warn on signature earlier than key creation, err on significantly earlier

author: Vincent Breitmoser <valodim@mugenguild.com> 2015-05-28 11:40:35 +0200
committer: Vincent Breitmoser <valodim@mugenguild.com> 2015-05-28 11:40:35 +0200
commit: 724726a4fd64cdbdaae8002cdf605472d1c877ec (patch)
tree: 025bfad26e1a40de4de9f8292f125bbf46168077 /OpenKeychain/src
parent: a8e95f676e580cfbab030aa0f58167a41149d00f (diff)
download: open-keychain-724726a4fd64cdbdaae8002cdf605472d1c877ec.tar.gz
open-keychain-724726a4fd64cdbdaae8002cdf605472d1c877ec.tar.bz2
open-keychain-724726a4fd64cdbdaae8002cdf605472d1c877ec.zip
3 files changed, 23 insertions, 0 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 54d2e6e8a..4a36cbb0b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -401,6 +401,7 @@ public abstract class OperationResult implements Parcelable {
         MSG_KC_SUB_BAD_LOCAL(LogLevel.WARN, R.string.msg_kc_sub_bad_local),
         MSG_KC_SUB_BAD_KEYID(LogLevel.WARN, R.string.msg_kc_sub_bad_keyid),
         MSG_KC_SUB_BAD_TIME(LogLevel.WARN, R.string.msg_kc_sub_bad_time),
+        MSG_KC_SUB_BAD_TIME_EARLY(LogLevel.WARN, R.string.msg_kc_sub_bad_time_early),
         MSG_KC_SUB_BAD_TYPE(LogLevel.WARN, R.string.msg_kc_sub_bad_type),
         MSG_KC_SUB_DUP (LogLevel.DEBUG, R.string.msg_kc_sub_dup),
         MSG_KC_SUB_PRIMARY_BAD(LogLevel.WARN, R.string.msg_kc_sub_primary_bad),
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
index 2bb4f7dc4..ecf68890e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -820,6 +820,15 @@ public class UncachedKeyRing {
                 continue;
             }
 
+            Date keyCreationTime = key.getCreationTime(), keyCreationTimeLenient;
+            {
+                Calendar keyCreationCal = Calendar.getInstance();
+                keyCreationCal.setTime(keyCreationTime);
+                // allow for diverging clocks up to one day when checking creation time
+                keyCreationCal.add(Calendar.MINUTE, -5);
+                keyCreationTimeLenient = keyCreationCal.getTime();
+            }
+
             // A subkey needs exactly one subkey binding certificate, and optionally one revocation
             // certificate.
             PGPPublicKey modified = key;
@@ -851,6 +860,18 @@ public class UncachedKeyRing {
                     continue;
                 }
 
+                if (cert.getCreationTime().before(keyCreationTime)) {
+                    // Signature is earlier than key creation time
+                    log.add(LogType.MSG_KC_SUB_BAD_TIME_EARLY, indent);
+                    // due to an earlier accident, we generated keys which had creation timestamps
+                    // a few seconds after their signature timestamp. for compatibility, we only
+                    // error out with some margin of error
+                    if (cert.getCreationTime().before(keyCreationTimeLenient)) {
+                        badCerts += 1;
+                        continue;
+                    }
+                }
+
                 if (cert.isLocal()) {
                     // Creation date in the future? No way!
                     log.add(LogType.MSG_KC_SUB_BAD_LOCAL, indent);
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 9b48dce21..2a2036239 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -833,6 +833,7 @@
     <string name="msg_kc_sub_bad_local">"Removing subkey binding certificate with 'local' flag"</string>
     <string name="msg_kc_sub_bad_keyid">"Subkey binding issuer id mismatch"</string>
     <string name="msg_kc_sub_bad_time">"Removing subkey binding certificate with future timestamp"</string>
+    <string name="msg_kc_sub_bad_time_early">"Subkey binding certificate has earlier timestamp than its key!"</string>
     <string name="msg_kc_sub_bad_type">"Unknown subkey certificate type: %s"</string>
     <string name="msg_kc_sub_dup">"Removing redundant subkey binding certificate"</string>
     <string name="msg_kc_sub_primary_bad">"Removing subkey binding certificate due to invalid primary binding certificate"</string>
author	Vincent Breitmoser <valodim@mugenguild.com>	2015-05-28 11:40:35 +0200
committer	Vincent Breitmoser <valodim@mugenguild.com>	2015-05-28 11:40:35 +0200
commit	724726a4fd64cdbdaae8002cdf605472d1c877ec (patch)
tree	025bfad26e1a40de4de9f8292f125bbf46168077 /OpenKeychain/src
parent	a8e95f676e580cfbab030aa0f58167a41149d00f (diff)
download	open-keychain-724726a4fd64cdbdaae8002cdf605472d1c877ec.tar.gz open-keychain-724726a4fd64cdbdaae8002cdf605472d1c877ec.tar.bz2 open-keychain-724726a4fd64cdbdaae8002cdf605472d1c877ec.zip