security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-23 15:07:03 +01:00
Code Activity

Sig expiration code

Browse Source 
Offer to expire a key signature when the key the user is signing expires
Expired sigs cause an error return
If --expert is set, prompt for sig duration
This commit is contained in:
David Shaw 2001-12-07 01:14:15 +00:00
parent 98facb5800
commit 1ccd578910
12 changed files with 244 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
g10/ChangeLog
View File

@ -1,3 +1,36 @@
2001-12-05 David Shaw <dshaw@jabberwocky.com>
* sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt
for sig expiration if --expert is set and --force-v3-sigs is not
set (v3 sigs cannot expire).
* mainproc.c (check_sig_and_print): After checking a sig, print
expiration status. This causes a error return if the sig is
expired.
* build-packet.c (build_sig_subpkt_from_sig): Include a critical
sig expiration subpacket if the sig is to expire.
* keyedit.c (sign_uids): Do not sign an expired key unless
--expert is set, in which case prompt. Also, offer to expire a
signature when the key the user is signing expires.
* keygen.c (ask_expire_interval): Add a value to determine whether
to prompt for a key or sig expiration and change all callers.
* keyid.c: New functions: expirestr_from_sig and
colon_expirestr_from_sig.
* keylist.c (list_keyblock_colon): Show sig expiration date in the
--with-colons listing.
* sign.c (make_keysig_packet, write_signature_packets): Pass in an
optional timestamp for the signature packet, and change all
callers.
* keyedit.c (sign_mk_attrib): Include a critical expiration
subpacket in the signature if an expiration date is given.
2001-12-04 David Shaw <dshaw@jabberwocky.com>
* keyedit.c (sign_uids): If the user tries to sign a

12
g10/build-packet.c
View File

@ -777,6 +777,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
case SIGSUBPKT_PREF_HASH:
case SIGSUBPKT_PREF_COMPR:
case SIGSUBPKT_FEATURES:
case SIGSUBPKT_SIG_EXPIRE:
delete_sig_subpkt (sig->hashed, type);
break;
default:
@ -891,6 +892,17 @@ build_sig_subpkt_from_sig( PKT_signature *sig )
buf[2] = (u >> 8) & 0xff;
buf[3] = u & 0xff;
build_sig_subpkt( sig, SIGSUBPKT_SIG_CREATED, buf, 4 );
if(sig->expiredate)
{
u = sig->expiredate-sig->timestamp;
buf[0] = (u >> 24) & 0xff;
buf[1] = (u >> 16) & 0xff;
buf[2] = (u >> 8) & 0xff;
buf[3] = u & 0xff;
build_sig_subpkt( sig, SIGSUBPKT_SIG_EXPIRE | SIGSUBPKT_FLAG_CRITICAL,
buf, 4 );
}
}

2
g10/keydb.h
View File

@ -224,11 +224,13 @@ const char *datestr_from_sk( PKT_secret_key *sk );
const char *datestr_from_sig( PKT_signature *sig );
const char *expirestr_from_pk( PKT_public_key *pk );
const char *expirestr_from_sk( PKT_secret_key *sk );
const char *expirestr_from_sig( PKT_signature *sig );
const char *colon_strtime (u32 t);
const char *colon_datestr_from_pk (PKT_public_key *pk);
const char *colon_datestr_from_sk (PKT_secret_key *sk);
const char *colon_datestr_from_sig (PKT_signature *sig);
const char *colon_expirestr_from_sig (PKT_signature *sig);
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );

