Fix: use verifyTime in the config time instead of Now()

When decrypting message, we have to use verifyTime in the config otherwise signatures not valid at verifyTime but valid at Now() will be seen as valid.
2021-09-23 10:40:56 +02:00 · 2021-09-23 10:40:56 +02:00 · 5558d4a177
commit 5558d4a177
parent 0b639a2d93
4 changed files with 68 additions and 2 deletions
--- a/crypto/keyring_test.go
+++ b/crypto/keyring_test.go
@ -3,11 +3,13 @@ package crypto
 import (
 	"crypto/ed25519"
 	"crypto/rsa"
+	"errors"
 	"testing"

 	"github.com/stretchr/testify/assert"

 	"github.com/ProtonMail/go-crypto/openpgp/ecdh"
+	"github.com/ProtonMail/gopenpgp/v2/constants"
 )

 var testSymmetricKey []byte
@ -231,3 +233,43 @@ func TestKeyringCapabilities(t *testing.T) {
 	assert.True(t, keyRingTestMultiple.CanVerify())
 	assert.True(t, keyRingTestMultiple.CanEncrypt())
 }
+
+func TestVerificationTime(t *testing.T) {
+	message := NewPlainMessageFromString("Hello")
+	pgp.latestServerTime = 1632312383
+	defer func() {
+		pgp.latestServerTime = testTime
+	}()
+	enc, err := keyRingTestPublic.Encrypt(
+		message,
+		keyRingTestPrivate,
+	)
+
+	if err != nil {
+		t.Fatalf("Encryption error: %v", err)
+	}
+	_, err = keyRingTestPrivate.Decrypt(
+		enc,
+		keyRingTestPublic,
+		392039755,
+	)
+	if err == nil {
+		t.Fatal("No signature error")
+	}
+	castedErr := &SignatureVerificationError{}
+	isType := errors.As(err, castedErr)
+	if !isType {
+		t.Fatalf("No signature error %v", err)
+	}
+	if castedErr.Status != constants.SIGNATURE_FAILED {
+		t.Fatalf("Wrong status %v", castedErr)
+	}
+	_, err = keyRingTestPrivate.Decrypt(
+		enc,
+		keyRingTestPublic,
+		0,
+	)
+	if err != nil {
+		t.Fatalf("Got an error while decrypting %v", err)
+	}
+}