From b56ea7ab07626ff37e14f0c15c6252b7627a6b72 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Wed, 17 Nov 2021 12:50:46 +0100 Subject: openpgp: Use a WASM-friendly SystemTime::now wrapper. - Fixes #769. --- openpgp/src/cert.rs | 10 +++++----- openpgp/src/cert/amalgamation.rs | 8 ++++---- openpgp/src/cert/amalgamation/iter.rs | 2 +- openpgp/src/cert/amalgamation/key.rs | 10 +++++----- openpgp/src/cert/amalgamation/key/iter.rs | 4 ++-- openpgp/src/cert/builder.rs | 4 ++-- openpgp/src/cert/bundle.rs | 4 ++-- openpgp/src/crypto/backend/cng/asymmetric.rs | 10 +++++----- openpgp/src/crypto/backend/nettle/asymmetric.rs | 10 +++++----- openpgp/src/crypto/backend/rust/asymmetric.rs | 10 +++++----- openpgp/src/lib.rs | 10 ++++++++++ openpgp/src/packet/key.rs | 6 +++--- openpgp/src/packet/signature.rs | 6 +++--- openpgp/src/packet/signature/subpacket.rs | 8 ++++---- openpgp/src/parse/stream.rs | 2 +- openpgp/src/policy.rs | 12 ++++++------ openpgp/src/serialize/stream.rs | 2 +- openpgp/src/types/timestamp.rs | 2 +- 18 files changed, 65 insertions(+), 55 deletions(-) (limited to 'openpgp/src') diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index 19dccd3f..fb74c2c8 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -1050,7 +1050,7 @@ impl Cert { -> Result> where T: Into> { - let t = t.into().unwrap_or_else(std::time::SystemTime::now); + let t = t.into().unwrap_or_else(crate::now); ValidComponentAmalgamation::primary(self, self.userids.iter(), policy, t, valid_cert) } @@ -2830,7 +2830,7 @@ impl Cert { -> Result> where T: Into>, { - let time = time.into().unwrap_or_else(time::SystemTime::now); + let time = time.into().unwrap_or_else(crate::now); self.primary_key().with_policy(policy, time)?; Ok(ValidCert { @@ -4842,7 +4842,7 @@ mod test { assert_match!(RevocationStatus::Revoked(_) = cert.revocation_status(p, t34)); assert_match!(RevocationStatus::Revoked(_) = cert.revocation_status(p, t4)); assert_match!(RevocationStatus::Revoked(_) - = cert.revocation_status(p, time::SystemTime::now())); + = cert.revocation_status(p, crate::now())); } #[test] @@ -4999,7 +4999,7 @@ mod test { crate::tests::key( &format!("really-revoked-{}-0-public.pgp", f))).unwrap(); - let now = time::SystemTime::now(); + let now = crate::now(); let selfsig0 = cert.userids().with_policy(p, now).map(|b| { b.binding_signature().signature_creation_time().unwrap() @@ -5246,7 +5246,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= let cert = Cert::from_bytes( crate::tests::key("really-revoked-userid-0-public.pgp")).unwrap(); - let now = time::SystemTime::now(); + let now = crate::now(); let selfsig0 = cert.userids().with_policy(p, now).map(|b| { b.binding_signature().signature_creation_time().unwrap() diff --git a/openpgp/src/cert/amalgamation.rs b/openpgp/src/cert/amalgamation.rs index db086b98..3ee80cf5 100644 --- a/openpgp/src/cert/amalgamation.rs +++ b/openpgp/src/cert/amalgamation.rs @@ -778,7 +778,7 @@ impl<'a, C> ComponentAmalgamation<'a, C> { -> Result<&'a Signature> where T: Into> { - let time = time.into().unwrap_or_else(SystemTime::now); + let time = time.into().unwrap_or_else(crate::now); self.bundle.binding_signature(policy, time) } @@ -872,7 +872,7 @@ macro_rules! impl_with_policy { where T: Into>, Self: Sized { - let time = time.into().unwrap_or_else(SystemTime::now); + let time = time.into().unwrap_or_else(crate::now); if $value { self.cert.with_policy(policy, time)?; @@ -1108,7 +1108,7 @@ where C: IntoIterator, // override it. use crate::packet::signature::SIG_BACKDATE_BY; let creation_time = - time::SystemTime::now() - time::Duration::new(SIG_BACKDATE_BY, 0); + crate::now() - time::Duration::new(SIG_BACKDATE_BY, 0); let template = SignatureBuilder::new(SignatureType::AttestationKey) .set_signature_creation_time(creation_time)?; @@ -1751,7 +1751,7 @@ impl<'a, C> ValidateAmalgamation<'a, C> for ValidComponentAmalgamation<'a, C> { { assert!