diff --git a/src/keri/core/coring.py b/src/keri/core/coring.py index 25006d23..3230cd7f 100644 --- a/src/keri/core/coring.py +++ b/src/keri/core/coring.py @@ -298,7 +298,7 @@ class MatterCodex: Big: str = 'N' # Big 8 byte b2 number X25519_Private: str = 'O' # X25519 private decryption key/seed, may be converted from Ed25519 X25519_Cipher_Seed: str = 'P' # X25519 sealed box 124 char qb64 Cipher of 44 char qb64 Seed - ECDSA_256r1_Seed: str = "Q" # ECDSA secp256r1 256 bit random Seed for private key + ECDSA_256r1_Seed: str = 'Q' # ECDSA secp256r1 256 bit random Seed for private key Tall: str = 'R' # Tall 5 byte b2 number Large: str = 'S' # Large 11 byte b2 number Great: str = 'T' # Great 14 byte b2 number diff --git a/src/keri/core/eventing.py b/src/keri/core/eventing.py index 3e8ba393..a0802245 100644 --- a/src/keri/core/eventing.py +++ b/src/keri/core/eventing.py @@ -2710,19 +2710,19 @@ def validateDelegation(self, serder, sigers, wigers, wits, delpre, *, to detect a comprimised or duplicitious superseding rotation and prevent the additional verification from proceding. - ToDo: + Mitigations of malicious source seal couples: Repair the approval source seal couple in the 'aess' database on recursive climb the kel tree. Once an event has been accepted into its kel. Later adding a source seal couple to 'aes' should then be OK from a security perspective since its only making discovery less expensive. - When malicious source seal couple is received but event is validly - delegated and the delegation source seal is repaired then need to replace + When a malicious source seal couple is received but event is validly + delegated and the delegation source seal is repaired then replace malicious source seal couple with repaired seal so repaired seal not malicous seal gets written to 'aes' db. When the event is valid but non-delegated then need to nullify malicous source seal couple so it - does not get written to 'aes' datable + does not get written to 'aes' database. """ if not delpre: # not delegable so no delegation validation needed diff --git a/src/keri/db/basing.py b/src/keri/db/basing.py index 25e0bc6c..e513bb69 100644 --- a/src/keri/db/basing.py +++ b/src/keri/db/basing.py @@ -1022,6 +1022,9 @@ def reopen(self, **kwa): self.udes = subing.CatCesrSuber(db=self, subkey='udes.', klas=(coring.Seqner, coring.Saider)) self.uwes = self.env.open_db(key=b'uwes.', dupsort=True) + #self.uwes = subing.CatCesrIoSetSuber(db=self, subkey='uwes.', + #klas=(coring.Saider, indexing.Siger)) + self.ooes = self.env.open_db(key=b'ooes.', dupsort=True) self.dels = self.env.open_db(key=b'dels.', dupsort=True) self.ldes = self.env.open_db(key=b'ldes.', dupsort=True) diff --git a/src/keri/db/subing.py b/src/keri/db/subing.py index 521c1788..f190ba65 100644 --- a/src/keri/db/subing.py +++ b/src/keri/db/subing.py @@ -43,10 +43,15 @@ ordinal number so that the ordering within each key prefix is monotonically increasing numeric +B64Suber provides separated fields of B64 primitives for values. Useful when don't + need to CESR ser/des the primitives or performance + The term 'set' of values means that no value may appear more than once in the set. Sets support idempotent adds and puts to db. This means one can add or put the same (key, val) pair multiple times and not change the db. + + DupSuber provides set of lexicographic ordered values at each key. Each value has a limited size (key + value <= 511 byes). The set is performant. Good for indices.