diff options
-rw-r--r-- | openpgp-ffi/include/sequoia/openpgp.h | 9 | ||||
-rw-r--r-- | openpgp-ffi/src/packet/signature.rs | 18 | ||||
-rw-r--r-- | openpgp/src/packet/signature/subpacket.rs | 39 | ||||
-rw-r--r-- | tool/src/commands/inspect.rs | 2 |
4 files changed, 28 insertions, 40 deletions
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index bd495156..c84fb582 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -395,14 +395,11 @@ bool pgp_signature_alive(pgp_signature_t signature); bool pgp_signature_alive_at(pgp_signature_t signature, time_t when); /*/ -/// Returns whether the signature is expired. -/*/ -bool pgp_signature_expired(pgp_signature_t signature); - -/*/ /// Returns whether the signature is expired at the specified time. +/// +/// If `when` is 0, then the current time is used. /*/ -bool pgp_signature_expired_at(pgp_signature_t signature, time_t when); +bool pgp_signature_expired(pgp_signature_t signature, time_t when); /*/ /// Returns whether the signature is alive at the specified time. diff --git a/openpgp-ffi/src/packet/signature.rs b/openpgp-ffi/src/packet/signature.rs index 4d3f4ae3..ed0691f9 100644 --- a/openpgp-ffi/src/packet/signature.rs +++ b/openpgp-ffi/src/packet/signature.rs @@ -135,17 +135,17 @@ fn pgp_signature_alive_at(sig: *const Signature, when: time_t) -> bool { .signature_alive_at(time::at(time::Timespec::new(when as i64, 0))) } -/// Returns whether the signature is expired. -#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn pgp_signature_expired(sig: *const Signature) -> bool { - sig.ref_raw().signature_expired() -} - /// Returns whether the signature is expired at the specified time. +/// +/// If `when` is 0, then the current time is used. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" -fn pgp_signature_expired_at(sig: *const Signature, when: time_t) -> bool { - sig.ref_raw() - .signature_expired_at(time::at(time::Timespec::new(when as i64, 0))) +fn pgp_signature_expired(sig: *const Signature, when: time_t) -> bool { + let t = if when == 0 { + None + } else { + Some(time::at(time::Timespec::new(when as i64, 0))) + }; + sig.ref_raw().signature_expired(t) } /// Returns whether the signature is alive at the specified time. diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index c1d7dddd..dda69e2a 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -1321,22 +1321,10 @@ impl Signature4 { } } - /// Returns whether or not the signature is expired. - /// - /// Note that [Section 5.2.3.4 of RFC 4880] states that "[[A - /// Signature Creation Time subpacket]] MUST be present in the - /// hashed area." Consequently, if such a packet does not exist, - /// but a "Signature Expiration Time" subpacket exists, we - /// conservatively treat the signature as expired, because there - /// is no way to evaluate the expiration time. - /// - /// [Section 5.2.3.4 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-5.2.3.4 - pub fn signature_expired(&self) -> bool { - self.signature_expired_at(time::now_utc()) - } - /// Returns whether or not the signature is expired at the given time. /// + /// If `t` is None, uses the current time. + /// /// Note that [Section 5.2.3.4 of RFC 4880] states that "[[A /// Signature Creation Time subpacket]] MUST be present in the /// hashed area." Consequently, if such a packet does not exist, @@ -1345,13 +1333,16 @@ impl Signature4 { /// is no way to evaluate the expiration time. /// /// [Section 5.2.3.4 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-5.2.3.4 - pub fn signature_expired_at(&self, tm: time::Tm) -> bool { + pub fn signature_expired<T>(&self, t: T) -> bool + where T: Into<Option<time::Tm>> + { + let t = t.into().unwrap_or_else(time::now_utc); match (self.signature_creation_time(), self.signature_expiration_time()) { (Some(_), Some(e)) if e.num_seconds() == 0 => false, // Zero expiration time, does not expire. (Some(c), Some(e)) => - (c + e) <= tm, + (c + e) <= t, (None, Some(_)) => true, // No creation time, treat as always expired. (_, None) => @@ -1388,7 +1379,7 @@ impl Signature4 { /// [Section 5.2.3.4 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-5.2.3.4 pub fn signature_alive_at(&self, tm: time::Tm) -> bool { if let Some(creation_time) = self.signature_creation_time() { - creation_time <= tm && ! self.signature_expired_at(tm) + creation_time <= tm && ! self.signature_expired(tm) } else { false } @@ -2434,9 +2425,9 @@ fn accessors() { sig.clone().sign_hash(&mut keypair, hash_algo, hash.clone()).unwrap(); assert_eq!(sig_.signature_expiration_time(), Some(five_minutes)); - assert!(!sig_.signature_expired()); - assert!(!sig_.signature_expired_at(now)); - assert!(sig_.signature_expired_at(now + ten_minutes)); + assert!(!sig_.signature_expired(None)); + assert!(!sig_.signature_expired(now)); + assert!(sig_.signature_expired(now + ten_minutes)); assert!(sig_.signature_alive()); assert!(sig_.signature_alive_at(now)); @@ -2447,9 +2438,9 @@ fn accessors() { let sig_ = sig.clone().sign_hash(&mut keypair, hash_algo, hash.clone()).unwrap(); assert_eq!(sig_.signature_expiration_time(), None); - assert!(!sig_.signature_expired()); - assert!(!sig_.signature_expired_at(now)); - assert!(!sig_.signature_expired_at(now + ten_minutes)); + assert!(!sig_.signature_expired(None)); + assert!(!sig_.signature_expired(now)); + assert!(!sig_.signature_expired(now + ten_minutes)); assert!(sig_.signature_alive()); assert!(sig_.signature_alive_at(now)); @@ -2780,7 +2771,7 @@ fn subpacket_test_2() { })); // The signature does not expire. - assert!(! sig.signature_expired()); + assert!(! sig.signature_expired(None)); assert_eq!(sig.key_expiration_time(), Some(time::Duration::from_pgp(63072000))); diff --git a/tool/src/commands/inspect.rs b/tool/src/commands/inspect.rs index 438a2f77..526490e0 100644 --- a/tool/src/commands/inspect.rs +++ b/tool/src/commands/inspect.rs @@ -149,7 +149,7 @@ fn inspect_tpk(output: &mut io::Write, tpk: &openpgp::TPK, writeln!(output, " UserID: {}", uidb.userid())?; inspect_revocation(output, "", uidb.revoked(None))?; if let Some(sig) = uidb.binding_signature(None) { - if sig.signature_expired() { + if sig.signature_expired(None) { writeln!(output, " Expired")?; } else if ! sig.signature_alive() { writeln!(output, " Not yet valid")?; |