diff --git a/crypto/signature.go b/crypto/signature.go index f5c58ab3..921eabe2 100644 --- a/crypto/signature.go +++ b/crypto/signature.go @@ -240,7 +240,7 @@ func verifySignature( } } else { config.Time = func() time.Time { - return time.Unix(verifyTime+internal.CreationTimeOffset, 0) + return time.Unix(verifyTime+internal.CreationTimeOffset, 999999999) } } @@ -258,7 +258,7 @@ func verifySignature( // Maybe the creation time offset pushed it over the edge // Retry with the actual verification time config.Time = func() time.Time { - return time.Unix(verifyTime, 0) + return time.Unix(verifyTime, 999999999) } seeker, ok := origText.(io.ReadSeeker) diff --git a/crypto/signature_test.go b/crypto/signature_test.go index de32e1f9..85a5ec15 100644 --- a/crypto/signature_test.go +++ b/crypto/signature_test.go @@ -13,6 +13,7 @@ import ( "github.com/ProtonMail/go-crypto/openpgp" "github.com/ProtonMail/go-crypto/openpgp/packet" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/ProtonMail/gopenpgp/v2/constants" ) @@ -663,3 +664,33 @@ func Test_verifySignaturExpire(t *testing.T) { t.Fatal(err) } } + +func TestKeyNotExpired(t *testing.T) { + const lifetime = uint32(time.Hour / time.Second) + + cfg := &packet.Config{ + Algorithm: packet.PubKeyAlgoEdDSA, + DefaultHash: crypto.SHA256, + DefaultCipher: packet.CipherAES256, + DefaultCompressionAlgo: packet.CompressionZLIB, + KeyLifetimeSecs: lifetime, + SigLifetimeSecs: lifetime, + Time: func() time.Time { return time.Unix(GetUnixTime(), 42) }, + } + + entity, err := openpgp.NewEntity("John Smith", "Linux", "john.smith@example.com", cfg) + require.NoError(t, err) + key, err := NewKeyFromEntity(entity) + require.NoError(t, err) + keyRing, err := NewKeyRing(key) + require.NoError(t, err) + + data := []byte("Hello, World!") + message := NewPlainMessage(data) + signature, err := keyRing.SignDetached(message) + require.NoError(t, err) + + sig := NewPGPSignature(signature.GetBinary()) + err = keyRing.VerifyDetached(message, sig, GetUnixTime()) + require.NoError(t, err) +} diff --git a/crypto/time.go b/crypto/time.go index b208d874..6bd92d4b 100644 --- a/crypto/time.go +++ b/crypto/time.go @@ -43,7 +43,7 @@ func getNow() time.Time { return time.Now() } - return time.Unix(pgp.latestServerTime, 0) + return time.Unix(pgp.latestServerTime, 999999999) } // getTimeGenerator Returns a time generator function.