#include "noise.h"
#include "mprand.h"
#include "key.h"
+#include "getdate.h"
#include "cc.h"
#include "ectab.h"
#include "ptab.h"
-/*----- Utilities ---------------------------------------------------------*/
-
-/* --- @keyreport@ --- *
- *
- * Arguments: @const char *file@ = filename containing the error
- * @int line@ = line number in file
- * @const char *err@ = error text message
- * @void *p@ = unimportant pointer
- *
- * Returns: ---
- *
- * Use: Reports errors during the opening of a key file.
- */
-
-static void keyreport(const char *file, int line, const char *err, void *p)
-{
- moan("error in keyring `%s' at line `%s': %s", file, line, err);
-}
-
/*----- Static variables --------------------------------------------------*/
static const char *keyring = "keyring";
if (argc - optind > 1 || (f & F_BOGUS))
die(EXIT_FAILURE, "Usage: sign [-OPTIONS] [FILE]");
- if (key_open(&kf, keyring, KOPEN_READ, keyreport, 0))
+ if (key_open(&kf, keyring, KOPEN_READ, key_moan, 0))
die(EXIT_FAILURE, "can't open keyring `%s'", keyring);
if ((k = key_bytag(&kf, kn)) == 0)
die(EXIT_FAILURE, "key `%s' not found", kn);
int i;
char bb[MSGBUFSZ];
size_t n;
+ time_t t_fresh = 0;
dstr d = DSTR_INIT, dd = DSTR_INIT;
const encops *eo;
msgcanon mc_in = MC_INIT;
{ "output", OPTF_ARGREQ, 0, 'o' },
{ "quiet", 0, 0, 'q' },
{ "utc", 0, 0, 'u' },
+ { "fresh-time", 0, 0, 't' },
{ "gmt", 0, 0, 'u' },
{ "verbose", 0, 0, 'v' },
{ 0, 0, 0, 0 }
};
- i = mdwopt(argc, argv, "k:f:o:abquv", opt, 0, 0, 0);
+ i = mdwopt(argc, argv, "k:f:o:abqt:uv", opt, 0, 0, 0);
if (i < 0) break;
switch (i) {
case 'a': ef = "pem"; break;
case 'f': ef = optarg; break;
case 'o': of = optarg; break;
case 'u': v.f |= F_UTC; break;
+ case 't':
+ if (strcmp(optarg, "always") == 0) t_fresh = 0;
+ else if ((t_fresh = get_date(optarg, 0)) < 0)
+ die(EXIT_FAILURE, "bad freshness time");
+ break;
case 'q': if (v.verb > 0) v.verb--; break;
case 'v': if (v.verb < 10) v.verb++; break;
default: v.f |= F_BOGUS; break;
} else
optind++;
- if (key_open(&kf, keyring, KOPEN_READ, keyreport, 0))
+ if (key_open(&kf, keyring, KOPEN_READ, key_moan, 0))
die(EXIT_FAILURE, "can't open keyring `%s'", keyring);
if (kn && (kk = key_bytag(&kf, kn)) == 0)
die(EXIT_FAILURE, "key `%s' not found", kn);
if (v.verb) printf("FAIL signature verification failed\n");
exit(EXIT_FAILURE);
}
+ if (t_fresh && s.t < t_fresh) {
+ if (v.verb) printf("FAIL signature is stale\n");
+ exit(EXIT_FAILURE);
+ }
+ if (s.t > time(0)) {
+ if (v.verb) printf("FAIL signature timestamp in the future\n");
+ exit(EXIT_FAILURE);
+ }
if (v.verb) {
tm = (v.f & F_UTC) ? gmtime(&s.t) : localtime(&s.t);
strftime(bb, sizeof(bb), "%Y-%m-%d %H:%M:%S %Z", tm);
-k, --key=TAG Require that the message be signed by key TAG.\n\
-o, --output=FILE Write message to FILE.\n\
-q, --quiet Produce fewer messages.\n\
+-t, --freshtime=TIME Only accept signatures made after this time.\n\
-u, --utc Show dates in UTC rather than local time.\n\
-v, --verbose Produce more verbose messages.\n\
" },
projects / u / mdw / catacomb / blobdiff