diff options
author | Neal H. Walfield <neal@pep.foundation> | 2020-12-14 22:45:43 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2020-12-14 22:52:43 +0100 |
commit | c31ceb8dab94d2ea08879e36ad450547136ca2e1 (patch) | |
tree | 63c6402bdcfe4fcc41063793d220fe49c1218118 /openpgp/src/policy | |
parent | 360da4f78448dc0b2c2724f5e13a12874604ce3e (diff) |
openpgp: Simplify hash policies.
- The standard policy currently has two policies related to hash
algorithms: when a hash algorithm should be rejected for normal
signatures, and when a hash algorithm should be rejected for
revocation sigantures.
- If we distinguish two security contexts, then we'll have four
policies (the cross product).
- If the currently state is not already unmanageable, then this
certainly is.
- Simplify this by using a single scalar to represent how long a
revocation certificate using a broken hash should continue to be
accepted.
- This is probably sufficiently expressive in practice as this is a
largely inexact science. And, if a more nuanced policy is
required, it is always possible to wrap `StandardPolicy`.
Diffstat (limited to 'openpgp/src/policy')
-rw-r--r-- | openpgp/src/policy/cutofflist.rs | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/openpgp/src/policy/cutofflist.rs b/openpgp/src/policy/cutofflist.rs index 6c1933ea..47d1d3e5 100644 --- a/openpgp/src/policy/cutofflist.rs +++ b/openpgp/src/policy/cutofflist.rs @@ -6,6 +6,7 @@ use crate::{ Error, Result, types::Timestamp, + types::Duration, }; // A `const fn` function can only use a subset of Rust's @@ -152,9 +153,17 @@ impl<A> CutoffList<A> } // Checks whether the `a` is safe to use at time `time`. + // + // `tolerance` is added to the cutoff time. #[inline] - pub(super) fn check(&self, a: A, time: Timestamp) -> Result<()> { + pub(super) fn check(&self, a: A, time: Timestamp, + tolerance: Option<Duration>) + -> Result<()> + { if let Some(cutoff) = self.cutoff(a.clone()) { + let cutoff = cutoff + .checked_add(tolerance.unwrap_or(Duration::seconds(0))) + .unwrap_or(Timestamp::MAX); if time >= cutoff { Err(Error::PolicyViolation( a.to_string(), Some(cutoff.into())).into()) @@ -226,7 +235,9 @@ macro_rules! a_cutoff_list { } } - fn check(&self, a: $algo, time: Timestamp) -> Result<()> { + fn check(&self, a: $algo, time: Timestamp, d: Option<types::Duration>) + -> Result<()> + { use crate::policy::cutofflist::VecOrSlice; match self { @@ -237,10 +248,10 @@ macro_rules! a_cutoff_list { CutoffList { cutoffs: VecOrSlice::Slice(&Self::DEFAULTS[..]), _a: std::marker::PhantomData, - }.check(a, time) + }.check(a, time, d) } - $name::Custom(ref l) => l.check(a, time), + $name::Custom(ref l) => l.check(a, time, d), } } } |