Widen public key fingerprints

To safely use them in pinning and forgetting about possible collisions.

diff --git a/go/cm/cmd/enctool/main.go b/go/cm/cmd/enctool/main.go
index a6e6ef2986c7dcbee3d6fc4660318c93a341414dc7e4f3bcce7fecd715b49b50..3dbf2d3b5d0d6675585e20b475c83c5b2ada2048d16e790fd5faddcfe069a343 100644 (file)
--- a/go/cm/cmd/enctool/main.go
+++ b/go/cm/cmd/enctool/main.go
@@ -157,7 +157,7 @@ func main() {
 
        fdPubR := os.NewFile(FdPubR, "pub-in")
        var pubs []cm.AV
-       var pubIds []uuid.UUID
+       var pubIds [][]byte
        if data, err := io.ReadAll(fdPubR); err == nil {
                for len(data) > 0 {
                        var signed *sign.Signed
@@ -259,7 +259,7 @@ func main() {
                                if kem.Encap == nil {
                                        log.Fatalln("missing encap")
                                }
-                               if len(*kem.Encap) != sntrup4591761.CiphertextSize+32 {
+                               if len(kem.Encap) != sntrup4591761.CiphertextSize+32 {
                                        log.Fatalln("invalid encap len")
                                }
                                for _, prv := range prvs {
@@ -280,7 +280,7 @@ func main() {
                                                log.Fatal(err)
                                        }
                                        var theirSNTRUP sntrup4591761.Ciphertext
-                                       copy(theirSNTRUP[:], *kem.Encap)
+                                       copy(theirSNTRUP[:], kem.Encap)
                                        keySNTRUP, eq := sntrup4591761.Decapsulate(&theirSNTRUP, &ourSNTRUP)
                                        if eq != 1 {
                                                log.Println("can not KEM, skipping")
@@ -288,7 +288,7 @@ func main() {
                                        }
                                        var theirX25519 *ecdh.PublicKey
                                        theirX25519, err = x25519.NewPublicKey(
-                                               (*kem.Encap)[sntrup4591761.CiphertextSize:],
+                                               kem.Encap[sntrup4591761.CiphertextSize:],
                                        )
                                        if err != nil {
                                                log.Fatal(err)
@@ -304,7 +304,7 @@ func main() {
                                                        ourX25519.PublicKey().Bytes()...,
                                                )
                                                ikm := bytes.Join([][]byte{
-                                                       *kem.Encap, pub,
+                                                       kem.Encap, pub,
                                                        keySNTRUP[:], keyX25519,
                                                }, []byte{})
                                                var prk []byte
@@ -347,7 +347,7 @@ func main() {
                                if kem.Encap == nil {
                                        log.Fatalln("missing encap")
                                }
-                               if len(*kem.Encap) != mceliece6960119.CiphertextSize+32 {
+                               if len(kem.Encap) != mceliece6960119.CiphertextSize+32 {
                                        log.Fatalln("invalid encap len")
                                }
                                for _, prv := range prvs {
@@ -370,7 +370,7 @@ func main() {
                                        if err != nil {
                                                log.Fatal(err)
                                        }
-                                       theirMcEliece := (*kem.Encap)[:len(*kem.Encap)-32]
