From 9cea6911b24ae552b8804048d093490405ed0b69 Mon Sep 17 00:00:00 2001 From: mdw Date: Tue, 27 Sep 2005 17:43:37 +0000 Subject: [PATCH] Check freshness on signatures. --- catsign.1 | 11 +++++++++++ catsign.c | 19 ++++++++++++++++++- keyutil.c | 2 +- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/catsign.1 b/catsign.1 index 9eb2398..596b76f 100644 --- a/catsign.1 +++ b/catsign.1 @@ -59,6 +59,8 @@ is one of: .IR tag ] .RB [ \-f .IR format ] +.RB [ \-t +.IR time ] .br .RB [ \-o @@ -448,6 +450,15 @@ signature. Using this option causes verification to fail unless the signature header specifies the key named .IR tag . .TP +.BI "\-t, \-\-freshtime " time +Only accept signatures claiming to have been made more recently than +.IR time . +If +.I time +is +.B always +(the default) then any timestamp in the past is acceptable. +.TP .B "\-u, \-\-utc" Show the datestamp in the signature in UTC rather than (your) local time. The synonym diff --git a/catsign.c b/catsign.c index dc96e55..3cea053 100644 --- a/catsign.c +++ b/catsign.c @@ -50,6 +50,7 @@ #include "noise.h" #include "mprand.h" #include "key.h" +#include "getdate.h" #include "cc.h" #include "ectab.h" @@ -599,6 +600,7 @@ static int verify(int argc, char *argv[]) int i; char bb[MSGBUFSZ]; size_t n; + time_t t_fresh = 0; dstr d = DSTR_INIT, dd = DSTR_INIT; const encops *eo; msgcanon mc_in = MC_INIT; @@ -614,11 +616,12 @@ static int verify(int argc, char *argv[]) { "output", OPTF_ARGREQ, 0, 'o' }, { "quiet", 0, 0, 'q' }, { "utc", 0, 0, 'u' }, + { "fresh-time", 0, 0, 't' }, { "gmt", 0, 0, 'u' }, { "verbose", 0, 0, 'v' }, { 0, 0, 0, 0 } }; - i = mdwopt(argc, argv, "k:f:o:abquv", opt, 0, 0, 0); + i = mdwopt(argc, argv, "k:f:o:abqt:uv", opt, 0, 0, 0); if (i < 0) break; switch (i) { case 'a': ef = "pem"; break; @@ -627,6 +630,11 @@ static int verify(int argc, char *argv[]) case 'f': ef = optarg; break; case 'o': of = optarg; break; case 'u': v.f |= F_UTC; break; + case 't': + if (strcmp(optarg, "always") == 0) t_fresh = 0; + else if ((t_fresh = get_date(optarg, 0)) < 0) + die(EXIT_FAILURE, "bad freshness time"); + break; case 'q': if (v.verb > 0) v.verb--; break; case 'v': if (v.verb < 10) v.verb++; break; default: v.f |= F_BOGUS; break; @@ -739,6 +747,14 @@ static int verify(int argc, char *argv[]) if (v.verb) printf("FAIL signature verification failed\n"); exit(EXIT_FAILURE); } + if (t_fresh && s.t < t_fresh) { + if (v.verb) printf("FAIL signature is stale\n"); + exit(EXIT_FAILURE); + } + if (s.t > time(0)) { + if (v.verb) printf("FAIL signature timestamp in the future\n"); + exit(EXIT_FAILURE); + } if (v.verb) { tm = (v.f & F_UTC) ? gmtime(&s.t) : localtime(&s.t); strftime(bb, sizeof(bb), "%Y-%m-%d %H:%M:%S %Z", tm); @@ -1078,6 +1094,7 @@ Options:\n\ -k, --key=TAG Require that the message be signed by key TAG.\n\ -o, --output=FILE Write message to FILE.\n\ -q, --quiet Produce fewer messages.\n\ +-t, --freshtime=TIME Only accept signatures made after this time.\n\ -u, --utc Show dates in UTC rather than local time.\n\ -v, --verbose Produce more verbose messages.\n\ " }, diff --git a/keyutil.c b/keyutil.c index 9881dc7..6146ae4 100644 --- a/keyutil.c +++ b/keyutil.c @@ -1015,7 +1015,7 @@ static int cmd_add(int argc, char *argv[]) /* --- Expiry dates get passed to @get_date@ for parsing --- */ case 'e': - if (strncmp(optarg, "forever", strlen(optarg)) == 0) + if (strcmp(optarg, "forever") == 0) exp = KEXP_FOREVER; else { exp = get_date(optarg, 0); -- 2.11.0