diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2020-12-11 14:41:17 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2020-12-11 14:46:30 +0100 |
| commit | 35119b755db270ab43a8e1ec13577bc0f9846546 (patch) | |
| tree | 2499fe86c242b8aa7e05df02f56640e11e8e920b /openpgp/src/cert.rs | |
| parent | 582a079f1cccc07bd74432ceb55da09e698da2d0 (diff) | |
openpgp: Pass the hash algo's security reqs to Policy::signature.
- If the signer controls the data that is being signed, then the
hash algorithm only needs second pre-image resistance.
- This observation can be used to extend the life of hash algorithms
that have been weakened, as is the case for SHA-1.
- Introduces a new `enum HashAlgoSecurity`, which is now passed to
`Policy::signature`.
- See #595.
Diffstat (limited to 'openpgp/src/cert.rs')
| -rw-r--r-- | openpgp/src/cert.rs | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index 78dad9b1..ca010f19 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -1267,15 +1267,25 @@ impl Cert { { let mut keys = std::collections::HashSet::new(); + let pk_sec = self.primary_key().hash_algo_security(); + // All user ids. self.userids() .flat_map(|ua| { // All valid self-signatures. - ua.self_signatures().iter() + let sec = ua.hash_algo_security; + ua.self_signatures() + .iter() + .filter(move |sig| { + policy.signature(sig, sec).is_ok() + }) }) // All direct-key signatures. - .chain(self.primary_key().self_signatures() .iter()) - .filter(|sig| policy.signature(sig).is_ok()) + .chain(self.primary_key() + .self_signatures().iter() + .filter(|sig| { + policy.signature(sig, pk_sec).is_ok() + })) .flat_map(|sig| sig.revocation_keys()) .for_each(|rk| { keys.insert(rk); }); |