+                                       theirMcEliece := (kem.Encap)[:len(kem.Encap)-32]
                                        var keyMcEliece []byte
                                        keyMcEliece, err = mceliece6960119.Decapsulate(ourMcEliece, theirMcEliece)
                                        if err != nil {
@@ -378,7 +378,7 @@ func main() {
                                        }
                                        var theirX25519 *ecdh.PublicKey
                                        theirX25519, err = x25519.NewPublicKey(
-                                               (*kem.Encap)[len(*kem.Encap)-32:],
+                                               (kem.Encap)[len(kem.Encap)-32:],
                                        )
                                        if err != nil {
                                                log.Fatal(err)
@@ -400,7 +400,7 @@ func main() {
                                                        ourX25519.PublicKey().Bytes()...,
                                                )
                                                ikm := bytes.Join([][]byte{
-                                                       *kem.Encap, pub,
+                                                       kem.Encap, pub,
                                                        keyMcEliece, keyX25519,
                                                }, []byte{})
                                                var prk []byte
@@ -479,7 +479,7 @@ func main() {
                        rand.Read(bSalt)
                        kem := cmenc.KEM{
                                A:    cmballoon.BalloonBLAKE2bHKDF,
-                               Salt: &bSalt,
+                               Salt: bSalt,
                                BalloonCost: &ballooncost.Cost{
                                        S: uint64(*balloonS),
                                        T: uint64(*balloonT),
@@ -543,7 +543,7 @@ func main() {
                                }
                                kem := cmenc.KEM{A: sntrup4591761x25519.SNTRUP4591761X25519HKDFBLAKE2b}
                                encap := append(ciphertext[:], ourPubX25519.Bytes()...)
-                               kem.Encap = &encap
+                               kem.Encap = encap
                                {
                                        ikm := bytes.Join([][]byte{
                                                encap, pub.V,
@@ -572,7 +572,7 @@ func main() {
                                        kem.CEK = cekp.Bytes()
                                }
                                if *includeTo {
-                                       kem.To = &pubIds[pubId]
+                                       kem.To = pubIds[pubId]
                                }
                                kems = append(kems, kem)
                        case mceliece6960119x25519.ClassicMcEliece6960119X25519:
@@ -611,7 +611,7 @@ func main() {
                                }
                                kem := cmenc.KEM{A: mceliece6960119x25519.ClassicMcEliece6960119X25519HKDFSHAKE256}
                                encap := append(ciphertext[:], ourPubX25519.Bytes()...)
-                               kem.Encap = &encap
+                               kem.Encap = encap
                                {
                                        ikm := bytes.Join([][]byte{
                                                encap, pub.V,
@@ -640,7 +640,7 @@ func main() {
                                        kem.CEK = cekp.Bytes()
                                }
                                if *includeTo {
-                                       kem.To = &pubIds[pubId]
+                                       kem.To = pubIds[pubId]
                                }
                                kems = append(kems, kem)
                        default:

diff --git a/go/cm/cmd/keytool/main.go b/go/cm/cmd/keytool/main.go
index d6a000f34ccf11f356bcd7303d4a70990fe87346957c1dbd36f40bb26c7b7633..4e1ee1ff0d3f1f3454d3bd9c5588dd8353347b2d061538605ab51445f26518b0 100644 (file)
--- a/go/cm/cmd/keytool/main.go
+++ b/go/cm/cmd/keytool/main.go
@@ -28,7 +28,6 @@ import (
        "strings"
        "time"
 
-       "github.com/google/uuid"
        "go.cypherpunks.su/keks"
        "go.cypherpunks.su/keks/cm"
        mceliece6960119x25519 "go.cypherpunks.su/keks/cm/enc/mceliece6960119-x25519"
@@ -214,7 +213,7 @@ func main() {
                        if err != nil {
                                log.Fatal(err)
                        }
-                       pubLoad.Id, err = uuid.NewRandomFromReader(bytes.NewReader(hasher.Sum(nil)))
+                       pubLoad.Id = hasher.Sum(nil)
                        if err != nil {
                                log.Fatal(err)
                        }

diff --git a/go/cm/cmd/sigtool/basic.t b/go/cm/cmd/sigtool/basic.t
index 0cab904d610c32f4c37109cf42ef6f7c5354940d7c5e5353edeb580415cc6dbc..5423395efee513c27c6aec34be3f4da9c2ecab4dac21a0849d9cdbbf7a4ae303 100755 (executable)
--- a/go/cm/cmd/sigtool/basic.t
+++ b/go/cm/cmd/sigtool/basic.t
@@ -15,8 +15,10 @@ test_expect_success "$keyalgo: pub generation" "cmkeytool \
     -algo $keyalgo -ku sig $sub \
     5>$TMPDIR/sign.$keyalgo.pub 9>$TMPDIR/sign.$keyalgo.prv"
 dd if=/dev/urandom of=$TMPDIR/sign.$keyalgo.data bs=300K count=1 2>/dev/null
-encTo="-encrypted-to $(uuidgen)"
-badEncTo="-encrypted-to $(uuidgen)"
+encTo=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -c 0 -p)
+badEncTo=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -c 0 -p)
+encTo="-encrypted-to $encTo"
+badEncTo="-encrypted-to $badEncTo"
 
 for merkle in "" "-merkle" ; do
 
@@ -44,11 +46,11 @@ test_expect_success "$algo: detached verifying" \
     "cat $TMPDIR/sign.$algo.detached.sig $TMPDIR/sign.$keyalgo.data |
         cmsigtool -detached -verify -type $typ 4<$TMPDIR/sign.$keyalgo.pub"
 test_expect_success "$algo: differing type" "! cmsigtool -detached \
-    -verify -pub 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+    -verify 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
 test_expect_success "$algo: good encTo" "! cmsigtool -detached \
-    -verify -pub $encTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+    -verify $encTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
 test_expect_success "$algo: bad encTo" "! cmsigtool -detached \
-    -verify -pub $badEncTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+    -verify $badEncTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
 
 done
 

diff --git a/go/cm/cmd/sigtool/main.go b/go/cm/cmd/sigtool/main.go
index defdcb29201475b2a8dbc90ff28d27ae32eef06832ee6f9e081e559e4d60b6e0..8e82e346eea0124eab7b5f18747dc14224db4cf07ae22770d419f5e75c033549 100644 (file)
--- a/go/cm/cmd/sigtool/main.go
+++ b/go/cm/cmd/sigtool/main.go
@@ -18,16 +18,14 @@ package main
 import (
        "bufio"
        "bytes"
+       "encoding/hex"
        "flag"
        "hash"
        "io"
        "log"
        "os"
-       "slices"
        "time"
 
-       "github.com/google/uuid"
-
        "go.cypherpunks.su/keks"
        cmhash "go.cypherpunks.su/keks/cm/hash"
        "go.cypherpunks.su/keks/cm/sign"
@@ -55,9 +53,9 @@ func main() {
        flag.Usage = usage
        typ := flag.String("type", "data", "Set/check the load type")
        verify := flag.Bool("verify", false, "Do verification")
-       var encryptedTo []uuid.UUID
-       flag.Func("encrypted-to", "Set/check encrypted-to, UUID", func(v string) error {
-               to, err := uuid.Parse(v)
+       var encryptedTo [][]byte
+       flag.Func("encrypted-to", "Set/check encrypted-to, hex", func(v string) error {
+               to, err := hex.DecodeString(v)
                if err != nil {
                        return err
                }
@@ -156,10 +154,12 @@ func main() {
                                log.Fatal("missing encrypted-to")
                        }
                        found := false
-                       for _, to := range *sig.TBS.EncryptedTo {
-                               if slices.Contains(encryptedTo, to) {
-                                       found = true
-                                       break
+                       for _, their := range sig.TBS.EncryptedTo {
+                               for _, our := range encryptedTo {
+                                       if bytes.Equal(our, their) {
+                                               found = true
+                                               break
+                                       }
                                }
                        }
                        if !found {
@@ -228,9 +228,7 @@ func main() {
                        when := time.Now().UTC().Truncate(time.Millisecond)
                        sigTbs.When = &when
                }
-               if len(encryptedTo) > 0 {
-                       sigTbs.EncryptedTo = &encryptedTo
-               }
+               sigTbs.EncryptedTo = encryptedTo
                if err = signed.SignWith(pub.PubLoad(), signer, sigTbs); err != nil {
                        log.Fatal(err)
                }

diff --git a/go/cm/enc/balloon/decap.go b/go/cm/enc/balloon/decap.go
index 5aa9c56254bb0b1f1341ee1ee64f24ac81c36dfae119a3d882eac94e15ee94eb..b37acffb6a74bfb2e3a9b5687223085299448ac06487bad10dd52cd19c547eb1 100644 (file)
--- a/go/cm/enc/balloon/decap.go
+++ b/go/cm/enc/balloon/decap.go
@@ -42,7 +42,7 @@ func blake2bHash() hash.Hash {
 }
 
 func Decapsulate(kem cmenc.KEM, encSalt, passphrase []byte) (cek []byte, err error) {
-       if kem.Salt == nil {
+       if len(kem.Salt) == 0 {
                return nil, errors.New("missing salt")
        }
        if kem.BalloonCost == nil {
@@ -54,7 +54,7 @@ func Decapsulate(kem cmenc.KEM, encSalt, passphrase []byte) (cek []byte, err err
                balloon.H(
                        blake2bHash,
                        passphrase,
-                       *kem.Salt,
+                       kem.Salt,
                        int(kem.BalloonCost.S),
                        int(kem.BalloonCost.T),
                        int(kem.BalloonCost.P),

diff --git a/go/cm/enc/enc.go b/go/cm/enc/enc.go
index 2a84f5c63c00f625c0f2606ed661d5bc68a9b2fa16a32be1bc7e6ebd74135e51..4ec157d8d6dbbac78614d60978ff2e0bfe9d855006ee3f6fb1dd75689542ad8e 100644 (file)
--- a/go/cm/enc/enc.go
+++ b/go/cm/enc/enc.go
@@ -3,9 +3,8 @@ package encrypted
 import "github.com/google/uuid"
 
 type Encrypted struct {
-       DEM  DEM       `keks:"dem"`
-       KEM  []KEM     `keks:"kem"`
-       Salt uuid.UUID `keks:"salt"`
-
-       Payload []byte `keks:"payload,omitempty"`
+       DEM     DEM       `keks:"dem"`
+       KEM     []KEM     `keks:"kem"`
+       Payload []byte    `keks:"payload,omitempty"`
+       Salt    uuid.UUID `keks:"salt"`
 }

diff --git a/go/cm/enc/kem.go b/go/cm/enc/kem.go
index 94a7a95cb18dded434f8a19128ef3715bf6f6b8a076077ee80d2c776f59fbbb0..bb4a3b4c535cda870fbb12a9f3e4581488dd7c5855bbf7537b5eb035a7af9e61 100644 (file)
--- a/go/cm/enc/kem.go
+++ b/go/cm/enc/kem.go
@@ -1,8 +1,6 @@
 package encrypted
 
 import (
-       "github.com/google/uuid"
-
        balloon "go.cypherpunks.su/keks/cm/enc/balloon/cost"
 )
 
@@ -12,13 +10,13 @@ const (
 )
 
 type KEM struct {
-       A   string     `keks:"a"`
-       CEK []byte     `keks:"cek"`
-       To  *uuid.UUID `keks:"to,omitempty"`
+       A   string `keks:"a"`
+       CEK []byte `keks:"cek"`
+       To  []byte `keks:"to,omitempty"`
 
        // balloon-blake2b-hkdf related
        BalloonCost *balloon.Cost `keks:"cost,omitempty"`
-       Salt        *[]byte       `keks:"salt,omitempty"`
+       Salt        []byte        `keks:"salt,omitempty"`
 
-       Encap *[]byte `keks:"encap,omitempty"`
+       Encap []byte `keks:"encap,omitempty"`
 }

diff --git a/go/cm/sign/ed25519-blake2b/signer.go b/go/cm/sign/ed25519-blake2b/signer.go
index 8e992a73575b3e15bceb48964a3acaeb2811daec9bb45c607f04c5178a67c1e1..9dcccda2386105a026c89123350d00dfabbef99c6b51824169b420d6e24253c7 100644 (file)
--- a/go/cm/sign/ed25519-blake2b/signer.go
+++ b/go/cm/sign/ed25519-blake2b/signer.go
@@ -31,8 +31,8 @@ import (
 
 type Signer struct {
        Prv       *ed25519.PrivateKey
-       mode      mode.Mode
        prehasher *hash.Hash
+       mode      mode.Mode
 }
 
 func (s *Signer) SetMode(m mode.Mode) error {

diff --git a/go/cm/sign/pub.go b/go/cm/sign/pub.go
index 4c76131ab6451f9112b21933c33b453ea46302e72136680ff241c9c5bd1d4f34..64703d9a37a8614f400749c73bd4230ad4f162f1c04f598ded1090d38113b1b5 100644 (file)
--- a/go/cm/sign/pub.go
+++ b/go/cm/sign/pub.go
@@ -35,6 +35,7 @@ const (
        KUSig    = "sig" // Signing-capable key usage
        KUKEM    = "kem" // Key-encapsulation-mechanism key usage
        PubMagic = keks.Magic("cm/pub")
+       FPRLen   = 32 // fingerprint's length
 )
 
 var (
@@ -48,7 +49,7 @@ type PubLoad struct {
        Sub  map[string]string     `keks:"sub"`
        Crit *[]map[string]any     `keks:"crit,omitempty"`
        Pub  []cm.AV               `keks:"pub"`
-       Id   uuid.UUID             `keks:"id"`
+       Id   []byte                `keks:"id"`
 }
 
 // Parse Signed contents as PubLoad (certificate) and check its
@@ -105,8 +106,8 @@ func (signed *Signed) PubParse() error {
        if len(load.Pub) == 0 {
                return errors.New("PubParse: empty pub")
        }
-       if load.Id == uuid.Nil {
-               return errors.New("PubParse: empty id")
+       if len(load.Id) != FPRLen {
+               return errors.New("PubParse: invalid id len")
        }
        for _, pub := range load.Pub {
                if len(pub.A) == 0 || len(pub.V) == 0 {
@@ -250,7 +251,7 @@ func (signed *Signed) CertificationCheckSignatureFrom(
                return
        }
        sig := signed.Sigs[0]
-       if sig.TBS.SID != parent.Id {
+       if !bytes.Equal(sig.TBS.SID, parent.Id) {
                err = errors.New("sid != parent pub id")
                return
        }
@@ -305,19 +306,20 @@ func (signed *Signed) CertificationVerify(pubs []*Signed, t time.Time) (err erro
                }
        }
        sid := signed.Sigs[0].TBS.SID
-       if sid == signed.PubLoad().Id {
+       if bytes.Equal(sid, signed.PubLoad().Id) {
                return signed.CertificationCheckSignatureFrom(signed.PubLoad(), nil)
        }
-       idToPub := make(map[uuid.UUID]*Signed, len(pubs))
+       type FPR [FPRLen]byte
+       idToPub := make(map[FPR]*Signed, len(pubs))
        for _, cer := range pubs {
                pubLoad := cer.PubLoad()
                if !pubLoad.Can(KUSig) || len(pubLoad.Pub) != 1 {
                        err = errors.New("pub can not sign")
                        return
                }
-               idToPub[pubLoad.Id] = cer
+               idToPub[FPR(pubLoad.Id)] = cer
        }
-       signer := idToPub[sid]
+       signer := idToPub[FPR(sid)]
        if signer == nil {
                err = fmt.Errorf("no pub found for sid: %v", signed.Sigs[0].TBS.SID)
                return

diff --git a/go/cm/sign/signed.go b/go/cm/sign/signed.go
index e0d8399c7c0bad5c26133ee4cbd4d40de17e82d4450767706ba98d31f0063a32..cd7ec500eb161255d22556652d0012491e1101fd42d46a0eedefbb2b293c8a91 100644 (file)
--- a/go/cm/sign/signed.go
+++ b/go/cm/sign/signed.go
@@ -45,8 +45,8 @@ type SigTBS struct {
        CID         *uuid.UUID   `keks:"cid,omitempty"`
        Exp         *[]time.Time `keks:"exp,omitempty"`
        When        *time.Time   `keks:"when,omitempty"`
-       EncryptedTo *[]uuid.UUID `keks:"encrypted-to,omitempty"`
-       SID         uuid.UUID    `keks:"sid"`
+       EncryptedTo [][]byte     `keks:"encrypted-to,omitempty"`
+       SID         []byte       `keks:"sid"`
 }
 
 type Sig struct {

diff --git a/spec/cm/encrypted.cddl b/spec/cm/encrypted.cddl
index 67e5a93141af7b13e984b15c2757b63197e1c612d5c55f04780725de7585713c..cdb65963c40f651ed9d03eca484db83a456b911b59cc622a2ad413ddc2e48771 100644 (file)
--- a/spec/cm/encrypted.cddl
+++ b/spec/cm/encrypted.cddl
@@ -35,24 +35,26 @@ kem-balloon-blake2b-hkdf = {
     salt: bytes,
 }
 
+fpr = bytes .size 32
+
 kem-gost3410-hkdf-kexp15 = {
     a: "gost3410-hkdf-kexp15",
     cek: bytes,
     ukm: bytes,
     pub: bytes,
-    ? to: uuid, ; recipient's public key id
+    ? to: fpr, ; recipient's public key fingerprint
 }
 
 kem-sntrup4591761-x25519-hkdf-blake2b = {
     a: "sntrup4591761-x25519-hkdf-blake2b",
     cek: bytes,
     encap: bytes,
-    ? to: uuid, ; recipient's public key id
+    ? to: fpr, ; recipient's public key fingerprint
 }
 
 kem-mceliece6960119-x25519-hkdf-shake256 = {
     a: "mceliece6960119-x25519-hkdf-shake256 ",
     cek: bytes,
     encap: bytes,
-    ? to: uuid, ; recipient's public key id
+    ? to: fpr, ; recipient's public key fingerprint
 }

diff --git a/spec/cm/encrypted.texi b/spec/cm/encrypted.texi
index b88da31c3f0d196215504004e6747290fd0ab7da23dd06632a72cd13c05c0e12..b7f4fc5fc5515a35fc6337e5cc1e31ec430ff32f9ba906adbbd2adba88f78c75 100644 (file)
--- a/spec/cm/encrypted.texi
+++ b/spec/cm/encrypted.texi
@@ -24,11 +24,11 @@ contains an encrypted CEK.
 
 If KEM uses public-key based cryptography, then recipient's
 @ref{cm-pub, public key}(s) should be provided, which may lack the
-signatures at all. Optional @code{/kem/*/to}, public key's identifier,
+signatures at all. Optional @code{/kem/*/to}, public key's fingerprint,
 may provide a hint for quickly searching for the key on the recipient's
 side.
 
-@code{/salt} is used in KEMs. Either UUIDv4 or UUIDv7 are recommended.
+@code{/salt} is used in KEMs. UUIDv4 is recommended.
 