81
g10/keyedit.c
View File

@ -78,6 +78,7 @@ static int enable_disable_key( KBNODE keyblock, int disable );
struct sign_attrib {
int non_exportable;
u32 duration;
struct revocation_reason_info *reason;
};
@ -243,6 +244,19 @@ sign_mk_attrib( PKT_signature *sig, void *opaque )
buf[0] = 0; /* not exportable */
build_sig_subpkt( sig, SIGSUBPKT_EXPORTABLE, buf, 1 );
}
if(attrib->duration>0) {
buf[0]=(attrib->duration >> 24) & 0xff;
buf[1]=(attrib->duration >> 16) & 0xff;
buf[2]=(attrib->duration >> 8) & 0xff;
buf[3]=attrib->duration & 0xff;
/* Mark this CRITICAL, so if any implementation doesn't
understand sigs that can expire, it'll just disregard this
sig altogether. */
build_sig_subpkt( sig, SIGSUBPKT_SIG_EXPIRE | SIGSUBPKT_FLAG_CRITICAL,
buf, 4 );
}
if( attrib->reason )
revocation_reason_build_cb( sig, attrib->reason );
@ -288,6 +302,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
u32 sk_keyid[2];
size_t n;
char *p;
u32 duration=0,timestamp=0;
/* we have to use a copy of the sk, because make_keysig_packet
* may remove the protection from sk and if we did other
@ -307,7 +322,10 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
/* reset mark for uids which are already signed */
uidnode = NULL;
for( node=keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_USER_ID ) {
if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
primary_pk=node->pkt->pkt.public_key;
}
else if( node->pkt->pkttype == PKT_USER_ID ) {
uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
{
@ -382,6 +400,54 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
show_key_with_all_names( keyblock, 1, 1, 0, 0 );
tty_printf("\n");
if(primary_pk->expiredate)
{
u32 now=make_timestamp();
if(primary_pk->expiredate<=now)
{
tty_printf(_("This key has expired!"));
if(opt.expert)
{
tty_printf(_(" Are you sure you still "
"want to sign it?\n"));
if(!cpr_get_answer_is_yes("sign_uid.okay",
_("Really sign? ")))
continue;
}
else
{
tty_printf("\n");
continue;
}
}
else
{
tty_printf(_("This key is due to expire on %s.\n"),
expirestr_from_pk(primary_pk));
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/n) ")))
{
/* This fixes the signature timestamp we're going
to make as now. This is so the expiration date
is exactly correct, and not a few seconds off
(due to the time it takes to answer the
questions, enter the passphrase, etc). */
timestamp=now;
duration=primary_pk->expiredate-now;
force_v4=1;
}
}
}
/* Only ask for duration if we haven't already set it to match
the expiration of the pk */
if(opt.expert && !duration)
duration=ask_expire_interval(1);
if(duration)
force_v4=1;
if(opt.batch)
class=0x10+opt.def_check_level;
else
@ -471,6 +537,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
assert( primary_pk );
memset( &attrib, 0, sizeof attrib );
attrib.non_exportable = local;
attrib.duration = duration;
node->flag &= ~NODFLG_MARK_A;
/* we force createion of a v4 signature for local
@ -482,7 +549,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
NULL,
sk,
class, 0, force_v4?4:0,
sign_mk_attrib,
timestamp, sign_mk_attrib,
&attrib );
if( rc ) {
log_error(_("signing failed: %s\n"), g10_errstr(rc));
@ -1459,7 +1526,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock )
sec_where = NULL;
assert(pk && sk );
rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0,
rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, 0,
keygen_add_std_prefs, pk );
free_secret_key( sk );
if( rc ) {
@ -1754,11 +1821,11 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
/* create new self signature */
if( mainkey )
rc = make_keysig_packet( &newsig, main_pk, uid, NULL,
sk, 0x13, 0, 0,
sk, 0x13, 0, 0, 0,
keygen_add_std_prefs, main_pk );
else
rc = make_keysig_packet( &newsig, main_pk, NULL, sub_pk,
sk, 0x18, 0, 0,
sk, 0x18, 0, 0, 0,
keygen_add_key_expire, sub_pk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n",
@ -2275,7 +2342,7 @@ menu_revsig( KBNODE keyblock )
unode->pkt->pkt.user_id,
NULL,
sk,
0x30, 0, 0,
0x30, 0, 0, 0,
sign_mk_attrib,
&attrib );
free_secret_key(sk);
@ -2338,7 +2405,7 @@ menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
node->flag &= ~NODFLG_SELKEY;
sk = copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key );
rc = make_keysig_packet( &sig, mainpk, NULL, subpk, sk,
0x28, 0, 0,
0x28, 0, 0, 0,
sign_mk_attrib, &attrib );
free_secret_key(sk);
if( rc ) {

43
g10/keygen.c
View File

@ -387,7 +387,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
cache_public_key (pk);
/* and make the signature */
rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0,
rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, 0,
keygen_add_std_prefs, pk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
@ -436,7 +436,7 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
/* and make the signature */
oduap.usage = use;
oduap.pk = subpk;
rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0, 0,
rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0, 0, 0,
keygen_add_key_flags_and_expire, &oduap );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
@ -905,20 +905,38 @@ parse_expire_string( const char *string )
return valid_days;
}
static u32
ask_expire_interval(void)
/* object == 0 for a key, and 1 for a sig */
u32
ask_expire_interval(int object)
{
char *answer;
int valid_days=0;
u32 interval = 0;
switch(object)
{
case 0:
tty_printf(_("Please specify how long the key should be valid.\n"
" 0 = key does not expire\n"
" <n> = key expires in n days\n"
" <n>w = key expires in n weeks\n"
" <n>m = key expires in n months\n"
" <n>y = key expires in n years\n"));
break;
case 1:
tty_printf(_("Please specify how long the signature should be valid.\n"
" 0 = signature does not expire\n"
" <n> = signature expires in n days\n"
" <n>w = signature expires in n weeks\n"
" <n>m = signature expires in n months\n"
" <n>y = signature expires in n years\n"));
break;
default:
BUG();
}
/* Note: The elgamal subkey for DSA has no expiration date because
* it must be signed with the DSA key and this one has the expiration
* date */
@ -928,7 +946,10 @@ ask_expire_interval(void)
u32 curtime=make_timestamp();
m_free(answer);
if(object==0)
answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
else
answer = cpr_get("siggen.valid",_("Signature is valid for? (0) "));
cpr_kill_prompt();
trim_spaces(answer);
valid_days = parse_expire_string( answer );
@ -938,13 +959,15 @@ ask_expire_interval(void)
}
if( !valid_days ) {
tty_printf(_("Key does not expire at all\n"));
tty_printf(_("%s does not expire at all\n"),
object==0?"Key":"Signature");
interval = 0;
}
else {
interval = valid_days * 86400L;
/* print the date when the key expires */
tty_printf(_("Key expires at %s\n"),
tty_printf(_("%s expires at %s\n"),
object==0?"Key":"Signature",
asctimestamp((ulong)(curtime + interval) ) );
/* FIXME: This check yields warning on alhas:
write a configure check and to this check here only for 32 bit machines */
@ -964,7 +987,7 @@ ask_expire_interval(void)
u32
ask_expiredate()
{
u32 x = ask_expire_interval();
u32 x = ask_expire_interval(0);
return x? make_timestamp() + x : 0;
}
@ -1725,7 +1748,7 @@ generate_keypair( const char *fname )
r->next = para;
para = r;
expire = ask_expire_interval();
expire = ask_expire_interval(0);
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYEXPIRE;
r->u.expire = expire;
@ -2045,7 +2068,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
algo = ask_algo( 1, &use );
assert(algo);
nbits = ask_keysize( algo );
expire = ask_expire_interval();
expire = ask_expire_interval(0);
if( !cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
_("Really create? ") ) )
goto leave;

