security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

agent: Use "Created:" field for creation time.

Browse Source 
* agent/agent.h (agent_key_from_file): Change the declaration.
* agent/findkey.c (agent_key_from_file): Return timestamp.
* agent/pkdecrypt.c (agent_pkdecrypt): Follow the change.
* agent/pksign.c (agent_pkdecrypt): Likewise.
* agent/command.c (cmd_passwd, cmd_export_key): Likewise.
(cmd_keytocard): Use timestamp in private key file in "Created:".

--

GnuPG-bug-id: 5538
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2022-03-25 14:10:46 +09:00
parent 25d37a0a6a
commit c795be79c1
5 changed files with 36 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/agent.h
View File

@ -461,7 +461,7 @@ gpg_error_t agent_key_from_file (ctrl_t ctrl,
cache_mode_t cache_mode, cache_mode_t cache_mode,
lookup_ttl_t lookup_ttl, lookup_ttl_t lookup_ttl,
gcry_sexp_t *result, gcry_sexp_t *result,
char **r_passphrase); char **r_passphrase, time_t *r_timestamp);
gpg_error_t agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip, gpg_error_t agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
gcry_sexp_t *result); gcry_sexp_t *result);
gpg_error_t agent_public_key_from_file (ctrl_t ctrl, gpg_error_t agent_public_key_from_file (ctrl_t ctrl,

38
agent/command.c
View File

@ -2204,7 +2204,7 @@ cmd_passwd (assuan_context_t ctx, char *line)
opt_verify? NULL : cache_nonce, opt_verify? NULL : cache_nonce,
ctrl->server_local->keydesc, ctrl->server_local->keydesc,
grip, &shadow_info, CACHE_MODE_IGNORE, NULL, grip, &shadow_info, CACHE_MODE_IGNORE, NULL,
&s_skey, &passphrase); &s_skey, &passphrase, NULL);
if (err) if (err)
; ;
else if (shadow_info) else if (shadow_info)
@ -2812,7 +2812,7 @@ cmd_export_key (assuan_context_t ctx, char *line)
err = agent_key_from_file (ctrl, cache_nonce, err = agent_key_from_file (ctrl, cache_nonce,
ctrl->server_local->keydesc, grip, ctrl->server_local->keydesc, grip,
&shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey, &shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey,
openpgp ? &passphrase : NULL); openpgp ? &passphrase : NULL, NULL);
if (err) if (err)
goto leave; goto leave;
if (shadow_info) if (shadow_info)
@ -2979,7 +2979,7 @@ cmd_keytocard (assuan_context_t ctx, char *line)
const char *argv[5]; const char *argv[5];
int argc; int argc;
unsigned char grip[20]; unsigned char grip[20];
const char *serialno, *timestamp_str, *keyref; const char *serialno, *keyref;
gcry_sexp_t s_skey = NULL; gcry_sexp_t s_skey = NULL;
unsigned char *keydata; unsigned char *keydata;
size_t keydatalen; size_t keydatalen;
@ -3017,21 +3017,9 @@ cmd_keytocard (assuan_context_t ctx, char *line)
keyref = argv[2]; keyref = argv[2];
/* FIXME: Default to the creation time as stored in the private
* key. The parameter is here so that gpg can make sure that the
* timestamp as used for key creation (and thus the openPGP
* fingerprint) is used. */
timestamp_str = argc > 3? argv[3] : "19700101T000000";
if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1))
{
err = gpg_error (GPG_ERR_INV_TIME);
goto leave;
}
err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip,
&shadow_info, CACHE_MODE_IGNORE, NULL, &shadow_info, CACHE_MODE_IGNORE, NULL,
&s_skey, NULL); &s_skey, NULL, &timestamp);
if (err) if (err)
goto leave; goto leave;
if (shadow_info) if (shadow_info)
@ -3041,6 +3029,22 @@ cmd_keytocard (assuan_context_t ctx, char *line)
goto leave; goto leave;
} }
if (timestamp == (time_t)(-1))
{
/* Default to the creation time as stored in the private key. The
* parameter is here so that gpg can make sure that the timestamp as
* used for key creation (and thus the openPGP fingerprint) is
* used. */
const char *timestamp_str= argc > 3? argv[3] : "19700101T000000";
if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1))
{
err = gpg_error (GPG_ERR_INV_TIME);
goto leave;
}
}
/* Note: We can't use make_canon_sexp because we need to allocate a /* Note: We can't use make_canon_sexp because we need to allocate a
* few extra bytes for our hack below. */ * few extra bytes for our hack below. */
keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0); keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0);
@ -3277,7 +3281,7 @@ cmd_keytotpm (assuan_context_t ctx, char *line)
err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip,
&shadow_info, CACHE_MODE_IGNORE, NULL, &shadow_info, CACHE_MODE_IGNORE, NULL,
&s_skey, NULL); &s_skey, NULL, NULL);
if (err) if (err)
{ {
xfree (shadow_info); xfree (shadow_info);

13
agent/findkey.c
View File

@ -981,7 +981,8 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
const char *desc_text, const char *desc_text,
const unsigned char *grip, unsigned char **shadow_info, const unsigned char *grip, unsigned char **shadow_info,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
gcry_sexp_t *result, char **r_passphrase) gcry_sexp_t *result, char **r_passphrase,
time_t *r_timestamp)
{ {
gpg_error_t err; gpg_error_t err;
unsigned char *buf; unsigned char *buf;
@ -995,6 +996,8 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
*shadow_info = NULL; *shadow_info = NULL;
if (r_passphrase) if (r_passphrase)
*r_passphrase = NULL; *r_passphrase = NULL;
if (r_timestamp)
*r_timestamp = (time_t)(-1);
err = read_key_file (grip, &s_skey, &keymeta); err = read_key_file (grip, &s_skey, &keymeta);
if (err) if (err)
@ -1015,6 +1018,14 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
return err; return err;
} }
if (r_timestamp && keymeta)
{
const char *created = nvc_get_string (keymeta, "Created:");
if (created)
*r_timestamp = isotime2epoch (created);
}
switch (agent_private_key_type (buf)) switch (agent_private_key_type (buf))
{ {
case PRIVATE_KEY_CLEAR: case PRIVATE_KEY_CLEAR:

2
agent/pkdecrypt.c
View File

@ -69,7 +69,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
} }
err = agent_key_from_file (ctrl, NULL, desc_text, err = agent_key_from_file (ctrl, NULL, desc_text,
ctrl->keygrip, &shadow_info, ctrl->keygrip, &shadow_info,
CACHE_MODE_NORMAL, NULL, &s_skey, NULL); CACHE_MODE_NORMAL, NULL, &s_skey, NULL, NULL);
if (gpg_err_code (err) == GPG_ERR_NO_SECKEY) if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
no_shadow_info = 1; no_shadow_info = 1;
else if (err) else if (err)

2
agent/pksign.c
View File

@ -316,7 +316,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip, err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip,
&shadow_info, cache_mode, lookup_ttl, &shadow_info, cache_mode, lookup_ttl,
&s_skey, NULL); &s_skey, NULL, NULL);
if (gpg_err_code (err) == GPG_ERR_NO_SECKEY) if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
no_shadow_info = 1; no_shadow_info = 1;
else if (err) else if (err)