 @node cm-encrypted-chacha20poly1305
 @cindex cm-encrypted-chacha20poly1305

diff --git a/spec/cm/pub-load.cddl b/spec/cm/pub-load.cddl
index fd3d96b4541ea894d6c5d2ba87732bde75d41d89da2f64bf0fa1fbac6af66b19..a2cc41817d3160268f018b1bdbc1b40e6e35514fd1a00eb5f4e11cd0cc1f8746 100644 (file)
--- a/spec/cm/pub-load.cddl
+++ b/spec/cm/pub-load.cddl
@@ -1,14 +1,15 @@
 ai = text ; algorithm identifier
 av = {a: ai, v: bytes}
+fpr = bytes .size 32
+ku = "sig" / "kem" / "app-name" / text
 
 cm-pub-load = {
     ? ku: set,
-    id: uuid,
+    id: fpr,
     pub: [+ av],
     sub: {text => text}, ; subject
     ? crit: {+ crit-ext-type => any},
     * text => any
 }
 
-ku = "sig" / "kem" / "app-name" / text
 crit-ext-type = text

diff --git a/spec/cm/pub-sig-tbs.cddl b/spec/cm/pub-sig-tbs.cddl
index 115db0acc34119e4b0fd9fea7c382d54f5ca6ae66adafce8282d1d2134064b2d..31cfef0c01b3826be094c8bde87774babc574b0c8b7a52083b645245a7ef8fec 100644 (file)
--- a/spec/cm/pub-sig-tbs.cddl
+++ b/spec/cm/pub-sig-tbs.cddl
@@ -1,8 +1,8 @@
+validity = [since: tai64, till: tai64]
+
 cm-pub-sig-tbs = {
-    sid: uuid, ; signer's public key id
     cid: uuid, ; certification id
     exp: validity,
+    sid: fpr, ; signer's public key fingerprint
     * text => any
 }
-
-validity = [since: tai64, till: tai64]

diff --git a/spec/cm/pub.texi b/spec/cm/pub.texi
index 7c00ce688e0f6408fe79d1b520cd4b8db81750e8141d824519d1f8daccdda508..20323cf4ee4868175f7f072cc9d4f42c1878b64b7d0afcb0a2bc4b8f6815d988 100644 (file)
--- a/spec/cm/pub.texi
+++ b/spec/cm/pub.texi
@@ -38,14 +38,11 @@ If your keypair is intended for general purposes like signing of
 arbitrary data, then single public key @strong{should} be used, with a
 key usage like "sig".
 
-Each public key contain the key itself, its algorithm identifier and key
-identifier, that @strong{should} be generated as an UUIDv4 based on the
-hash of the key.
-
 @item id
 
-Public key(s)'s identifier @strong{should} be generated as an UUIDv4
-based on the hash of the encoded @code{pub} field.
+Public key(s)'s fingerprint @strong{should} be generated as 256-bit hash
+hash of the encoded @code{pub} field. If not stated otherwise for
+specific algorithm.
 
 @item ku
 Intended public key(s) usage.
@@ -66,7 +63,7 @@ It @strong{must} be absent if empty. Values are extension specific.
 @table @code
 
 @item sid
-Signing public key identifier.
+Signing public key's fingerprint.
 
 @item cid
 Certification unique identifier. UUIDv7 is a good choice. But it may be
@@ -85,7 +82,7 @@ Example minimal certified public key may look like:
     "load": {
         "t": "pub",
         "v": {
-            "id": UUID(hash(pub)),
+            "id": hash(pub),
             "pub": [{"a": "gost3410-256A", "v"}],
             "sub": {"n": "test"},
         },
@@ -93,7 +90,7 @@ Example minimal certified public key may look like:
     "sigs": [{
         "tbs": {
             "cid": UUID(certification id),
-            "sid": UUID(signer's pkid),
+            "sid": signer's pkid,
             "exp": [TAI64, TAI64],
         },
         "sign": {"a": "gost3410-256A", "v": 'signature'},
@@ -113,7 +110,7 @@ in @code{BE(X)||BE(Y)} format.
 Algorithm identifiers for the public key: @code{gost3410-256A},
 @code{gost3410-512C}.
 
-Public key's identifier should be calculated using big-endian
+Public key's fingerprint should be calculated using big-endian
 Streebog-256 hash.
 
