Fix and move Signature.KeyExpired to PublicKey.KeyExpired; add Signature.SigExpired

Author: twiss

openpgp/keys.go

@@ -96,7 +96,7 @@ func (e *Entity) encryptionKey(now time.Time) (Key, bool) {
 		if subkey.Sig.FlagsValid &&
 			subkey.Sig.FlagEncryptCommunications &&
 			subkey.PublicKey.PubKeyAlgo.CanEncrypt() &&
-			!subkey.Sig.KeyExpired(now) &&
+			!subkey.PublicKey.KeyExpired(subkey.Sig, now) &&
 			(maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) {
 			candidateSubkey = i
 			maxTime = subkey.Sig.CreationTime
@@ -115,7 +115,7 @@ func (e *Entity) encryptionKey(now time.Time) (Key, bool) {
 	i := e.primaryIdentity()
 	if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagEncryptCommunications &&
 		e.PrimaryKey.PubKeyAlgo.CanEncrypt() &&
-		!i.SelfSignature.KeyExpired(now) {
+		!e.PrimaryKey.KeyExpired(i.SelfSignature, now) {
 		return Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true
 	}
 
@@ -132,7 +132,7 @@ func (e *Entity) signingKey(now time.Time) (Key, bool) {
 		if subkey.Sig.FlagsValid &&
 			subkey.Sig.FlagSign &&
 			subkey.PublicKey.PubKeyAlgo.CanSign() &&
-			!subkey.Sig.KeyExpired(now) {
+			!subkey.PublicKey.KeyExpired(subkey.Sig, now) {
 			candidateSubkey = i
 			break
 		}
@@ -147,7 +147,7 @@ func (e *Entity) signingKey(now time.Time) (Key, bool) {
 	// with the primary key.
 	i := e.primaryIdentity()
 	if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagSign &&
-		!i.SelfSignature.KeyExpired(now) {
+		!e.PrimaryKey.KeyExpired(i.SelfSignature, now) {
 		return Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true
 	}
 

openpgp/packet/public_key.go

@@ -814,3 +814,16 @@ func (pk *PublicKey) BitLength() (bitLength uint16, err error) {
 	}
 	return
 }
+
+// KeyExpired returns whether sig is a self-signature of a key that has
+// expired or is created in the future.
+func (pk *PublicKey) KeyExpired(sig *Signature, currentTime time.Time) bool {
+	if pk.CreationTime.After(currentTime) {
+		return true
+	}
+	if sig.KeyLifetimeSecs == nil {
+		return false
+	}
+	expiry := pk.CreationTime.Add(time.Duration(*sig.KeyLifetimeSecs) * time.Second)
+	return currentTime.After(expiry)
+}

openpgp/packet/signature.go

@@ -473,16 +473,16 @@ func serializeSubpackets(to []byte, subpackets []outputSubpacket, hashed bool) {
 	return
 }
 
-// KeyExpired returns whether sig is a self-signature of a key that has
-// expired or is signed in the future.
-func (sig *Signature) KeyExpired(currentTime time.Time) bool {
+// SigExpired returns whether sig is a signature that has expired or is created
+// in the future.
+func (sig *Signature) SigExpired(currentTime time.Time) bool {
 	if sig.CreationTime.After(currentTime) {
 		return true
 	}
-	if sig.KeyLifetimeSecs == nil {
+	if sig.SigLifetimeSecs == nil {
 		return false
 	}
-	expiry := sig.CreationTime.Add(time.Duration(*sig.KeyLifetimeSecs) * time.Second)
+	expiry := sig.CreationTime.Add(time.Duration(*sig.SigLifetimeSecs) * time.Second)
 	return currentTime.After(expiry)
 }
 

openpgp/read.go

@@ -338,7 +338,7 @@ func (scr *signatureCheckReader) Read(buf []byte) (n int, err error) {
 		var ok bool
 		if scr.md.Signature, ok = p.(*packet.Signature); ok {
 			scr.md.SignatureError = scr.md.SignedBy.PublicKey.VerifySignature(scr.h, scr.md.Signature)
-			if scr.md.SignatureError == nil && scr.md.Signature.KeyExpired(scr.config.Now()) {
+			if scr.md.SignatureError == nil && scr.md.Signature.SigExpired(scr.config.Now()) {
 				scr.md.SignatureError = errors.ErrSignatureExpired
 			}
 		} else if scr.md.SignatureV3, ok = p.(*packet.SignatureV3); ok {
@@ -426,7 +426,7 @@ func CheckDetachedSignatureWithHash(keyring KeyRing, signed, signature io.Reader
 		switch sig := p.(type) {
 		case *packet.Signature:
 			err = key.PublicKey.VerifySignature(h, sig)
-			if err == nil && sig.KeyExpired(config.Now()) {
+			if err == nil && sig.SigExpired(config.Now()) {
 				err = errors.ErrSignatureExpired
 			}
 		case *packet.SignatureV3: