From c59897f6732e843ac38598171cb705e3417a5cfe01d1e3bcb405eb5150b79d13 Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Tue, 15 Oct 2024 10:02:19 +0300 Subject: [PATCH] More sets usage --- gyac/yacpki/cmd/yacsdtool/main.go | 2 +- gyac/yacpki/signed-data.go | 10 +++++----- spec/format/cer-load.cddl | 3 ++- spec/format/cer.texi | 9 +++------ spec/format/signed-data.cddl | 2 +- spec/schema.texi | 3 +++ 6 files changed, 15 insertions(+), 14 deletions(-) diff --git a/gyac/yacpki/cmd/yacsdtool/main.go b/gyac/yacpki/cmd/yacsdtool/main.go index 7473cb4..6a62aee 100644 --- a/gyac/yacpki/cmd/yacsdtool/main.go +++ b/gyac/yacpki/cmd/yacsdtool/main.go @@ -87,7 +87,7 @@ func main() { } else { var sd yacpki.SignedData sd.Load.T = *typ - sdHashes := []string{*hashAlgo} + sdHashes := map[string]*struct{}{*hashAlgo: nil} sd.Hashes = &sdHashes sigHashes := map[string][]byte{*hashAlgo: hasher.Sum(nil)} when := time.Now().UTC().Truncate(1000 * time.Microsecond) diff --git a/gyac/yacpki/signed-data.go b/gyac/yacpki/signed-data.go index ce6f7f8..366340f 100644 --- a/gyac/yacpki/signed-data.go +++ b/gyac/yacpki/signed-data.go @@ -37,10 +37,10 @@ type SignedDataTBS struct { } type SignedData struct { - Hashes *[]string `yac:"hash,omitempty"` - Cers *[]*SignedData `yac:"certs,omitempty"` - Load SignedDataLoad `yac:"load"` - Sigs []*Sig `yac:"sigs"` + Hashes *map[string]*struct{} `yac:"hash,omitempty"` + Cers *[]*SignedData `yac:"certs,omitempty"` + Load SignedDataLoad `yac:"load"` + Sigs []*Sig `yac:"sigs"` } func SignedDataParse(data []byte) (sd *SignedData, tail []byte, err error) { @@ -108,7 +108,7 @@ func SignedDataParseItem(item *gyac.Item) (sd *SignedData, err error) { return } var exists bool - for _, ai := range *sd.Hashes { + for ai := range *sd.Hashes { if _, ok := (*sig.TBS.Hashes)[ai]; ok { exists = true break diff --git a/spec/format/cer-load.cddl b/spec/format/cer-load.cddl index 801f0e0..589cd0a 100644 --- a/spec/format/cer-load.cddl +++ b/spec/format/cer-load.cddl @@ -5,8 +5,9 @@ cer-load = { ? ku: {+ ku => nil}, pub: [+ {av, id: uuid}], sub: {text => text}, ; subject - ? crit: [+ {t: text, * text => any}], + ? crit: {+ crit-text-type => any}, * text => any } ku = "ca" / "sig" / "app-name" / text +crit-ext-type = text diff --git a/spec/format/cer.texi b/spec/format/cer.texi index 843d388..c930697 100644 --- a/spec/format/cer.texi +++ b/spec/format/cer.texi @@ -43,12 +43,9 @@ It is a map with NIL values, to force deterministic encoding of the list. It @strong{must} be absent if empty. @item crit -Optional list of critical (in terms of X.509) extensions. Non-critical -ones may be placed outside that map, directly in @code{cer-load}. It -@strong{must} be absent if empty. - -Each extension has required "t" field with specified extension type. All -other values are extension-specific. +Optional critical (in terms of X.509) extensions. Non-critical +ones may be placed outside that map, directly in @code{cer-load}. +It @strong{must} be absent if empty. Values are extension specific. @end table diff --git a/spec/format/signed-data.cddl b/spec/format/signed-data.cddl index 356f913..8797b68 100644 --- a/spec/format/signed-data.cddl +++ b/spec/format/signed-data.cddl @@ -2,7 +2,7 @@ ai = text ; algorithm identifier av = {a: ai, v: bytes} signed-data = { - ? hash: [+ ai], ; when using prehashing + ? hash: {+ ai => nil}, ; when using prehashing load: { t: text, ? v: bytes / text / blob / map / list, diff --git a/spec/schema.texi b/spec/schema.texi index afcb2ad..78415e5 100644 --- a/spec/schema.texi +++ b/spec/schema.texi @@ -30,6 +30,9 @@ identifiers. OIDs database can be considered as an external schema. Lacking it, or lacking its actual state, you probably won't be able even guessing the context of the data inside. +Sets can be emulated by using MAPs with NIL values. That gives only +1-byte overhead for each element, but reuses already existing code. + If you really desire more compact encoding, even agree to use schema definitions, then think about replacing MAPs with LISTs. Non-present values can be indicated by NIL tag. -- 2.48.1