diff options
| author | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2023-03-24 11:30:57 +0100 |
|---|---|---|
| committer | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2023-03-27 12:05:33 +0200 |
| commit | 6419e7d7025204bbc496fd3335f6450e2bd85f61 (patch) | |
| tree | 0aca4f0ce5d38a253853e2f3ccbed1a004acbaab | |
| parent | 28333aff585131a48bbad387e1f035e140b4dd4b (diff) | |
openpgp: Introduce `StandardPolicy::accept_hash_property`.
- This function allows accepting hash algorithm for one particular
security property.
- Closes https://gitlab.com/sequoia-pgp/sequoia/-/issues/595
| -rw-r--r-- | openpgp/NEWS | 3 | ||||
| -rw-r--r-- | openpgp/src/policy.rs | 24 |
2 files changed, 24 insertions, 3 deletions
diff --git a/openpgp/NEWS b/openpgp/NEWS index 61cd54e7..47c30f4c 100644 --- a/openpgp/NEWS +++ b/openpgp/NEWS @@ -3,6 +3,9 @@ #+TITLE: sequoia-openpgp NEWS – history of user-visible changes #+STARTUP: content hidestars +* Changes in 1.15.0 +** New functionality + - StandardPolicy::accept_hash_property * Changes in 1.14.0 ** New cryptographic backends - We added a backend that uses Botan. diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index a75ed74d..e91a6c0e 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -886,10 +886,28 @@ impl<'a> StandardPolicy<'a> { /// A hash algorithm should only be unconditionally accepted if it /// has all three of these properties. See the documentation for /// [`HashAlgoSecurity`] for more details. - /// pub fn accept_hash(&mut self, h: HashAlgorithm) { - self.collision_resistant_hash_algos.set(h, ACCEPT); - self.second_pre_image_resistant_hash_algos.set(h, ACCEPT); + self.accept_hash_property(h, HashAlgoSecurity::CollisionResistance); + self.accept_hash_property(h, HashAlgoSecurity::SecondPreImageResistance); + } + + /// Considers hash algorithm `h` to be secure for the specified + /// security property `sec`. + /// + /// For instance, an application may choose to allow an algorithm + /// like SHA-1 in contexts like User ID binding signatures where + /// only [second preimage + /// resistance][`HashAlgoSecurity::SecondPreImageResistance`] is + /// required but not in contexts like signatures over data where + /// [collision + /// resistance][`HashAlgoSecurity::CollisionResistance`] is also + /// required. Whereas SHA-1's collision resistance is + /// [definitively broken](https://shattered.io/), depending on the + /// application's threat model, it may be acceptable to continue + /// to accept SHA-1 in these specific contexts. + pub fn accept_hash_property(&mut self, h: HashAlgorithm, sec: HashAlgoSecurity) + { + self.reject_hash_property_at(h, sec, None); } /// Considers `h` to be insecure in all security contexts. |