From 6419e7d7025204bbc496fd3335f6450e2bd85f61 Mon Sep 17 00:00:00 2001
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Date: Fri, 24 Mar 2023 11:30:57 +0100
Subject: openpgp: Introduce `StandardPolicy::accept_hash_property`.

  - This function allows accepting hash algorithm for one particular
    security property.

  - Closes https://gitlab.com/sequoia-pgp/sequoia/-/issues/595
---
 openpgp/NEWS          |  3 +++
 openpgp/src/policy.rs | 24 +++++++++++++++++++++---
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/openpgp/NEWS b/openpgp/NEWS
index 61cd54e7..47c30f4c 100644
--- a/openpgp/NEWS
+++ b/openpgp/NEWS
@@ -3,6 +3,9 @@
 #+TITLE: sequoia-openpgp NEWS – history of user-visible changes
 #+STARTUP: content hidestars
 
+* Changes in 1.15.0
+** New functionality
+   - StandardPolicy::accept_hash_property
 * Changes in 1.14.0
 ** New cryptographic backends
    - We added a backend that uses Botan.
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs
index a75ed74d..e91a6c0e 100644
--- a/openpgp/src/policy.rs
+++ b/openpgp/src/policy.rs
@@ -886,10 +886,28 @@ impl<'a> StandardPolicy<'a> {
     /// A hash algorithm should only be unconditionally accepted if it
     /// has all three of these properties.  See the documentation for
     /// [`HashAlgoSecurity`] for more details.
-    ///
     pub fn accept_hash(&mut self, h: HashAlgorithm) {
-        self.collision_resistant_hash_algos.set(h, ACCEPT);
-        self.second_pre_image_resistant_hash_algos.set(h, ACCEPT);
+        self.accept_hash_property(h, HashAlgoSecurity::CollisionResistance);
+        self.accept_hash_property(h, HashAlgoSecurity::SecondPreImageResistance);
+    }
+
+    /// Considers hash algorithm `h` to be secure for the specified
+    /// security property `sec`.
+    ///
+    /// For instance, an application may choose to allow an algorithm
+    /// like SHA-1 in contexts like User ID binding signatures where
+    /// only [second preimage
+    /// resistance][`HashAlgoSecurity::SecondPreImageResistance`] is
+    /// required but not in contexts like signatures over data where
+    /// [collision
+    /// resistance][`HashAlgoSecurity::CollisionResistance`] is also
+    /// required. Whereas SHA-1's collision resistance is
+    /// [definitively broken](https://shattered.io/), depending on the
+    /// application's threat model, it may be acceptable to continue
+    /// to accept SHA-1 in these specific contexts.
+    pub fn accept_hash_property(&mut self, h: HashAlgorithm, sec: HashAlgoSecurity)
+    {
+        self.reject_hash_property_at(h, sec, None);
     }
 
     /// Considers `h` to be insecure in all security contexts.
-- 
cgit v1.2.3