diff options
| author | Neal H. Walfield <neal@sequoia-pgp.org> | 2024-01-22 15:29:13 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@sequoia-pgp.org> | 2024-01-22 15:33:56 +0100 |
| commit | ca1187c79182b185d338d1f0e26f303275765a63 (patch) | |
| tree | d43cd1ac1a9ecc4595b7e88841986271046ccec0 | |
| parent | b838d4b1bfc4b432e908741c94b336df19d201ad (diff) | |
openpgp: Add context to policy rejection errors.neal/fix-1081
- When a policy rejects something (an algorithm, etc.) include the
thing that was rejected in the error's context.
- Fixes #1081.
| -rw-r--r-- | openpgp/src/policy.rs | 59 |
1 files changed, 45 insertions, 14 deletions
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index 9ea4fcb2..8f5255e2 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -1512,14 +1512,22 @@ impl<'a> Policy for StandardPolicy<'a> { for csp in sig.hashed_area().iter().filter(|sp| sp.critical()) { self.critical_subpackets.check(csp.tag(), time, None) - .context("Policy rejected critical signature subpacket")?; + .with_context(|| { + format!( + "Policy rejected critical signature subpacket ({})", + csp.tag()) + })?; if let SubpacketValue::NotationData(n) = csp.value() { if ! self.good_critical_notations.contains(&n.name()) { return Err(anyhow::Error::from( Error::PolicyViolation( format!("Critical notation {:?}", - n.name()), None)) - .context("Policy rejected critical notation")); + n.name()), None))) + .with_context(|| { + format!( + "Policy rejected critical notation ({})", + n.name()) + }); } } } @@ -1600,13 +1608,19 @@ impl<'a> Policy for StandardPolicy<'a> { let time = self.time.unwrap_or_else(Timestamp::now); self.asymmetric_algos.check(a, time, None) - .context("Policy rejected asymmetric algorithm")?; + .with_context(|| { + format!("Policy rejected asymmetric algorithm ({})", + a) + })?; // Check ECDH KDF and KEK parameters. if let PublicKey::ECDH { hash, sym, .. } = ka.mpis() { self.symmetric_algorithm(*sym) - .context("Policy rejected ECDH \ - key encapsulation algorithm")?; + .with_context(|| { + format!("Policy rejected ECDH \ + key encapsulation algorithm ({})", + *sym) + })?; // RFC6637 says: // @@ -1624,9 +1638,13 @@ impl<'a> Policy for StandardPolicy<'a> { => (), // Good. _ => return Err(anyhow::Error::from( - Error::PolicyViolation(sym.to_string(), None)) - .context("Policy rejected ECDH \ - key encapsulation algorithm")), + Error::PolicyViolation(sym.to_string(), None))) + .with_context(|| { + format!( + "Policy rejected ECDH \ + key encapsulation algorithm ({})", + sym) + }), } // For use in a KDF the hash algorithm does not @@ -1636,8 +1654,11 @@ impl<'a> Policy for StandardPolicy<'a> { self .collision_resistant_hash_algos .check(*hash, time, None) - .context("Policy rejected ECDH \ - key derivation hash function")?; + .with_context(|| { + format!("Policy rejected ECDH \ + key derivation hash function ({})", + *hash) + })?; } Ok(()) @@ -1650,19 +1671,29 @@ impl<'a> Policy for StandardPolicy<'a> { packet.tag(), packet.version().unwrap_or(0), time, None) - .context("Policy rejected packet type") + .with_context(|| { + format!("Policy rejected packet ({})", packet.tag()) + }) } fn symmetric_algorithm(&self, algo: SymmetricAlgorithm) -> Result<()> { let time = self.time.unwrap_or_else(Timestamp::now); self.symmetric_algos.check(algo, time, None) - .context("Policy rejected symmetric encryption algorithm") + .with_context(|| { + format!( + "Policy rejected symmetric encryption algorithm ({})", + algo) + }) } fn aead_algorithm(&self, algo: AEADAlgorithm) -> Result<()> { let time = self.time.unwrap_or_else(Timestamp::now); self.aead_algos.check(algo, time, None) - .context("Policy rejected authenticated encryption algorithm") + .with_context(|| { + format!( + "Policy rejected authenticated encryption algorithm ({})", + algo) + }) } } |