7 releases (breaking)
0.7.0 | Nov 7, 2024 |
---|---|
0.6.0 | Oct 8, 2024 |
0.5.0 | Sep 17, 2024 |
0.4.0 | Aug 19, 2024 |
0.1.0 | Sep 7, 2023 |
#674 in Cryptography
133 downloads per month
210KB
5K
SLoC
macarunes
This library provides an implementation of Macaroons. For an introduction to macaroons, check out the paper, or the Python README.
Assumptions
-
We rely upon the type system to provide memory safety. Secrets are scrubbed after use, but there's no guarantee the linker won't optimize away such code. Until an end-to-end solution emerges in the Rust compiler, it won't be possible to guarantee secrets don't leak in the presence of memory vulnerability.
-
This library relies upon the determinism of the protocol buffers code. This is guaranteed by prototk.
-
Intentionally restrictive language compared to the Python implementation. The only cases you need in the core library are to make exact comparisons (which are born out as format strings), to set an expiration, or to use a third-party caveat that enforces some arbitrary predicate before the discharge macaroon is granted.
Third-Party Macaroons
This is the algorithm for satisfying third-party secrets:
- Obtain
signature
from the macaroon to which we want to add a third-party caveat. - Make an RPC to the third-party that exchanges
signature
for aThirdPartySecret
. - Call
Macaroon.add_third_party(location, identifier, third_party_secret)
.
About Locations
A location is a hint that is not part of the macaroons's signature. The library does this intentionally as the paper suggests that only keys speak.
For that reason, locations should be treated as hints that give a plain-text
description of how to use the endpoint. The location in the macaroon is not
the endpoint for discharge; it's a opaque identifier that the RequestBuilder
will iterate over.
For each third party, a Loader should be developed that negotiates the protocol to get discharge macaroons. A location that's not known to a client cannot be trusted. Given that we have to trust servers that give us macaroons, this is not a compromise or limitation.
Status
Active development.
Scope
This library should provide a verifier and a client-side library.
Warts
- This library is under-used and will see active development in the future.
Documentation
The latest documentation is always available at docs.rs.
Dependencies
~3.5–5.5MB
~73K SLoC