Algorithm Lucidity - Githubissues

authenticvision / libpaseto

C implementation of Platform-Agnostic Security Tokens (PASETO)

https://paseto.io

BSD 3-Clause "New" or "Revised" License

22 stars 2 forks source link

Algorithm Lucidity #8

Open paragonie-security opened 2 years ago

paragonie-security commented 2 years ago

This wraps keys into a struct, which has a header flag. This flag is checked at runtime.

KeyHeader is an enum. The least significant bit holds purpose (Local = 0, Public = 1); the remaining are reserved for the version. This results in the following pattern:

V1_LOCAL = 2
V1_PUBLIC = 3
V2_LOCAL = 4
V2_PUBLIC = 5
V3_LOCAL = 6
V3_PUBLIC = 7
V4_LOCAL = 8
V4_PUBLIC = 9
...

See #7

paragonie-security commented 2 years ago

(This is a draft until we're confident that we didn't screw anything up.)

minus7 commented 2 years ago

Thanks for the PR. Here's some feedback:

The key structs should be prefixed with paseto_ additionally and typedefs shoud be avoided (they save the user typing the word "struct" at the cost of some clarity).
The KeyHeader enum should also be prefixed (type and its values). Preferably it should also use snake_case.
The key struct should be passed as a pointer everywhere, especially important for key loading