Open paragonie-security opened 3 years ago
Hi @paragonie-security
I read the section about procedural languages here: https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md#procedural-languages
Just to clarify, the API calls to generate a key should return a struct (table in the case of Lua) containing the key, version and purpose, which is then checked when used in further API calls?
While this would stop someone making a silly mistake while using the API, it wouldn't be able to stop anyone from deliberately modifying the table before using it in other API calls. Am I missing something?
The intention is to prevent accidental misuse, rather than malice. If someone is deliberately modifying the table before using it, they're making an intentional choice to do so.
There may be other mechanisms that work for procedural languages. Storing a prefix byte that's distinct for a given (version, purpose) on the key object may be sufficient if a table/struct is not. That section may need more fleshing out. :)
Is this clearer and more helpful?
https://github.com/paseto-standard/paseto-spec/commit/2614b8a1e5f44529b75517ac91acc12124a385ff
Yes, thank you. I'll have a look at changing this to store and check a prefix byte.
https://github.com/peter-evans/paseto-lua/blob/400f2bdd3eec0099bb354006e615831b341ba781/paseto/v2.lua#L174-L184
https://github.com/peter-evans/paseto-lua/blob/400f2bdd3eec0099bb354006e615831b341ba781/paseto/v2.lua#L219
https://github.com/peter-evans/paseto-lua/blob/400f2bdd3eec0099bb354006e615831b341ba781/paseto/v2.lua#L255
See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md
Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local key.