privateObject.ciphertext != null
     ) {
-      const privateJWK = keysUtils.unwrapWithPassword(
-        password,
-        privateObject,
-        this.passwordOpsLimit,
-        this.passwordMemLimit,
-      );
+      const privateJWK = keysUtils.unwrapWithPassword(password, privateObject);
       if (privateJWK == null) {
         throw new keysErrors.ErrorKeyPairParse(
           `Private key path ${privateKeyPath} is not a valid encrypted JWK`,

src/keys/errors.ts

@@ -98,6 +98,11 @@ class ErrorBufferLock<T> extends ErrorKeys<T> {
   exitCode = sysexits.TEMPFAIL;
 }
 
+class ErrorPasswordHash<T> extends ErrorKeys<T> {
+  static description = 'Failed to hash password';
+  exitCode = sysexits.UNAVAILABLE;
+}
+
 export {
   ErrorKeys,
   ErrorKeyRingRunning,
@@ -119,4 +124,5 @@ export {
   ErrorCertsReset,
   ErrorCertsGC,
   ErrorBufferLock,
+  ErrorPasswordHash,
 };

src/keys/utils/password.ts

@@ -6,6 +6,7 @@ import type {
 } from '../types';
 import sodium from 'sodium-native';
 import { getRandomBytes } from './random';
+import * as keysErrors from '../errors';
 
 /**
  * Use the `min` limit during testing to improve performance.
@@ -80,15 +81,19 @@ function hashPassword(
     undefined,
     false,
   ) as PasswordSalt;
-  sodium.crypto_pwhash(
-    hash,
-    Buffer.from(password, 'utf-8'),
-    salt,
-    opsLimit,
-    memLimit,
-    sodium.crypto_pwhash_ALG_ARGON2ID13,
-  );
-  return [hash as PasswordHash, salt];
+  try {
+    sodium.crypto_pwhash(
+      hash,
+      Buffer.from(password, 'utf-8'),
+      salt,
+      opsLimit,
+      memLimit,
+      sodium.crypto_pwhash_ALG_ARGON2ID13,
+    );
+    return [hash as PasswordHash, salt];
+  } catch (e) {
+    throw new keysErrors.ErrorPasswordHash(undefined, { cause: e });
+  }
 }
 
 /**

src/keys/utils/symmetric.ts

@@ -215,12 +215,7 @@ function wrapWithPassword(
  * Key unwrapping with password.
  * The password can be an empty string.
  */
-function unwrapWithPassword(
-  password: string,
-  keyJWE: any,
-  opsLimit: PasswordOpsLimit = passwordOpsLimitDefault,
-  memLimit: PasswordMemLimit = passwordMemLimitDefault,
-): JWK | undefined {
+function unwrapWithPassword(password: string, keyJWE: any): JWK | undefined {
   if (typeof keyJWE !== 'object' || keyJWE == null) {
     return;
   }
@@ -256,9 +251,7 @@ function unwrapWithPassword(
   // then it may be maliciously trying to DOS this agent
   if (
     header.ops < passwordOpsLimits.min ||
-    header.ops > opsLimit ||
-    header.mem < passwordMemLimits.min ||
-    header.mem > memLimit
+    header.mem < passwordMemLimits.min
   ) {
     return;
   }