(std::ptr::eq(self.ca.cert(), self.cert.cert())); - let time = time.into().unwrap_or_else(SystemTime::now); + let time = time.into().unwrap_or_else(crate::now); self.ca.with_policy(policy, time) } } diff --git a/openpgp/src/cert/amalgamation/iter.rs b/openpgp/src/cert/amalgamation/iter.rs index afb20212..1fb2d208 100644 --- a/openpgp/src/cert/amalgamation/iter.rs +++ b/openpgp/src/cert/amalgamation/iter.rs @@ -177,7 +177,7 @@ impl<'a, C> ComponentAmalgamationIter<'a, C> { ValidComponentAmalgamationIter { cert: self.cert, iter: self.iter, - time: time.into().unwrap_or_else(SystemTime::now), + time: time.into().unwrap_or_else(crate::now), policy, revoked: None, } diff --git a/openpgp/src/cert/amalgamation/key.rs b/openpgp/src/cert/amalgamation/key.rs index bd371ce9..da95504c 100644 --- a/openpgp/src/cert/amalgamation/key.rs +++ b/openpgp/src/cert/amalgamation/key.rs @@ -565,7 +565,7 @@ impl<'a, P> ValidateAmalgamation<'a, Key> -> Result where T: Into> { - let time = time.into().unwrap_or_else(SystemTime::now); + let time = time.into().unwrap_or_else(crate::now); // We need to make sure the certificate is okay. This means // checking the primary key. But, be careful: we don't need @@ -779,7 +779,7 @@ impl<'a, P: 'a + key::KeyParts> ErasedKeyAmalgamation<'a, P> { -> Result<&'a Signature> where T: Into> { - let time = time.into().unwrap_or_else(SystemTime::now); + let time = time.into().unwrap_or_else(crate::now); if self.primary { self.cert().primary_userid_relaxed(policy, time, false) .map(|u| u.binding_signature()) @@ -1838,7 +1838,7 @@ impl<'a, P> ValidErasedKeyAmalgamation<'a, P> }; self.set_validity_period_as_of(primary_signer, subkey_signer, - expiration, time::SystemTime::now()) + expiration, crate::now()) } } @@ -2273,7 +2273,7 @@ mod test { // 0: Setkeys set to expire in 1 year // 1: Subkeys expire - let now = time::SystemTime::now(); + let now = crate::now(); let a_year = time::Duration::from_secs(365 * 24 * 60 * 60); let in_a_year = now + a_year; let in_two_years = now + 2 * a_year; @@ -2372,7 +2372,7 @@ mod test { } // Make the primary key expire in a week. - let t = time::SystemTime::now() + let t = crate::now() + time::Duration::from_secs(7 * 24 * 60 * 60); let mut signer = vc diff --git a/openpgp/src/cert/amalgamation/key/iter.rs b/openpgp/src/cert/amalgamation/key/iter.rs index d2ec0fe6..2e1bb9ac 100644 --- a/openpgp/src/cert/amalgamation/key/iter.rs +++ b/openpgp/src/cert/amalgamation/key/iter.rs @@ -524,7 +524,7 @@ impl<'a, P, R> KeyAmalgamationIter<'a, P, R> subkey_iter: self.subkey_iter, policy, - time: time.into().unwrap_or_else(SystemTime::now), + time: time.into().unwrap_or_else(crate::now), // The filters. secret: self.secret, @@ -1649,7 +1649,7 @@ mod test { .generate().unwrap(); let flags = KeyFlags::empty().set_transport_encryption(); - let now = SystemTime::now() + let now = crate::now() - std::time::Duration::new(52 * 7 * 24 * 60 * 60, 0); assert_eq!(cert.keys().with_policy(p, now).key_flags(flags).alive().count(), 0); diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index c9f926a2..2b1a53ce 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -1287,7 +1287,7 @@ impl CertBuilder<'_> { let creation_time = self.creation_time.unwrap_or_else(|| { use crate::packet::signature::SIG_BACKDATE_BY; - time::SystemTime::now() - + crate::now() - time::Duration::new(SIG_BACKDATE_BY, 0) }); @@ -1659,7 +1659,7 @@ mod tests { fn validity_periods() { let p = &P::new(); - let now = std::time::SystemTime::now(); + let now = crate::now(); let s = std::time::Duration::new(1, 0); let (cert,_) = CertBuilder::new() diff --git a/openpgp/src/cert/bundle.rs b/openpgp/src/cert/bundle.rs index 6eea1248..182b4afd 