Add support for encrypted sessions with CryptX

[kraih]

SUSE Hack Week has started, so this is my first proposal for sessions with encrypted cookies. I've tried to stay as close to the mojo.js implementation as possible. To address #2200 i've also added a Mojo::Util::generate_secret function.

The feature is only available if CryptX is installed, and needs to be enabled with $app->sessions->encrypted(1).

[kraih]

As an alternative i will now look into using JWT for the rest of Hack Week.

[latk]

The encryption part looks reasonably sound. 👍

AES-GCM is a slightly dated but reasonable choice and seems to be used correctly here. Alternatively, the more modern ChaCha20-Poly1305 could be used.

However, the signed cookie mechanism remains insecure, so the fixes in #2200 would remain valuable.

Also, the unnecessary repeated invocations of PBKDF2 are a major performance problem. This value should likely be cached at application startup.

(PBKDF2 itself is no longer a state of the art key derivation function, and the default cost parameter of 5000 is a 2005-era security choice. But its use here seems acceptable as we only need key-stretching, not cracking-resistant password hashes.)

[kraih]

I've switched to ChaCha20-Poly1305.

[kraih]

My experiments with JWT today have been rather disappointing. Primary focus for most modules seems to be JWS and not JWE, and i've run into more than a few inconsistencies and errors. Also the cookies end up much larger for the simple user login case, which i consider the most common use.

So i expect this PR to end up as my main proposal for a new sessions implementation.

[jberger]

I'm a bit late but 👍

[guest20]

Will this be able to automatically upgrade existing, signed but non-encrypted sessions or does everybody have to log in again?

[kraih]

Everybody has to log in again (once it has been manually enabled for the app).