25
g10/keyid.c
View File

@ -318,7 +318,6 @@ datestr_from_sig( PKT_signature *sig )
return mk_datestr (buffer, atime);
}
const char *
expirestr_from_pk( PKT_public_key *pk )
{
@ -343,6 +342,18 @@ expirestr_from_sk( PKT_secret_key *sk )
return mk_datestr (buffer, atime);
}
const char *
expirestr_from_sig( PKT_signature *sig )
{
static char buffer[11+5];
time_t atime;
if(!sig->expiredate)
return "never ";
atime=sig->expiredate;
return mk_datestr (buffer, atime);
}
const char *
colon_strtime (u32 t)
{
@ -389,6 +400,18 @@ colon_datestr_from_sig (PKT_signature *sig)
return datestr_from_sig (sig);
}
const char *
colon_expirestr_from_sig (PKT_signature *sig)
{
if(!sig->expiredate)
return "";
if (opt.fixed_list_mode) {
static char buf[15];
sprintf (buf, "%lu", (ulong)sig->expiredate);
return buf;
}
return expirestr_from_sig (sig);
}
/**************** .

6
g10/keylist.c
View File

@ -425,6 +425,7 @@ list_keyblock_print ( KBNODE keyblock, int secret )
rc = 0;
sigrc = ' ';
}
fputs( sigstr, stdout );
printf("%c%c %c%c%c%c%c %08lX %s ",
sigrc,(sig->sig_class-0x10>0 &&
@ -716,9 +717,10 @@ list_keyblock_colon( KBNODE keyblock, int secret )
putchar(':');
if( sigrc != ' ' )
putchar(sigrc);
printf("::%d:%08lX%08lX:%s::::", sig->pubkey_algo,
printf("::%d:%08lX%08lX:%s:%s:::", sig->pubkey_algo,
(ulong)sig->keyid[0],
(ulong)sig->keyid[1], colon_datestr_from_sig(sig));
(ulong)sig->keyid[1], colon_datestr_from_sig(sig),
colon_expirestr_from_sig(sig));
if( sigrc == '%' )
printf("[%s] ", g10_errstr(rc) );
else if( sigrc == '?' )

1
g10/main.h
View File

@ -98,6 +98,7 @@ void keyedit_menu( const char *username, STRLIST locusr, STRLIST cmds,
int sign_mode );
/*-- keygen.c --*/
u32 ask_expire_interval(int object);
u32 ask_expiredate(void);
void generate_keypair( const char *fname );
int keygen_set_std_prefs (const char *string);

10
g10/mainproc.c
View File

@ -1336,6 +1336,7 @@ check_sig_and_print( CTX c, KBNODE node )
}
}
release_kbnode( keyblock );
if( !rc )
print_notation_data( sig );
@ -1362,6 +1363,15 @@ check_sig_and_print( CTX c, KBNODE node )
if( !rc )
rc = check_signatures_trust( sig );
if(sig->flags.expired)
{
log_info("Signature expired %s\n",asctimestamp(sig->expiredate));
rc=G10ERR_GENERAL; /* need a better error here? */
}
else if(sig->expiredate)
log_info("Signature expires %s\n",asctimestamp(sig->expiredate));
if( rc )
g10_errors_seen = 1;
if( opt.batch && rc )

4
g10/packet.h
View File

@ -436,8 +436,8 @@ int write_comment( IOBUF out, const char *s );
/*-- sign.c --*/
int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk,
PKT_secret_key *sk,
int sigclass, int digest_algo, int sigversion,
PKT_secret_key *sk, int sigclass, int digest_algo,
int sigversion, u32 timestamp,
int (*mksubpkt)(PKT_signature *, void *),
void *opaque );
int update_keysig_packet( PKT_signature **ret_sig,

2
g10/revoke.c
View File

@ -193,7 +193,7 @@ gen_revoke( const char *uname )
iobuf_push_filter( out, armor_filter, &afx );
/* create it */
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, 0,
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, 0, 0,
revocation_reason_build_cb,
reason );
if( rc ) {