100644 --- a/openpgp/src/cert/bundle.rs +++ b/openpgp/src/cert/bundle.rs @@ -237,7 +237,7 @@ impl ComponentBundle { -> Result<&Signature> where T: Into> { - let t = t.into().unwrap_or_else(time::SystemTime::now); + let t = t.into().unwrap_or_else(crate::now); // Recall: the signatures are sorted by their creation time in // descending order, i.e., newest first. @@ -596,7 +596,7 @@ impl ComponentBundle { { // Fallback time. let time_zero = || time::UNIX_EPOCH; - let t = t.into().unwrap_or_else(time::SystemTime::now); + let t = t.into().unwrap_or_else(crate::now); let selfsig_creation_time = selfsig.and_then(|s| s.signature_creation_time()) .unwrap_or_else(time_zero); diff --git a/openpgp/src/crypto/backend/cng/asymmetric.rs b/openpgp/src/crypto/backend/cng/asymmetric.rs index c573acc4..fe987dbe 100644 --- a/openpgp/src/crypto/backend/cng/asymmetric.rs +++ b/openpgp/src/crypto/backend/cng/asymmetric.rs @@ -723,7 +723,7 @@ where private.reverse(); Self::with_secret( - ctime.into().unwrap_or_else(SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::ECDH, mpi::PublicKey::ECDH { curve: Curve::Cv25519, @@ -757,7 +757,7 @@ where public[1..].copy_from_slice(Into::::into(&private).as_bytes()); Self::with_secret( - ctime.into().unwrap_or_else(SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::EdDSA, mpi::PublicKey::EdDSA { curve: Curve::Ed25519, @@ -797,7 +797,7 @@ where .ok_or_else(|| Error::MalformedMPI("RSA: `p` and `q` aren't coprime".into()))?; Self::with_secret( - ctime.into().unwrap_or_else(SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::RSAEncryptSign, mpi::PublicKey::RSA { e: mpi::MPI::new(&e.to_bytes_be()), @@ -846,7 +846,7 @@ where }; Self::with_secret( - SystemTime::now(), + crate::now(), PublicKeyAlgorithm::RSAEncryptSign, public, private.into() @@ -960,7 +960,7 @@ where } }; - Self::with_secret(SystemTime::now(), algo, public, private.into()) + Self::with_secret(crate::now(), algo, public, private.into()) } } diff --git a/openpgp/src/crypto/backend/nettle/asymmetric.rs b/openpgp/src/crypto/backend/nettle/asymmetric.rs index bf1126e6..0b4e1835 100644 --- a/openpgp/src/crypto/backend/nettle/asymmetric.rs +++ b/openpgp/src/crypto/backend/nettle/asymmetric.rs @@ -344,7 +344,7 @@ impl Key4 private_key.reverse(); Self::with_secret( - ctime.into().unwrap_or_else(SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::ECDH, mpi::PublicKey::ECDH { curve: Curve::Cv25519, @@ -370,7 +370,7 @@ impl Key4 ed25519::public_key(&mut public_key, private_key).unwrap(); Self::with_secret( - ctime.into().unwrap_or_else(SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::EdDSA, mpi::PublicKey::EdDSA { curve: Curve::Ed25519, @@ -395,7 +395,7 @@ impl Key4 let (a, b, c) = sec.as_rfc4880(); Self::with_secret( - ctime.into().unwrap_or_else(SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::RSAEncryptSign, mpi::PublicKey::RSA { e: mpi::MPI::new(&key.e()[..]), @@ -427,7 +427,7 @@ impl Key4 }; Self::with_secret( - SystemTime::now(), + crate::now(), PublicKeyAlgorithm::RSAEncryptSign, public_mpis, private_mpis.into()) @@ -565,7 +565,7 @@ impl Key4 }; Self::with_secret( - SystemTime::now(), + crate::now(), pk_algo, mpis, secret) diff --git a/openpgp/src/crypto/backend/rust/asymmetric.rs b/openpgp/src/crypto/backend/rust/asymmetric.rs index 22c86cee..405b932b 100644 --- a/openpgp/src/crypto/backend/rust/asymmetric.rs +++ b/openpgp/src/crypto/backend/rust/asymmetric.rs @@ -361,7 +361,7 @@ impl Key4 private_key.reverse(); Self::with_secret( - ctime.into().unwrap_or_else(SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::ECDH, mpi::PublicKey::ECDH { curve: Curve::Cv25519, @@ -396,7 +396,7 @@ impl Key4 &mut public[1..].copy_from_slice(Into::::into(&private).as_bytes()); Self::with_secret( - ctime.into().unwrap_or_else(SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::EdDSA, mpi::PublicKey::EdDSA { curve: Curve::Ed25519, @@ -435,7 +435,7 @@ impl Key4 .ok_or_else(|| Error::MalformedMPI("RSA: `p` and `q` aren't coprime".into()))?; Self::with_secret( - ctime.into().unwrap_or_else(SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::RSAEncryptSign, mpi::PublicKey::RSA { e: mpi::MPI::new(&e.to_bytes_be()), @@ -474,7 +474,7 @@ impl Key4 }; Self::with_secret( - SystemTime::now(), + crate::now(), PublicKeyAlgorithm::RSAEncryptSign, public, private.into(), @@ -573,7 +573,7 @@ impl Key4 return Err(Error::UnsupportedEllipticCurve(curve).into()); } }; - Self::with_secret(SystemTime::now(), algo, public, private.into()) + Self::with_secret(crate::now(), algo, public, private.into()) } } diff --git a/openpgp/src/lib.rs b/openpgp/src/lib.rs index f7af0123..a8280d75 100644 --- a/openpgp/src/lib.rs +++ b/openpgp/src/lib.rs @@ -104,6 +104,16 @@ fn vec_drain_prefix(v: &mut Vec, prefix_len: usize) { } } +/// Like std::time::SystemTime::now, but works on WASM. +fn now() -> std::time::SystemTime { + #[cfg(all(target_arch = "wasm32", target_os = "unknown"))] { + chrono::Utc::now().into() + } + #[cfg(not(all(target_arch = "wasm32", target_os = "unknown")))] { + std::time::SystemTime::now() + } +} + // Like assert!, but checks a pattern. // // assert_match!(Some(_) = x); diff --git a/openpgp/src/packet/key.rs b/openpgp/src/packet/key.rs index 07fc9d2d..6e75c604 100644 --- a/openpgp/src/packet/key.rs +++ b/openpgp/src/packet/key.rs @@ -952,7 +952,7 @@ impl Key4 point.insert(0, 0x40); Self::new( - ctime.into().unwrap_or_else(time::SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::ECDH, mpi::PublicKey::ECDH { curve: Curve::Cv25519, @@ -976,7 +976,7 @@ impl Key4 point.insert(0, 0x40); Self::new( - ctime.into().unwrap_or_else(time::SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::EdDSA, mpi::PublicKey::EdDSA { curve: Curve::Ed25519, @@ -994,7 +994,7 @@ impl Key4 -> Result where T: Into> { Self::new( - ctime.into().unwrap_or_else(time::SystemTime::now), + ctime.into().unwrap_or_else(crate::now), PublicKeyAlgorithm::RSAEncryptSign, mpi::PublicKey::RSA { e: mpi::MPI::new(e), diff --git a/openpgp/src/packet/signature.rs b/openpgp/src/packet/signature.rs index aa19c130..e8d81904 100644 --- a/openpgp/src/packet/signature.rs +++ b/openpgp/src/packet/signature.rs @@ -1607,10 +1607,10 @@ impl SignatureBuilder { if let Some(oct) = self.original_creation_time { let t = (oct + time::Duration::new(1, 0)).max( - time::SystemTime::now() - + crate::now() - time::Duration::new(SIG_BACKDATE_BY, 0)); - if t > time::SystemTime::now() { + if t > crate::now() { return Err(Error::InvalidOperation( "Cannot create valid signature newer than template" .into()).into()); @@ -1618,7 +1618,7 @@ impl SignatureBuilder { self.set_signature_creation_time(t)? } else { - self.set_signature_creation_time(time::SystemTime::now())? + self.set_signature_creation_time(crate::now())? }; } diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index f8a5873a..e26375bd 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -2500,10 +2500,10 @@ impl SubpacketAreas { let (time, tolerance) = match (time.into(), clock_skew_tolerance.into()) { (None, None) => - (time::SystemTime::now(), + (crate::now(), *CLOCK_SKEW_TOLERANCE), (None, Some(tolerance)) => - (time::SystemTime::now(), + (crate::now(), tolerance), (Some(time), None) => (time, time::Duration::new(0, 0)), @@ -2695,7 +2695,7 @@ impl SubpacketAreas { R: key::KeyRole, T: Into> { - let t = t.into().unwrap_or_else(time::SystemTime::now); + let t = t.into().unwrap_or_else(crate::now); match self.key_validity_period() { Some(e) if e.as_secs() > 0 && key.creation_time() + e <= t => @@ -7028,7 +7028,7 @@ fn accessors() { // Cook