Module key_policy 

Key Usage Policy Enforcement

This module provides policy-based access control for cryptographic keys, enforcing restrictions on how keys can be used to prevent misuse and ensure compliance with security policies.

Features

• Operation restrictions: Limit which operations a key can perform
• Usage limits: Maximum number of operations per key
• Time-based policies: Key validity periods and expiration
• Context-based policies: Require specific context for key usage
• Policy composition: Combine multiple policies with AND/OR logic
• Audit logging: Track policy violations and key usage

Example

use chie_crypto::key_policy::{KeyPolicy, KeyUsagePolicy, Operation, PolicyEngine};
use std::time::Duration;

// Create a policy that allows only signing, max 100 uses, valid for 30 days
let policy = KeyPolicy::new()
    .allow_operation(Operation::Sign)
    .deny_operation(Operation::Decrypt)
    .max_uses(100)
    .valid_for(Duration::from_secs(30 * 24 * 3600));

// Create policy engine and register the policy
let mut engine = PolicyEngine::new();
let key_id = [1u8; 32];
engine.register_policy(key_id, policy);

// Check if an operation is allowed
assert!(engine.check_policy(&key_id, Operation::Sign, None).is_ok());
assert!(engine.check_policy(&key_id, Operation::Decrypt, None).is_err());

Structs

KeyPolicy

Key usage policy defining allowed operations and constraints

PolicyEngine

Policy engine that manages and enforces key usage policies

Enums

Operation

Cryptographic operations that can be performed with a key

PolicyViolation

Policy violation types

Traits

KeyUsagePolicy

Trait for objects that can enforce key usage policies