From: Sergey Matveev Date: Sat, 10 May 2025 15:10:13 +0000 (+0300) Subject: Include schemas during HTML rendering X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=8ec72f0818f49a7af39059beea6daa28bb8e9d8b86b53042f3467fbc3d8285f4;p=keks.git Include schemas during HTML rendering --- diff --git a/spec/cm/encrypted/index b/spec/cm/encrypted/index index 7a4c148..1d44995 100644 --- a/spec/cm/encrypted/index +++ b/spec/cm/encrypted/index @@ -16,7 +16,8 @@ EnvelopedData, LibrePGP or age. * Ability to safely encrypt to multiple recipients Stored in a file, it should begin with "cm/encrypted" [encoding/MAGIC]. -[schemas/encrypted.tcl] + +include [schemas/encrypted.tcl] "/payload" contains the ciphertext. It is encrypted with random "content encryption key" (CEK) with an algorithm specified in "/dem/a" (data diff --git a/spec/cm/hashed/index b/spec/cm/hashed/index index 109b436..152545a 100644 --- a/spec/cm/hashed/index +++ b/spec/cm/hashed/index @@ -2,7 +2,9 @@ Integrity protected container, analogue to ASN.1-based CMS DigestedData. => https://datatracker.ietf.org/doc/html/rfc5652 CMS Stored in a file, it should begin with "cm/hashed" [encoding/MAGIC]. -[schemas/hashed.tcl] + +include [schemas/hashed.tcl] + "/a" tells what algorithms will be used to hash the data. "/t" tells the type of the data inside. "/hash" contains the hash values for all corresponding "/a" algorithms. diff --git a/spec/cm/kem/balloon-blake2b-hkdf b/spec/cm/kem/balloon-blake2b-hkdf index eb565fd..0c578d3 100644 --- a/spec/cm/kem/balloon-blake2b-hkdf +++ b/spec/cm/kem/balloon-blake2b-hkdf @@ -1,5 +1,7 @@ Balloon-BLAKE2b+HKDF KEM. -[schemas/kem-balloon-blake2b-hkdf.tcl] + +include [schemas/kem-balloon-blake2b-hkdf.tcl] + Balloon memory-hardened password hasher must be used with BLAKE2b hash. => https://crypto.stanford.edu/balloon/ Balloon diff --git a/spec/cm/kem/gost3410-hkdf b/spec/cm/kem/gost3410-hkdf index 92923dd..a805fb3 100644 --- a/spec/cm/kem/gost3410-hkdf +++ b/spec/cm/kem/gost3410-hkdf @@ -1,5 +1,7 @@ GOST R 34.10+HKDF KEM. -[schemas/kem-gost3410-hkdf.tcl] + +include [schemas/kem-gost3410-hkdf.tcl] + GOST R 34.10-2012 VKO parameter set A/C ("gost3410-256A", "gost3410-512C") must be used for DH operation, with UKM taken from the structure. VKO's output is 512- or 1024-bit "BE(X)||BE(Y)" point, used in HKDF below: diff --git a/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 b/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 index 9c260f1..1aea121 100644 --- a/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 +++ b/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 @@ -1,5 +1,7 @@ Classic McEliece 6960-119+X25519+HKDF-SHAKE256 KEM. -[schemas/kem-with-encap.tcl] + +include [schemas/kem-with-encap.tcl] + "/kem/*/a" equals to "mceliece6960119-x25519-hkdf-shake256". Recipient public key with [cm/pub/mceliece6960119-x25519] algorithm must be used. It should have "kem" key usage set. diff --git a/spec/cm/kem/pbkdf2 b/spec/cm/kem/pbkdf2 index ad8d62e..054be7e 100644 --- a/spec/cm/kem/pbkdf2 +++ b/spec/cm/kem/pbkdf2 @@ -1,5 +1,7 @@ PBKDF2 KEM. -[schemas/kem-pbkdf2.tcl] + +include [schemas/kem-pbkdf2.tcl] + PBKDF2 is RFC 2898 algorithm. Key length equal to key