From b423ef4b021390dad4bd6a44e1e51608c1e255b3 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@debian.org>
Date: Thu, 12 Oct 2023 16:20:27 -0400
Subject: [PATCH] WIP: redwood: Relax requirements for decrypting messages

Even if a source key is no longer valid per policy, we still want them
to be able to decrypt a previously valid message for them. We can also
drop the revocation/expiry filters, which were mostly theoretical in the
SecureDrop context anyways.

Fixes #6991.
---
 redwood/src/keys.rs | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/redwood/src/keys.rs b/redwood/src/keys.rs
index 09075b69a74..02214b64fa0 100644
--- a/redwood/src/keys.rs
+++ b/redwood/src/keys.rs
@@ -5,20 +5,6 @@ use sequoia_openpgp::packet::Key;
 use sequoia_openpgp::policy::Policy;
 use sequoia_openpgp::Cert;
 
-/// We want to use the same iterators on public and secret keys but it's not
-/// really possible to do it in a function because of type differences so we
-/// use a macro instead.
-macro_rules! filter_keys {
-    ( $keys:expr, $policy: ident ) => {
-        $keys
-            .with_policy($policy, None)
-            .supported()
-            .alive()
-            .revoked(false)
-            .for_storage_encryption()
-    };
-}
-
 /// Get public encryption keys from the specified cert, returning an error if
 /// no valid keys are found.
 pub(crate) fn keys_from_cert<'a>(
@@ -27,7 +13,14 @@ pub(crate) fn keys_from_cert<'a>(
 ) -> Result<Vec<ValidErasedKeyAmalgamation<'a, PublicParts>>> {
     // Pull the encryption keys that are compatible with by the standard policy
     // (e.g. not SHA-1) supported by Sequoia, and not revoked.
-    let keys: Vec<_> = filter_keys!(cert.keys(), policy).collect();
+    let keys: Vec<_> = cert
+        .keys()
+        .with_policy(policy, None)
+        .supported()
+        .alive()
+        .revoked(false)
+        .for_storage_encryption()
+        .collect();
 
     // Each certificate must have at least one supported encryption key
     if keys.is_empty() {
@@ -45,7 +38,12 @@ pub(crate) fn secret_key_from_cert<'a>(
     // Pull the encryption keys that are compatible with by the standard policy
     // (e.g. not SHA-1) supported by Sequoia, and not revoked.
     // These filter options should be kept in sync with `Helper::decrypt()`.
-    let keys: Vec<_> = filter_keys!(cert.keys().secret(), policy).collect();
+    let keys: Vec<_> = cert
+        .keys()
+        .secret()
+        .with_policy(policy, None)
+        .for_storage_encryption()
+        .collect();
 
     // Just return the first encryption key
     match keys.get(0) {