Add key generation offset (#104)

wussler · web-flow · commit 75f27fd1df8d · 2020-12-01T19:44:49.000+01:00
* Add key generation offset

* Bump version to 2.1.2
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,7 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## Unreleased
+## [2.1.2] 2020-12-01
+### Added
+- `SetKeyGenerationOffset` to add an offset in key generation time and prevent not-yet-valid keys.
+
 ### Changed
 - Improved canonicalization performance
 
diff --git a/constants/armor.go b/constants/armor.go
@@ -3,7 +3,7 @@ package constants
 
 // Constants for armored data.
 const (
-	ArmorHeaderVersion = "GopenPGP 2.1.1"
+	ArmorHeaderVersion = "GopenPGP 2.1.2"
 	ArmorHeaderComment = "https://gopenpgp.org"
 	PGPMessageHeader   = "PGP MESSAGE"
 	PGPSignatureHeader = "PGP SIGNATURE"
diff --git a/constants/version.go b/constants/version.go
@@ -1,3 +1,3 @@
 package constants
 
-const Version = "ddacebe0"
+const Version = "2.1.2"
diff --git a/crypto/gopenpgp.go b/crypto/gopenpgp.go
@@ -8,6 +8,7 @@ import "time"
 type GopenPGP struct {
 	latestServerTime int64
 	latestClientTime time.Time
+	generationOffset int64
 }
 
 var pgp = GopenPGP{}
diff --git a/crypto/key.go b/crypto/key.go
@@ -435,7 +435,7 @@ func generateKey(
 	cfg := &packet.Config{
 		Algorithm:     packet.PubKeyAlgoRSA,
 		RSABits:       bits,
-		Time:          getTimeGenerator(),
+		Time:          getKeyGenerationTimeGenerator(),
 		DefaultHash:   crypto.SHA256,
 		DefaultCipher: packet.CipherAES256,
 	}
diff --git a/crypto/time.go b/crypto/time.go
@@ -13,6 +13,11 @@ func UpdateTime(newTime int64) {
 	}
 }
 
+// SetKeyGenerationOffset updates the offset when generating keys.
+func SetKeyGenerationOffset(offset int64) {
+	pgp.generationOffset = offset
+}
+
 // GetUnixTime gets latest cached time.
 func GetUnixTime() int64 {
 	return getNow().Unix()
@@ -49,3 +54,19 @@ func getDiff() (int64, error) {
 func getTimeGenerator() func() time.Time {
 	return getNow
 }
+
+// getNowKeyGenerationOffset returns the current time with the key generation offset.
+func getNowKeyGenerationOffset() time.Time {
+	extrapolate, err := getDiff()
+
+	if err != nil {
+		return time.Unix(time.Now().Unix()+pgp.generationOffset, 0)
+	}
+
+	return time.Unix(pgp.latestServerTime+extrapolate+pgp.generationOffset, 0)
+}
+
+// getKeyGenerationTimeGenerator Returns a time generator function with the key generation offset.
+func getKeyGenerationTimeGenerator() func() time.Time {
+	return getNowKeyGenerationOffset
+}

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`package constants`
`2`	`2`
`3`		`-const Version = "ddacebe0"`
	`3`	`+const Version = "2.1.2"`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ import "time"`
`8`	`8`	`type GopenPGP struct {`
`9`	`9`	`latestServerTime int64`
`10`	`10`	`latestClientTime time.Time`
	`11`	`+ generationOffset int64`
`11`	`12`	`}`
`12`	`13`
`13`	`14`	`var pgp = GopenPGP{}`
Original file line number	Diff line number	Diff line change
`@@ -435,7 +435,7 @@ func generateKey(`
`435`	`435`	`cfg := &packet.Config{`
`436`	`436`	`Algorithm: packet.PubKeyAlgoRSA,`
`437`	`437`	`RSABits: bits,`
`438`		`- Time: getTimeGenerator(),`
	`438`	`+ Time: getKeyGenerationTimeGenerator(),`
`439`	`439`	`DefaultHash: crypto.SHA256,`
`440`	`440`	`DefaultCipher: packet.CipherAES256,`
`441`	`441`	`}`