49
g10/sign.c
View File

@ -433,7 +433,8 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
*/
static int
write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash,
int sigclass, int old_style, int status_letter)
int sigclass, u32 timestamp, u32 duration,
int old_style, int status_letter)
{
SK_LIST sk_rover;
@ -448,11 +449,21 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash,
/* build the signature packet */
sig = m_alloc_clear (sizeof *sig);
sig->version = (old_style || opt.force_v3_sigs)? 3 : sk->version;
if(old_style || opt.force_v3_sigs)
sig->version=3;
else if(duration)
sig->version=4;
else
sig->version=sk->version;
keyid_from_sk (sk, sig->keyid);
sig->digest_algo = hash_for (sk->pubkey_algo, sk->version);
sig->pubkey_algo = sk->pubkey_algo;
if(timestamp)
sig->timestamp = timestamp;
else
sig->timestamp = make_timestamp();
if(duration)
sig->expiredate = sig->timestamp+duration;
sig->sig_class = sigclass;
md = md_copy (hash);
@ -520,7 +531,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
int multifile = 0;
int old_style = opt.rfc1991;
int compr_algo = -1; /* unknown */
u32 timestamp=0,duration=0;
memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx);
@ -539,9 +550,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( fname && filenames->next && (!detached || encryptflag) )
log_bug("multiple files can only be detached signed");
if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
duration=ask_expire_interval(1);
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave;
if( !old_style )
if( !old_style && !duration )
old_style = only_old_style( sk_list );
if( encryptflag ) {
@ -662,6 +676,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
/* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md,
opt.textmode && !outfile? 0x01 : 0x00,
timestamp, duration,
old_style, detached ? 'D':'S');
if( rc )
goto leave;
@ -699,13 +714,17 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
SK_LIST sk_rover = NULL;
int old_style = opt.rfc1991;
int only_md5 = 0;
u32 timestamp=0,duration=0;
memset( &afx, 0, sizeof afx);
init_packet( &pkt );
if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
duration=ask_expire_interval(1);
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave;
if( !old_style )
if( !old_style && !duration )
old_style = only_old_style( sk_list );
/* prepare iobufs */
@ -789,8 +808,8 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
iobuf_push_filter( out, armor_filter, &afx );
/* write the signatures */
rc = write_signature_packets (sk_list, out, textmd,
0x01, old_style, 'C');
rc = write_signature_packets (sk_list, out, textmd, 0x01,
timestamp, duration, old_style, 'C');
if( rc )
goto leave;
@ -826,6 +845,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
int old_style = opt.rfc1991;
int compr_algo = -1; /* unknown */
int algo;
u32 timestamp=0,duration=0;
memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx);
@ -834,10 +854,13 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
memset( &cfx, 0, sizeof cfx);
init_packet( &pkt );
if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
duration=ask_expire_interval(1);
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
if (rc)
goto leave;
if( !old_style )
if( !old_style && !duration )
old_style = only_old_style( sk_list );
/* prepare iobufs */
@ -935,6 +958,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
/*(current filters: zip - encrypt - armor)*/
rc = write_signature_packets (sk_list, out, mfx.md,
opt.textmode? 0x01 : 0x00,
timestamp, duration,
old_style, 'S');
if( rc )
goto leave;
@ -963,14 +987,14 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
* DIGEST_ALGO is 0 the function selects an appropriate one.
* SIGVERSION gives the minimal required signature packet version;
* this is needed so that special properties like local sign are not
* applied (actually: dropped) when a v3 key is used.
*/
* applied (actually: dropped) when a v3 key is used. TIMESTAMP is
* the timestamp to use for the signature. 0 means "now" */
int
make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk,
PKT_secret_key *sk,
int sigclass, int digest_algo,
int sigversion,
int sigversion, u32 timestamp,
int (*mksubpkt)(PKT_signature *, void *), void *opaque
)
{
@ -1030,6 +1054,9 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
keyid_from_sk( sk, sig->keyid );
sig->pubkey_algo = sk->pubkey_algo;
sig->digest_algo = digest_algo;
if(timestamp)
sig->timestamp=timestamp;
else
sig->timestamp = make_timestamp();
sig->sig_class = sigclass;
if( sig->version >= 4 )