Merge branch 'fix/server-time' into 'master'

Use server time as a default everywhere

See merge request ProtonMail/go-crypto-wrapper!1

attachment.go

@@ -27,7 +27,11 @@ func (o *OpenPGP) EncryptAttachmentBinKey(plainData []byte, fileName string, pub
 	hints := &openpgp.FileHints{
 		FileName: fileName,
 	}
-	config := &packet.Config{DefaultCipher: packet.CipherAES256}
+
+	config := &packet.Config{
+		DefaultCipher: packet.CipherAES256,
+		Time:          o.getTimeGenerator(),
+	}
 
 	ew, err := openpgp.Encrypt(w, pubKeyEntries, nil, hints, config)
 
@@ -82,7 +86,9 @@ func (o *OpenPGP) DecryptAttachmentBinKey(keyPacket []byte, dataPacket []byte, p
 
 	encryptedReader := io.MultiReader(keyReader, dataReader)
 
-	md, err := openpgp.ReadMessage(encryptedReader, privKeyEntries, nil, nil)
+	config := &packet.Config{ Time: o.getTimeGenerator() }
+
+	md, err := openpgp.ReadMessage(encryptedReader, privKeyEntries, nil, config)
 	if err != nil {
 		return nil, err
 	}
@@ -114,7 +120,9 @@ func (o *OpenPGP) EncryptAttachmentWithPassword(plainData []byte, password strin
 		return "", err
 	}
 
-	plaintext, err := openpgp.SymmetricallyEncrypt(w, []byte(password), nil, nil)
+	config := &packet.Config{ Time: o.getTimeGenerator() }
+
+	plaintext, err := openpgp.SymmetricallyEncrypt(w, []byte(password), nil, config)
 	if err != nil {
 		return "", err
 	}
@@ -143,7 +151,9 @@ func (o *OpenPGP) DecryptAttachmentWithPassword(keyPacket []byte, dataPacket []b
 		return []byte(password), nil
 	}
 
-	md, err := openpgp.ReadMessage(encryptedReader, nil, prompt, nil)
+	config := &packet.Config{ Time: o.getTimeGenerator() }
+
+	md, err := openpgp.ReadMessage(encryptedReader, nil, prompt, config)
 	if err != nil {
 		return nil, err
 	}

key.go

@@ -155,14 +155,11 @@ func (o *OpenPGP) generateKey(userName string, domain string, passphrase string,
 	}
 
 	comments := ""
-	timeNow := func() time.Time {
-		return o.getNow()
-	}
 
 	cfg := &packet.Config{
 		Algorithm: 	   packet.PubKeyAlgoRSA,
 		RSABits:       bits,
-		Time:          timeNow,
+		Time:          o.getTimeGenerator(),
 		DefaultHash:   crypto.SHA256,
 		DefaultCipher: packet.CipherAES256,
 	}

message.go

@@ -54,7 +54,9 @@ func (o *OpenPGP) DecryptMessageBinKey(encryptedText string, privateKey []byte,
 		}
 	}
 
-	md, err := openpgp.ReadMessage(encryptedio.Body, privKeyEntries, nil, nil)
+	config := &packet.Config{ Time: o.getTimeGenerator() }
+
+	md, err := openpgp.ReadMessage(encryptedio.Body, privKeyEntries, nil, config)
 	if err != nil {
 		return "", err
 	}
@@ -163,7 +165,7 @@ func (o *OpenPGP) decryptMessageVerifyAllBin(encryptedText string, veriferKey []
 		return nil, err
 	}
 
-	config := &packet.Config{}
+	config := &packet.Config{ Time: o.getTimeGenerator() }
 	if verifyTime > 0 {
 		tm := time.Unix(verifyTime, 0)
 		config.Time = func() time.Time {
@@ -269,7 +271,7 @@ func (o *OpenPGP) EncryptMessageBinKey(plainText string, publicKey []byte, priva
 		}
 	}
 
-	config := &packet.Config{DefaultCipher: packet.CipherAES256}
+	config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: o.getTimeGenerator() }
 
 	ew, err := openpgp.Encrypt(w, pubKeyEntries, signEntity, nil, config)
 
@@ -290,7 +292,8 @@ func (o *OpenPGP) EncryptMessageWithPassword(plainText string, password string)
 		return "", err
 	}
 
-	plaintext, err := openpgp.SymmetricallyEncrypt(w, []byte(password), nil, nil)
+	config := &packet.Config{ Time: o.getTimeGenerator() }
+	plaintext, err := openpgp.SymmetricallyEncrypt(w, []byte(password), nil, config)
 	if err != nil {
 		return "", err
 	}
@@ -321,7 +324,8 @@ func (o *OpenPGP) DecryptMessageWithPassword(encrypted string, password string)
 		return []byte(password), nil
 	}
 