up a timestamp without ns resolution. use std::convert::TryFrom; let now: time::SystemTime = - Timestamp::try_from(time::SystemTime::now()).unwrap().into(); + Timestamp::try_from(crate::now()).unwrap().into(); sig = sig.set_signature_creation_time(now).unwrap(); let sig_ = diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index da21b320..a9a556ca 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -2288,7 +2288,7 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { .map(|_| time::Duration::new(0, 0)) .unwrap_or( *crate::packet::signature::subpacket::CLOCK_SKEW_TOLERANCE); - let time = time.unwrap_or_else(time::SystemTime::now); + let time = time.unwrap_or_else(crate::now); let mut ppr = PacketParserBuilder::from_buffered_reader(bio)? .map(mapping) diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index 934f7c12..889326c2 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -2155,7 +2155,7 @@ mod test { let mut reject : StandardPolicy = StandardPolicy::new(); reject.reject_hash_at( algo, - SystemTime::now().checked_add(Duration::from_secs(SECS_IN_YEAR))); + crate::now().checked_add(Duration::from_secs(SECS_IN_YEAR))); reject.hash_revocation_tolerance(0); cert.primary_key().binding_signature(&reject, None)?; assert_match!(RevocationStatus::Revoked(_) @@ -2165,7 +2165,7 @@ mod test { let mut reject : StandardPolicy = StandardPolicy::new(); reject.reject_hash_at( algo, - SystemTime::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); + crate::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); reject.hash_revocation_tolerance(0); assert!(cert.primary_key() .binding_signature(&reject, None).is_err()); @@ -2177,7 +2177,7 @@ mod test { let mut reject : StandardPolicy = StandardPolicy::new(); reject.reject_hash_at( algo, - SystemTime::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); + crate::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); reject.hash_revocation_tolerance(2 * SECS_IN_YEAR as u32); assert!(cert.primary_key() .binding_signature(&reject, None).is_err()); @@ -2190,10 +2190,10 @@ mod test { assert!(algo_u8 != 0u8); reject.reject_hash_at( (algo_u8 - 1).into(), - SystemTime::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); + crate::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); reject.reject_hash_at( (algo_u8 + 1).into(), - SystemTime::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); + crate::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); reject.hash_revocation_tolerance(0); cert.primary_key().binding_signature(&reject, None)?; assert_match!(RevocationStatus::Revoked(_) @@ -2205,7 +2205,7 @@ mod test { let mut reject : StandardPolicy = StandardPolicy::new(); reject.reject_hash_at( algo, - SystemTime::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); + crate::now().checked_sub(Duration::from_secs(SECS_IN_YEAR))); reject.hash_revocation_tolerance(0); assert!(cert.primary_key() .binding_signature(&reject, None).is_err()); diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 019138b3..1b3c13fd 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -1320,7 +1320,7 @@ impl<'a> Signer<'a> { let mut sig = self.template.clone() .set_signature_creation_time( self.creation_time - .unwrap_or_else(SystemTime::now))?; + .unwrap_or_else(crate::now))?; if ! self.intended_recipients.is_empty() { sig = sig.set_intended_recipients( diff --git a/openpgp/src/types/timestamp.rs b/openpgp/src/types/timestamp.rs index 148138fa..aa0341a5 100644 --- a/openpgp/src/types/timestamp.rs +++ b/openpgp/src/types/timestamp.rs @@ -124,7 +124,7 @@ impl fmt::Debug for Timestamp { impl Timestamp { /// Returns the current time. pub fn now() -> Timestamp { - SystemTime::now().try_into() + crate::now().try_into() .expect("representable for the next hundred years") } -- cgit v1.2.3