 @node cm-pub-ed25519-blake2b
@@ -124,10 +121,10 @@ Streebog-256 hash.
 Same calculation and serialisation rules must be used as with
 @code{@ref{cm-signed-ed25519-blake2b}}.
 
-Public key's identifier should be calculated using BLAKE2b hash with 128
-or 256 bit output length specified.
+Public key's fingerprint should be calculated using BLAKE2b hash with
+256 bit output length specified.
 
-Algorithm identifier for the public key: @code{ed25519ph-blake2b}.
+Algorithm identifier for the public key: @code{ed25519-blake2b}.
 
 @node cm-pub-sntrup4591761-x25519
 @cindex cm-pub-sntrup4591761-x25519
@@ -141,8 +138,8 @@ Its algorithm identifier is @code{sntrup4591761-x25519}. Its public key
 value is a concatenation of 1218-byte SNTRUP4591761 public key and
 32-byte X25519 one.
 
-Public key's identifier should be calculated using BLAKE2b hash with 128
-or 256 bit output length specified.
+Public key's fingerprint should be calculated using BLAKE2b hash with
+256 bit output length specified.
 
 @node cm-pub-mceliece6960119-x25519
 @cindex cm-pub-mceliece6960119-x25519
@@ -156,5 +153,4 @@ Its algorithm identifier is @code{mceliece6960119-x25519}. Its public key
 value is a concatenation of 1047319-byte @code{mceliece6960119} public key
 and 32-byte X25519 one.
 
-Public key's identifier should be calculated using either SHAKE128 or
-SHAKE256 hash.
+Public key's fingerprint should be calculated using SHAKE128.

diff --git a/spec/cm/signed.cddl b/spec/cm/signed.cddl
index c1b472d8347d3a0dd2ae6914a72baa988e172d48394ba54b1c276d8e37ac5186..f515e01300b4eb6049eea3c2cec5a2c9c9470e87d33b65add9f5b776f57ae1c3 100644 (file)
--- a/spec/cm/signed.cddl
+++ b/spec/cm/signed.cddl
@@ -9,6 +9,8 @@ cm-signed = {
     ? pubs: [+ cm-pub],
 }
 
+url = text
+
 sig = {
     tbs: sig-tbs,
     sign: {a: ai, v: bytes},
@@ -16,11 +18,11 @@ sig = {
     * text => any
 }
 
-url = text
+fpr = bytes .size 32
 
 sig-tbs = {
-    sid: uuid, ; signer's public key id
-    ? encrypted-to: [+ uuid], ; recipient's public key ids
+    sid: fpr, ; signer's public key fingerprint
+    ? encrypted-to: [+ fpr], ; recipient's public key fingerprints
     ? when: tai64 / tai64n,
     * text => any
 }

diff --git a/spec/cm/signed.texi b/spec/cm/signed.texi
index b0634e38f09bd293047c6e64537d4ef02e80355daf6ec7b8858ab78f43283e1e..3d7f4944e22f343a36efc19140e2393db238a116e75af08a76267d28d2ca1fe8 100644 (file)
--- a/spec/cm/signed.texi
+++ b/spec/cm/signed.texi
@@ -45,7 +45,7 @@ help creating the whole verification chain. They are placed outside
 
 If signed data is also intended to be @ref{cm-encrypted, encrypted},
 then @code{/sigs/*/tbs/encrypted-to} should be set to corresponding
-recipient's public key id(s).
+recipient's public key fingerprint(s).
 
 @node cm-signed-gost3410
 @cindex cm-signed-gost3410
@@ -69,7 +69,6 @@ recipient's public key id(s).
     Algorithm identifiers for the signature: @code{gost3410-256A-merkle},
     @code{gost3410-512C-merkle}.
 
-
 @node cm-signed-ed25519-blake2b
 @cindex cm-signed-ed25519-blake2b
 @cindex cm-signed-ed25519ph-blake2b