-	md, err := openpgp.ReadMessage(encryptedio.Body, nil, prompt, nil)
+	config := &packet.Config{ Time: o.getTimeGenerator() }
+	md, err := openpgp.ReadMessage(encryptedio.Body, nil, prompt, config)
 	if err != nil {
 		return "", err
 	}

openpgp.go

@@ -1,11 +1,14 @@
 package pm
 
+import "time"
+
 // OpenPGP structure to manage mutiple address keys and user keys
 type OpenPGP struct {
 	addresses []*Address
 
 	//latestServerTime unix time cache
 	latestServerTime int64
+	latestClientTime time.Time
 }
 
 // //AddAddress add a new address to key ring

sign_detached.go

@@ -52,7 +52,7 @@ func (o *OpenPGP) SignTextDetached(plainText string, privateKey string, passphra
 		return "", errors.New("cannot sign message, signer key is not unlocked")
 	}
 
-	config := &packet.Config{DefaultCipher: packet.CipherAES256}
+	config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: o.getTimeGenerator() }
 
 	att := strings.NewReader(plainText)
 
@@ -97,7 +97,7 @@ func (o *OpenPGP) SignTextDetachedBinKey(plainText string, privateKey []byte, pa
 		return "", errors.New("cannot sign message, singer key is not unlocked")
 	}
 
-	config := &packet.Config{DefaultCipher: packet.CipherAES256}
+	config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: o.getTimeGenerator() }
 
 	att := strings.NewReader(plainText)
 
@@ -138,7 +138,7 @@ func (o *OpenPGP) SignBinDetached(plainData []byte, privateKey string, passphras
 		return "", errors.New("cannot sign message, singer key is not unlocked")
 	}
 
-	config := &packet.Config{DefaultCipher: packet.CipherAES256}
+	config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: o.getTimeGenerator() }
 
 	att := bytes.NewReader(plainData)
 
@@ -179,7 +179,7 @@ func (o *OpenPGP) SignBinDetachedBinKey(plainData []byte, privateKey []byte, pas
 		return "", errors.New("cannot sign message, singer key is not unlocked")
 	}
 
-	config := &packet.Config{DefaultCipher: packet.CipherAES256}
+	config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: o.getTimeGenerator() }
 
 	att := bytes.NewReader(plainData)
 
@@ -208,7 +208,7 @@ func (o *OpenPGP) VerifyTextSignDetached(signature string, plainText string, pub
 
 	origText := bytes.NewReader(bytes.NewBufferString(plainText).Bytes())
 
-	config := &packet.Config{}
+	config := &packet.Config{ Time: o.getTimeGenerator() }
 	if verifyTime > 0 {
 		tm := time.Unix(verifyTime, 0)
 		config.Time = func() time.Time {
@@ -242,7 +242,7 @@ func (o *OpenPGP) VerifyTextSignDetachedBinKey(signature string, plainText strin
 	signatureReader := strings.NewReader(signature)
 	plainText = trimNewlines(plainText)
 	origText := bytes.NewReader(bytes.NewBufferString(plainText).Bytes())
-	config := &packet.Config{}
+	config := &packet.Config{ Time: o.getTimeGenerator() }
 	if verifyTime > 0 {
 		tm := time.Unix(verifyTime, 0)
 		config.Time = func() time.Time {
@@ -276,7 +276,7 @@ func (o *OpenPGP) VerifyBinSignDetached(signature string, plainData []byte, publ
 	signatureReader := strings.NewReader(signature)
 
 	origText := bytes.NewReader(plainData)
-	config := &packet.Config{}
+	config := &packet.Config{ Time: o.getTimeGenerator() }
 	if verifyTime > 0 {
 		tm := time.Unix(verifyTime, 0)
 		config.Time = func() time.Time {
@@ -310,7 +310,7 @@ func (o *OpenPGP) VerifyBinSignDetachedBinKey(signature string, plainData []byte
 
 	origText := bytes.NewReader(plainData)
 
-	config := &packet.Config{}
+	config := &packet.Config{ Time: o.getTimeGenerator() }
 	if verifyTime > 0 {
 		tm := time.Unix(verifyTime, 0)
 		config.Time = func() time.Time {

time.go

@@ -7,18 +7,26 @@ import (
 // UpdateTime update cached time
 func (o *OpenPGP) UpdateTime(newTime int64) {
 	o.latestServerTime = newTime
+	o.latestClientTime = time.Now()
 }
 
 //GetTime get latest cached time
 func (o *OpenPGP) GetTime() int64 {
-	return o.latestServerTime
+	return o.getNow().Unix()
 }
 
 func (o *OpenPGP) getNow() time.Time {
-
+	if o.latestServerTime > 0 && !o.latestClientTime.IsZero() {
-	if o.latestServerTime > 0 {
+		// Sub is monotome, it uses a monotime time clock in this case instead of the wall clock
-		return time.Unix(o.latestServerTime, 0)
+		extrapolate := int64(o.latestClientTime.Sub(time.Now()).Seconds())
+		return time.Unix(o.latestServerTime + extrapolate, 0)
 	}
 
 	return time.Now()
 }
+
+func (o *OpenPGP) getTimeGenerator() func() time.Time {
+	return func() time.Time {
+		return o.getNow()
+	}
+}