Bind Keys to Version and Purpose

[paragonie-security]

https://github.com/peter-evans/paseto-lua/blob/400f2bdd3eec0099bb354006e615831b341ba781/paseto/v2.lua#L174-L184

https://github.com/peter-evans/paseto-lua/blob/400f2bdd3eec0099bb354006e615831b341ba781/paseto/v2.lua#L219

https://github.com/peter-evans/paseto-lua/blob/400f2bdd3eec0099bb354006e615831b341ba781/paseto/v2.lua#L255

See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md

Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local key.

[peter-evans]

Hi @paragonie-security

I read the section about procedural languages here: https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md#procedural-languages

Just to clarify, the API calls to generate a key should return a struct (table in the case of Lua) containing the key, version and purpose, which is then checked when used in further API calls?

While this would stop someone making a silly mistake while using the API, it wouldn't be able to stop anyone from deliberately modifying the table before using it in other API calls. Am I missing something?

[paragonie-security]

The intention is to prevent accidental misuse, rather than malice. If someone is deliberately modifying the table before using it, they're making an intentional choice to do so.

There may be other mechanisms that work for procedural languages. Storing a prefix byte that's distinct for a given (version, purpose) on the key object may be sufficient if a table/struct is not. That section may need more fleshing out. :)

[paragonie-security]

Is this clearer and more helpful?

https://github.com/paseto-standard/paseto-spec/commit/2614b8a1e5f44529b75517ac91acc12124a385ff

[peter-evans]

Yes, thank you. I'll have a look at changing this to store and check a prefix byte.