]> Cypherpunks repositories - keks.git/commitdiff
projects / keks.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0cf662c)
More sets usage
authorSergey Matveev <stargrave@stargrave.org>
Tue, 15 Oct 2024 07:02:19 +0000 (10:02 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Tue, 15 Oct 2024 07:33:57 +0000 (10:33 +0300)
gyac/yacpki/cmd/yacsdtool/main.go patch | blob | history
gyac/yacpki/signed-data.go patch | blob | history
spec/format/cer-load.cddl patch | blob | history
spec/format/cer.texi patch | blob | history
spec/format/signed-data.cddl patch | blob | history
spec/schema.texi patch | blob | history

diff --git a/gyac/yacpki/cmd/yacsdtool/main.go b/gyac/yacpki/cmd/yacsdtool/main.go
index 7473cb4463dab9dca75c47154353815735364a20b063b91fdbdf304ef2586385..6a62aeecf7773e10763db8da137ab5c3f0ee50ed3801ef876b8bb2b3d19df358 100644 (file)
--- a/gyac/yacpki/cmd/yacsdtool/main.go
+++ b/gyac/yacpki/cmd/yacsdtool/main.go
@@ -87,7 +87,7 @@ func main() {
        } else {
                var sd yacpki.SignedData
                sd.Load.T = *typ
-               sdHashes := []string{*hashAlgo}
+               sdHashes := map[string]*struct{}{*hashAlgo: nil}
                sd.Hashes = &sdHashes
                sigHashes := map[string][]byte{*hashAlgo: hasher.Sum(nil)}
                when := time.Now().UTC().Truncate(1000 * time.Microsecond)
diff --git a/gyac/yacpki/signed-data.go b/gyac/yacpki/signed-data.go
index ce6f7f875a6f06a3756ebfce52ecb0b2d35e641be1d1fa5645f4aca80ce9c010..366340f2f59c01dc904dd660e41c18b2bf5d5ed1aee3b914b42579b9e8787b09 100644 (file)
--- a/gyac/yacpki/signed-data.go
+++ b/gyac/yacpki/signed-data.go
@@ -37,10 +37,10 @@ type SignedDataTBS struct {
 }
 
 type SignedData struct {
-       Hashes *[]string      `yac:"hash,omitempty"`
-       Cers   *[]*SignedData `yac:"certs,omitempty"`
-       Load   SignedDataLoad `yac:"load"`
-       Sigs   []*Sig         `yac:"sigs"`
+       Hashes *map[string]*struct{} `yac:"hash,omitempty"`
+       Cers   *[]*SignedData        `yac:"certs,omitempty"`
+       Load   SignedDataLoad        `yac:"load"`
+       Sigs   []*Sig                `yac:"sigs"`
 }
 
 func SignedDataParse(data []byte) (sd *SignedData, tail []byte, err error) {
@@ -108,7 +108,7 @@ func SignedDataParseItem(item *gyac.Item) (sd *SignedData, err error) {
                                return
                        }
                        var exists bool
-                       for _, ai := range *sd.Hashes {
+                       for ai := range *sd.Hashes {
                                if _, ok := (*sig.TBS.Hashes)[ai]; ok {
                                        exists = true
                                        break
diff --git a/spec/format/cer-load.cddl b/spec/format/cer-load.cddl
index 801f0e06822540ca49686da0b4eb0cc0bfd27d504cf7f6bcbd264b7ab24430f1..589cd0a08f1258ca43979a6bdbb943213e37cf7a5414692d6b4b2a720fab41bc 100644 (file)
--- a/spec/format/cer-load.cddl
+++ b/spec/format/cer-load.cddl
@@ -5,8 +5,9 @@ cer-load = {
     ? ku: {+ ku => nil},
     pub: [+ {av, id: uuid}],
     sub: {text => text}, ; subject
-    ? crit: [+ {t: text, * text => any}],
+    ? crit: {+ crit-text-type => any},
     * text => any
 }
 
 ku = "ca" / "sig" / "app-name" / text
+crit-ext-type = text
diff --git a/spec/format/cer.texi b/spec/format/cer.texi
index 843d38854423b56130778b6260e8966d9d26686e293b48e11e06378bcf36df73..c93069789de3363b47a93a8ff9537e01583d6157f3d610b5b445ff2f042e117a 100644 (file)
--- a/spec/format/cer.texi
+++ b/spec/format/cer.texi
@@ -43,12 +43,9 @@ It is a map with NIL values, to force deterministic encoding of the
 list. It @strong{must} be absent if empty.
 
 @item crit
-Optional list of critical (in terms of X.509) extensions. Non-critical
-ones may be placed outside that map, directly in @code{cer-load}. It
-@strong{must} be absent if empty.
-
-Each extension has required "t" field with specified extension type. All
-other values are extension-specific.
+Optional critical (in terms of X.509) extensions. Non-critical
+ones may be placed outside that map, directly in @code{cer-load}.
+It @strong{must} be absent if empty. Values are extension specific.
 
 @end table
 
diff --git a/spec/format/signed-data.cddl b/spec/format/signed-data.cddl
index 356f91354890b11d32de8e70a9b20ed5cc2691436238253d7c0c485fe54f2250..8797b681ba10dd69e5bc5bfd08252ef22295ad9f3d5c637d23da59d67b1c0e33 100644 (file)
--- a/spec/format/signed-data.cddl
+++ b/spec/format/signed-data.cddl
@@ -2,7 +2,7 @@ ai = text ; algorithm identifier
 av = {a: ai, v: bytes}
 
 signed-data = {
-    ? hash: [+ ai], ; when using prehashing
+    ? hash: {+ ai => nil}, ; when using prehashing
     load: {
         t: text,
         ? v: bytes / text / blob / map / list,
diff --git a/spec/schema.texi b/spec/schema.texi
index afcb2ada006a59c6dc7cf5f1531c1798cb668fbefd4323e9c687658fb974f030..78415e53db2e3e4958206dc97a4d6bdcfc3b7940df876c1bbc88599c0bb7fd4a 100644 (file)
--- a/spec/schema.texi
+++ b/spec/schema.texi
@@ -30,6 +30,9 @@ identifiers. OIDs database can be considered as an external schema.
 Lacking it, or lacking its actual state, you probably won't be able even
 guessing the context of the data inside.
 
+Sets can be emulated by using MAPs with NIL values. That gives only
+1-byte overhead for each element, but reuses already existing code.
+
 If you really desire more compact encoding, even agree to use schema
 definitions, then think about replacing MAPs with LISTs. Non-present
 values can be indicated by NIL tag.
KEKS codec