Browse Source

Added key expiration time sig subpacket. Fixed segfault on fileread filter in case of failure in opening file.

master
Edouard Tisserant 7 years ago
parent
commit
de1b28475c
6 changed files with 49 additions and 23 deletions
  1. +4
    -3
      dist/src/lib/keyring.c
  2. +1
    -1
      dist/src/lib/keyring.h
  3. +1
    -1
      dist/src/lib/openssl_crypto.c
  4. +36
    -16
      dist/src/lib/signature.c
  5. +7
    -1
      dist/src/lib/signature.h
  6. +0
    -1
      dist/src/lib/validate.c

+ 4
- 3
dist/src/lib/keyring.c View File

@ -825,7 +825,7 @@ void print_packet_hex(const pgp_subpacket_t *pkt);
\return 1 if OK; else 0
*/
unsigned
pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid)
pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid, uint64_t duration)
{
pgp_create_sig_t *sig;
pgp_subpacket_t sigpacket;
@ -839,7 +839,8 @@ pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid)
/* create sig for this pkt */
sig = pgp_create_sig_new();
pgp_sig_start_key_sig(sig, &skey->key.seckey.pubkey, userid, PGP_CERT_POSITIVE);
pgp_add_time(sig, (int64_t)time(NULL), "birth");
pgp_add_creation_time(sig, (uint64_t)time(NULL));
pgp_add_key_expiration_time(sig, (uint64_t)duration);
pgp_add_issuer_keyid(sig, skey->pubkeyid);
pgp_add_primary_userid(sig, 1);
pgp_end_hashed_subpkts(sig);
@ -877,7 +878,7 @@ pgp_key_revoke(pgp_key_t *skey, pgp_key_t *pkey, uint8_t code, const char *reaso
sig, &skey->key.seckey.pubkey,
PGP_SIG_REV_KEY);
pgp_add_time(sig, (int64_t)time(NULL), "birth");
pgp_add_creation_time(sig, (int64_t)time(NULL));
pgp_add_issuer_keyid(sig, skey->pubkeyid);
pgp_add_revocation_reason(sig, code, reason);
pgp_end_hashed_subpkts(sig);


+ 1
- 1
dist/src/lib/keyring.h View File

@ -143,7 +143,7 @@ unsigned pgp_update_userid(
// const pgp_subpacket_t *,
// unsigned );
unsigned pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid);
unsigned pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, uint8_t *userid, uint64_t duration);
pgp_key_t *pgp_keydata_new(void);
void pgp_keydata_init(pgp_key_t *, const pgp_content_enum);


+ 1
- 1
dist/src/lib/openssl_crypto.c View File

@ -808,7 +808,7 @@ pgp_rsa_new_selfsign_key(const int numbits,
keydata = pgp_keydata_new();
if (!pgp_rsa_generate_keypair(keydata, numbits, e, hashalg, cipher,
(const uint8_t *) "", (const size_t) 0) ||
!pgp_add_selfsigned_userid(keydata, NULL, userid)) {
!pgp_add_selfsigned_userid(keydata, NULL, userid, 0 /*never expire*/)) {
pgp_keydata_free(keydata);
return NULL;
}


