# HG changeset patch # User Matthew Wild # Date 1656086608 -3600 # Node ID 26a004c96ef8138b644455abdf38dda922ecb8e3 # Parent 7c5afbdcbc77ec7380effa5f978008ebf45d746f util.paseto: Implementation of PASETO v4.public tokens PASETO provides an alternative to JWT with the promise of fewer implementation pitfalls. The v4.public algorithm allows asymmetric cryptographically-verified token issuance and validation. In summary, such tokens can be issued by one party and securely verified by any other party independently using the public key of the issuer. This has a number of potential applications in a decentralized network and ecosystem such as XMPP. For example, such tokens could be combined with XEP-0317 to allow hats to be verified even in the context of a third-party MUC service. diff -r 7c5afbdcbc77 -r 26a004c96ef8 util/paseto.lua --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/util/paseto.lua Fri Jun 24 17:03:28 2022 +0100 @@ -0,0 +1,123 @@ +local crypto = require "util.crypto"; +local json = require "util.json"; +local base64_encode = require "util.encodings".base64.encode; +local base64_decode = require "util.encodings".base64.decode; +local secure_equals = require "util.hashes".equals; +local bit = require "util.bitcompat"; +local s_pack = require "util.struct".pack; + +local s_gsub = string.gsub; + +local pubkey_methods = {}; +local privkey_methods = {}; + +local v4_public_pubkey_mt = { __index = pubkey_methods }; +local v4_public_privkey_mt = { __index = privkey_methods }; +local v4_public = {}; + +local b64url_rep = { ["+"] = "-", ["/"] = "_", ["="] = "", ["-"] = "+", ["_"] = "/" }; +local function b64url(data) + return (s_gsub(base64_encode(data), "[+/=]", b64url_rep)); +end +local function unb64url(data) + return base64_decode(s_gsub(data, "[-_]", b64url_rep).."=="); +end + +local function le64(n) + return s_pack("