wrapping algorithm requirements. => https://datatracker.ietf.org/doc/html/rfc2898 RFC 2898 diff --git a/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b b/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b index e219c82..6b849b4 100644 --- a/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b +++ b/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b @@ -1,5 +1,7 @@ SNTRUP4591761+X25519+HKDF-BLAKE2b KEM. -[schemas/kem-with-encap.tcl] + +include [schemas/kem-with-encap.tcl] + "/kem/*/a" equals to "sntrup4591761-x25519-hkdf-blake2b". Recipient public key with [cm/pub/sntrup4591761-x25519] algorithm must be used. It should have "kem" key usage set. diff --git a/spec/cm/prv/index b/spec/cm/prv/index index 38c6714..35e14d5 100644 --- a/spec/cm/prv/index +++ b/spec/cm/prv/index @@ -1,5 +1,7 @@ Private key container. -[schemas/av.tcl] + +include [schemas/av.tcl] + Stored in a file, it should begin with "cm/prv" [encoding/MAGIC]. do-backs diff --git a/spec/cm/pub/index b/spec/cm/pub/index index ec9bb51..b80e0ac 100644 --- a/spec/cm/pub/index +++ b/spec/cm/pub/index @@ -2,7 +2,8 @@ Public key is the [cm/signed/] structure. Stored in a file, it should begin with "cm/pub" [encoding/MAGIC]. Its "/load/t" equals to "pub". "/load/v" contains "cm/pub/load": -[schemas/pub-load.tcl] + +include [schemas/pub-load.tcl] sub: Subject is a map of arbitrary strings. Currently no constraints on @@ -33,7 +34,9 @@ crit: ones may be placed outside that map, directly in cm/pub/load. It *must* be absent if empty. Values are extension specific. -[cm/signed/]'s "sig-tbs" *must* contain additional fields: [schemas/pub-sig-tbs.tcl] +[cm/signed/]'s "sig-tbs" *must* contain additional fields: + +include [schemas/pub-sig-tbs.tcl] sid: Signing public key's fingerprint. cid: Certification unique identifier. UUIDv7 is a good choice. diff --git a/spec/cm/signed/index b/spec/cm/signed/index index ce658fe..330ce70 100644 --- a/spec/cm/signed/index +++ b/spec/cm/signed/index @@ -13,7 +13,9 @@ Signed container, some kind of analogue to ASN.1-based CMS SignedData. Stored in a file, it should begin with "cm/signed" [encoding/MAGIC], unless it is a [cm/pub/]lic key. -[schemas/av.tcl] [schemas/fpr.tcl] [schemas/signed.tcl] +include [schemas/av.tcl] +include [schemas/fpr.tcl] +include [schemas/signed.tcl] Signature is created by signing the: @@ -27,7 +29,7 @@ following approach: cm/signed/prehash || BLOB(detached-data) || cm/signed -[schemas/signed-prehash.tcl] +include [schemas/signed-prehash.tcl] With "cm/signed/prehash" you initialise your hashers used during signing process and feed BLOB's contents (not the encoded BLOB itself!) into the them. diff --git a/spec/schema/tcl b/spec/schema/tcl index a2f37cb..a6c9dfd 100644 --- a/spec/schema/tcl +++ b/spec/schema/tcl @@ -16,10 +16,11 @@ Example with "our" structure ([schema/cmds]) can be written as: } and [cm/pub/] as: -[schemas/pub.tcl] -[schemas/fpr.tcl] -[schemas/pub-load.tcl] -[schemas/pub-sig-tbs.tcl] + +include [schemas/pub.tcl] +include [schemas/fpr.tcl] +include [schemas/pub-load.tcl] +include [schemas/pub-sig-tbs.tcl] schema.tcl calls "schemas {s0 cmds0 s1 cmds1 ...}" commands to produce an encoded map with "cmds*" commands for