+ 36
- 16
dist/src/lib/signature.c View File

@ -843,17 +843,37 @@ pgp_write_sig(pgp_output_t *output,
return ret;
}
/* add a time stamp to the output */
unsigned
pgp_add_time(pgp_create_sig_t *sig, int64_t when, const char *type)
pgp_add_creation_time(pgp_create_sig_t *sig, uint64_t when)
{
pgp_content_enum tag;
tag = (strcmp(type, "birth") == 0) ?
PGP_PTAG_SS_CREATION_TIME : PGP_PTAG_SS_EXPIRATION_TIME;
/* just do 32-bit timestamps for just now - it's in the protocol */
tag = PGP_PTAG_SS_CREATION_TIME;
return pgp_write_ss_header(sig->output, 5, tag) &&
pgp_write_scalar(sig->output, when, 4/*sizeof(when)*/);
}
unsigned
pgp_add_sig_expiration_time(pgp_create_sig_t *sig, uint64_t duration)
{
pgp_content_enum tag;
tag = PGP_PTAG_SS_EXPIRATION_TIME;
return pgp_write_ss_header(sig->output, 5, tag) &&
pgp_write_scalar(sig->output, duration, 4/*sizeof(duration)*/);
}
unsigned
pgp_add_key_expiration_time(pgp_create_sig_t *sig, uint64_t duration)
{
pgp_content_enum tag;
tag = PGP_PTAG_SS_KEY_EXPIRY;
return pgp_write_ss_header(sig->output, 5, tag) &&
pgp_write_scalar(sig->output, (uint32_t)when, (unsigned)sizeof(uint32_t));
pgp_write_scalar(sig->output, duration, 4/*sizeof(duration)*/);
}
/**
@ -1031,8 +1051,8 @@ pgp_sign_file(pgp_io_t *io,
/* - creation time */
/* - key id */
ret = pgp_writer_use_armored_sig(output) &&
pgp_add_time(sig, (int64_t)from, "birth") &&
pgp_add_time(sig, (int64_t)duration, "expiration");
pgp_add_creation_time(sig, (uint64_t)from) &&
pgp_add_sig_expiration_time(sig, (uint64_t)duration);
if (ret == 0) {
pgp_teardown_file_write(output, fd_out);
return 0;
@ -1078,8 +1098,8 @@ pgp_sign_file(pgp_io_t *io,
#endif
/* add creation time to signature */
pgp_add_time(sig, (int64_t)from, "birth");
pgp_add_time(sig, (int64_t)duration, "expiration");
pgp_add_creation_time(sig, (uint64_t)from);
pgp_add_sig_expiration_time(sig, (uint64_t)duration);
/* add key id to signature */
pgp_keyid(keyid, PGP_KEY_ID_SIZE, &seckey->pubkey, hash_alg);
pgp_add_issuer_keyid(sig, keyid);
@ -1172,8 +1192,8 @@ pgp_sign_buf(pgp_io_t *io,
ret = pgp_writer_push_clearsigned(output, sig) &&
pgp_write(output, input, (unsigned)insize) &&
pgp_writer_use_armored_sig(output) &&
pgp_add_time(sig, from, "birth") &&
pgp_add_time(sig, (int64_t)duration, "expiration");
pgp_add_creation_time(sig, from) &&
pgp_add_sig_expiration_time(sig, (uint64_t)duration);
if (ret == 0) {
return NULL;
}
@ -1203,8 +1223,8 @@ pgp_sign_buf(pgp_io_t *io,
}
/* add creation time to signature */
pgp_add_time(sig, from, "birth");
pgp_add_time(sig, (int64_t)duration, "expiration");
pgp_add_creation_time(sig, from);
pgp_add_sig_expiration_time(sig, (uint64_t)duration);
/* add key id to signature */
pgp_keyid(keyid, PGP_KEY_ID_SIZE, &seckey->pubkey, hash_alg);
pgp_add_issuer_keyid(sig, keyid);
@ -1271,8 +1291,8 @@ pgp_sign_detached(pgp_io_t *io,
pgp_memory_free(mem);
/* calculate the signature */
pgp_add_time(sig, from, "birth");
pgp_add_time(sig, (int64_t)duration, "expiration");
pgp_add_creation_time(sig, from);
pgp_add_sig_expiration_time(sig, (uint64_t)duration);
pgp_keyid(keyid, sizeof(keyid), &seckey->pubkey, hash_alg);
pgp_add_issuer_keyid(sig, keyid);
pgp_end_hashed_subpkts(sig);


+ 7
- 1
dist/src/lib/signature.h View File

@ -98,11 +98,17 @@ pgp_hash_t *pgp_sig_get_hash(pgp_create_sig_t *);
unsigned pgp_end_hashed_subpkts(pgp_create_sig_t *);
unsigned pgp_write_sig(pgp_output_t *, pgp_create_sig_t *,
const pgp_pubkey_t *, const pgp_seckey_t *);
unsigned pgp_add_time(pgp_create_sig_t *, int64_t, const char *);
unsigned pgp_add_issuer_keyid(pgp_create_sig_t *,
const uint8_t *);
void pgp_add_primary_userid(pgp_create_sig_t *, unsigned);
unsigned
pgp_add_creation_time(pgp_create_sig_t *sig, uint64_t when);
unsigned
pgp_add_sig_expiration_time(pgp_create_sig_t *sig, uint64_t duration);
unsigned
pgp_add_key_expiration_time(pgp_create_sig_t *sig, uint64_t duration);
/* Standard Interface */
unsigned pgp_sign_file(pgp_io_t *,
const char *,


+ 0
- 1
dist/src/lib/validate.c View File

@ -865,7 +865,6 @@ pgp_filter_keys_fileread(
1);
if (fd < 0) {
pgp_stream_delete(stream);
perror(filename);
return 0;
}


Loading…
Cancel
Save