Bind Keys to Purpose - Githubissues

authenticvision / libpaseto

C implementation of Platform-Agnostic Security Tokens (PASETO)

https://paseto.io

BSD 3-Clause "New" or "Revised" License

22 stars 2 forks source link

Bind Keys to Purpose #7

Open paragonie-security opened 2 years ago

paragonie-security commented 2 years ago

https://github.com/authenticvision/libpaseto/blob/e8bc52effb38027db125024d6dc7f20b86228983/src/paseto_v2_local.c#L137

https://github.com/authenticvision/libpaseto/blob/e8bc52effb38027db125024d6dc7f20b86228983/src/paseto_v2_public.c#L127

See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md

Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local key.

It may also be a good idea to bind keys to a version, in case you want to support v4 tokens too.

minus7 commented 2 years ago

Ack, although I don't have time to work on this at the moment. Patches welcome.

The simplest implementation would probably be a struct type per key type (local/public/secret) that includes the version or even a type per version. Key loaders can then also implement PASERK formats linked in the guide and do away with the pretty arbitrary formats used now.

Changing this will break the API and thus be something for a 2.0 release.

paragonie-security commented 2 years ago

Thanks for your timely response. We'll look into sending a PR (the code delta between V2 and V4 isn't significant with libsodium).

paragonie-security commented 2 years ago

We drafted a PR in #8 that should solve this issue.

If accepted, we intend to follow-up with a PASETO V4 implementation soon after.