[Issue 9517] New: Documenting how to pass Argon2 configuration parameters when loading the module
https://bugs.openldap.org/show_bug.cgi?id=9517
Issue ID: 9517 Summary: Documenting how to pass Argon2 configuration parameters when loading the module Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: gilbert.kowarzyk@servicenow.com Target Milestone: ---
It is possible to pass the configuration parameters for the argon2 module when loading the module in OpenLDAP, and they are properly employed when using ldappasswd.
Nevertheless, it took me a considerable amount of time to find how to provide the config when loading the module.
The way I was able to provide the argon2 configuration values was by adding the following to the slaps.ldif file:
olcModuleload: argon2.so m=XXXX t=YYYY p=ZZZZZ
(where XXXX, YYYY, and ZZZZ are the configuration values).
The syntax was initially not clear to me, and required a lot of trial an error (I was not able to find documentation that clearly explained this syntax).
Thanks in advance!
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #1 from gilbert.kowarzyk@servicenow.com --- I just noticed an additional thing.
If the module is loaded (for example) with:
olcModuleload: argon2.so m=62500 t=8 p=6
and the Frontend has:
olcPasswordHash: {ARGON2}
I would have expected the new passwords to be created with:
- memory: m=62500 (i.e. 64MB) - parallelism: p=6 - iterations: t=8
Nevertheless, if change the password using `ldappasswd`, the resulting hash starts with:
{ARGON2}$argon2id$v=19$m=62500,t=8,p=1$...
that is, the parallelism is not respected (it shows "p=1" instead of the expected "p=6".
Nevertheless, it seems to be read here (tag= OPENLDAP_REL_ENG_2_4_58): https://github.com/openldap/openldap/blob/350ede08564ab14a45884c6f7c32419d98...
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #2 from Michael Ströder michael@stroeder.com --- (In reply to gilbert.kowarzyk from comment #1)
that is, the parallelism is not respected (it shows "p=1" instead of the expected "p=6".
Is your OpenLDAP installation using libsodium? AFAIK libsodium ignores parallelism > 1.
https://bugs.openldap.org/show_bug.cgi?id=9517
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.4 Component|slapd |documentation
https://bugs.openldap.org/show_bug.cgi?id=9517
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |quanah@openldap.org
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #3 from gilbert.kowarzyk@servicenow.com --- (In reply to Michael Ströder from comment #2)
(In reply to gilbert.kowarzyk from comment #1)
that is, the parallelism is not respected (it shows "p=1" instead of the expected "p=6".
Is your OpenLDAP installation using libsodium? AFAIK libsodium ignores parallelism > 1.
Hello,
I believe it is indeed using libsodium.
I went to look into the source code, and can confirm that libsodium may be ignoring "parallelism > 1".
The lower-level function that is called does accept a "uint32_t parallelism" value: https://github.com/jedisct1/libsodium/blob/6d566070b48efd2fa099bbe9822914455...
Nevertheless, the higher-level API seems to be hardcoding it to 1 here: https://github.com/jedisct1/libsodium/blob/6d566070b48efd2fa099bbe9822914455...
It seems to be, based on (https://libsodium.gitbook.io/doc/password_hashing/default_phf#guidelines-for...), that they only allow tweaking the algorithm in 2 dimensions (basically number of "iterations" and amount of "memory" used), instead of 3 dimensions as per the reference (i.e. also "parallelism"). This is a bit unfortunate, as it does not follow the spec by the Argon2 paper.
Another issue is that the OpenLDAP documentation for pw-argon2 (e.g. https://manpages.ubuntu.com/manpages/groovy/man5/slapd-pw-argon2.5.html) seems to imply that it is possible to (rightly for the algorithm) select the parallelism to use.
Some further thoughts: - if implementations other than libsodium are available, maybe the pros and cons of each should be stated somewhere - if it is possible to use the lower level libsodium call, maybe the parameter could then be considered - if libsodium is not implementing argon2 as per the spec, maybe it should not be used?
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #4 from gilbert.kowarzyk@servicenow.com --- I also found these teo relevant threads:
- https://www.openldap.org/lists/openldap-devel/201703/msg00002.html - https://github.com/jedisct1/libsodium/issues/509
In summary, libsodium being a high-level library, it hides some of the parameters in the name of "easing complexity" and "avoiding misuse" (such as "salt length", and "output length"). However, it also hides "parallelism", which I think should probably remain configurable.
Indeed, from my understanding, Argon2 is specifically designed to have "execution time", "memory required", and "degree of parallelism" as the three parameters that can be tuned, such as to maximize its resistance: - making it "more expensive" to crack when many fast cores are available (e.g. GPU or ASIC) - requiring more memory (thus increasing the cost of the hardware required to attempt a brute-force attack) - changing the memory access pattern to reduce side-channel attacks.
I seems that the compromise of leaving out "parallelism" goes a bit against it's original design.
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to gilbert.kowarzyk from comment #4)
I seems that the compromise of leaving out "parallelism" goes a bit against it's original design.
Probably an issue to take up with the libsodium authors if you want to pursue this. On the OpenLDAP side, we support building against libsodium or libargon2. If you need parallelism, link to libargon2.
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #6 from gilbert.kowarzyk@servicenow.com --- (In reply to Quanah Gibson-Mount from comment #5)
(In reply to gilbert.kowarzyk from comment #4)
I seems that the compromise of leaving out "parallelism" goes a bit against it's original design.
Probably an issue to take up with the libsodium authors if you want to pursue this. On the OpenLDAP side, we support building against libsodium or libargon2. If you need parallelism, link to libargon2.
Yes, I agree that this point is something to be discussed with the libsodium authors and not slapd specific.
I was not able to find documentation listing `libsodium` and `libargon2` as being both supported when building slapd, only some references in the building scripts. On the topic of documentation, it could be beneficial to explain that this choice is available, and maybe a short explanation of why one would pick one over the other. Some of the supported libraries are listed here (https://openldap.org/doc/admin24/install.html).
Thanks again!
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #7 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to gilbert.kowarzyk from comment #6)
I was not able to find documentation listing `libsodium` and `libargon2` as being both supported when building slapd, only some references in the building scripts. On the topic of documentation, it could be beneficial to explain that this choice is available, and maybe a short explanation of why one would pick one over the other. Some of the supported libraries are listed here (https://openldap.org/doc/admin24/install.html).
For 2.4, it's literally documented in its contrib Makefile. Anyone building it is going to have to read the Makefile to get anywhere to start with.
But generally I'd suggest looking at OpenLDAP 2.5, where argon2 is fully integrated in with configure:
./configure --help | grep argon --enable-argon2 Argon2 password hashing module no|yes [no] --with-argon2 with argon2 support library auto|libsodum|libargon2 [auto]
--Quanah
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #8 from Michael Ströder michael@stroeder.com --- On 4/6/21 5:42 PM, openldap-its@openldap.org wrote:
./configure --help | grep argon --enable-argon2 Argon2 password hashing module no|yes [no] --with-argon2 with argon2 support library auto|libsodum|libargon2
"libsodum" is probably a typo.
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #9 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to Michael Ströder from comment #8)
On 4/6/21 5:42 PM, openldap-its@openldap.org wrote:
./configure --help | grep argon --enable-argon2 Argon2 password hashing module no|yes [no] --with-argon2 with argon2 support library auto|libsodum|libargon2
"libsodum" is probably a typo.
Fixed thanks. ;)
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #10 from gilbert.kowarzyk@servicenow.com --- (In reply to Quanah Gibson-Mount from comment #7)
(In reply to gilbert.kowarzyk from comment #6)
I was not able to find documentation listing `libsodium` and `libargon2` as being both supported when building slapd, only some references in the building scripts. On the topic of documentation, it could be beneficial to explain that this choice is available, and maybe a short explanation of why one would pick one over the other. Some of the supported libraries are listed here (https://openldap.org/doc/admin24/install.html).
For 2.4, it's literally documented in its contrib Makefile. Anyone building it is going to have to read the Makefile to get anywhere to start with.
But generally I'd suggest looking at OpenLDAP 2.5, where argon2 is fully integrated in with configure:
./configure --help | grep argon --enable-argon2 Argon2 password hashing module no|yes [no] --with-argon2 with argon2 support library auto|libsodum|libargon2 [auto]
--Quanah
For 2.4, I looked here:
- https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_4_58/contrib/RE... - https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_4_58/contrib/sl... - https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_4_58/contrib/sl... - https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_4_58/contrib/sl...
and I did not find a mention for libsodium v.s. libargon2.
I did not search for 2.5, but I searched in the `master` branch using:
- `grep -R -i libsodium .` - `grep -R -i libargon2 .`
and was not able to find any documentation references of libargon2 v.s. libsodium support (or the why one would pick one over the other). I was able to find a references in the build scripts (e.g. the `./configure` file mentioned), but no information in the documentation.
Unless I am looking in the wrong places (which is very possible), I think it would be beneficial to provide this information in the documentation of the project (particularly for people external to the project). Finding up-to-date documentation has been a bit of a challenge so far (from my external point of view).
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #11 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to gilbert.kowarzyk from comment #10)
I did not search for 2.5, but I searched in the `master` branch using:
- `grep -R -i libsodium .`
- `grep -R -i libargon2 .`
and was not able to find any documentation references of libargon2 v.s. libsodium support (or the why one would pick one over the other). I was able to find a references in the build scripts (e.g. the `./configure` file mentioned), but no information in the documentation.
Feel free to submit a new bug about updating the slappw-argon2.5 with relevant information on what the differences are, similar to how the differences between OpenSSL and GnuTLS are documented.
Patches welcome.
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #12 from Michael Ströder michael@stroeder.com --- IMHO slapd should simply fail to start in case 1. it is linked against libsodium 2. and argon2.so is load with parameter with p>=1
Because this is a config error it should log a clear error message at config log level.
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #13 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to Michael Ströder from comment #12)
IMHO slapd should simply fail to start in case
- it is linked against libsodium
- and argon2.so is load with parameter with p>=1
Because this is a config error it should log a clear error message at config log level.
Feel free to file a bug on that as well.
The man page still needs updating since it documents p without noting it's limited to builds linked to libargon2.
https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #14 from Michael Ströder michael@stroeder.com --- (In reply to Quanah Gibson-Mount from comment #13)
(In reply to Michael Ströder from comment #12)
IMHO slapd should simply fail to start in case
Feel free to file a bug on that as well.
See ITS#9520
https://bugs.openldap.org/show_bug.cgi?id=9517
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS Assignee|quanah@openldap.org |ondra@mistotebe.net
--- Comment #15 from Quanah Gibson-Mount quanah@openldap.org --- https://git.openldap.org/openldap/openldap/-/merge_requests/318
https://bugs.openldap.org/show_bug.cgi?id=9517
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED
--- Comment #16 from Quanah Gibson-Mount quanah@openldap.org --- • 8b353df0 by Ondřej Kuzník at 2021-04-14T18:17:59+01:00 ITS#9517 Add module args support to slappaswd and relevant docs
https://bugs.openldap.org/show_bug.cgi?id=9517
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org