rnp_key_valid_till can only return a 32-bit result

[nwalfield]

Expiration time in OpenPGP is 33-bits. Key creation time is 32-bits and key expiration time is a 32-bit quantity relative to the creation time:

5.2.3.6.  Key Expiration Time

   (4-octet time field)

   The validity period of the key.  This is the number of seconds after
   the key creation time that the key expires.  If this is not present
   or has a value of zero, the key never expires.  This is found only on
   a self-signature.

rnp_key_valid_till returns a uint32_t.

[nwalfield]

Here's a POC that there is an overflow:

#include <rnp/rnp.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>

const uint8_t cert[] = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n\
Comment: A717 6DC7 49C6 3B1D 5FE5  7CB4 B384 D592 2E9B C80C\n\
Comment: <bob@example.org>\n\
\n\
xVgEYIeznRYJKwYBBAHaRw8BAQdA99BRZoiNpj9qZxUiaMiSnu8QvidvgaYBZMBN\n\
zJ0gUQwAAQCFxCGgeYaaXnRgLr2pHsGVYW5DnndBQy++wkDQwL9DXQ9nwsARBB8W\n\
CgCDBYJgh7OdBYkFpI+9AwsJBwkQs4TVki6byAxHFAAAAAAAHgAgc2FsdEBub3Rh\n\
dGlvbnMuc2VxdW9pYS1wZ3Aub3Jn/F+v5LaIhDA3Z5ccv5HzwXC6dUzJfQjhbGfw\n\
/B+wB0UDFQoIApsBAh4BFiEEpxdtx0nGOx1f5Xy0s4TVki6byAwAAPl+AQDxrEPw\n\
8bwL5NVTjCZD87HimDxtfqVsKGNjFBljh8pogwD+PjhgiA9NdNUFqC83i/DYM0wh\n\
JFLYpozt6VAHvPmj7wvNETxib2JAZXhhbXBsZS5vcmc+wsAUBBMWCgCGBYJgh7Od\n\
BYkFpI+9AwsJBwkQs4TVki6byAxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2Vx\n\
dW9pYS1wZ3Aub3JnV66FucQf7ojk1y5dx2SmAZJP2HmafGz+WoP9UgtCetMDFQoI\n\
ApkBApsBAh4BFiEEpxdtx0nGOx1f5Xy0s4TVki6byAwAAA7/AQCMDh6OTtqVEN5r\n\
fgCK68tX26XNUkyholAPVUN54qs+yAEA2T9RBIImmIP9v0NnzCyAUPr1tjbfkCU1\n\
uRY2qu5ZlwA=\n\
=zCzx\n\
-----END PGP PRIVATE KEY BLOCK-----\n\
";

const char *fingerprint = "A7176DC749C63B1D5FE57CB4B384D5922E9BC80C";

int
main(int argc, char *argv[]) {
  printf("Hello, world.\n");

  rnp_ffi_t ffi;
  rnp_result_t err = rnp_ffi_create(&ffi, "GPG", "GPG");
  if (err) {
    printf("Creating ffi: %x\n", err);
    return 1;
  }

  rnp_input_t input;
  err = rnp_input_from_memory(&input, cert, sizeof(cert) - 1, false);
  if (err) {
    printf("rnp_input_from_memory: %x\n", err);
    return 1;
  }

  err = rnp_import_keys(ffi, input, RNP_LOAD_SAVE_PUBLIC_KEYS|RNP_LOAD_SAVE_SECRET_KEYS, NULL);
  if (err) {
    printf("rnp_import_keys: %x\n", err);
    return 1;
  }

  err = rnp_input_destroy(input);
  if (err) {
    printf("rnp_input_destroy: %x\n", err);
    return 1;
  }

  rnp_key_handle_t key;
  err = rnp_locate_key(ffi, "fingerprint", fingerprint, &key);
  if (err) {
    printf("rnp_locate_key: %x\n", err);
    return 1;
  }

  err = rnp_key_set_expiration(key, (1 << 31) + ((1 << 30)));
  if (err) {
    printf("rnp_key_set_expiration: %x\n", err);
    return 1;
  }

  uint32_t valid_till;
  err = rnp_key_valid_till(key, &valid_till);
  if (err) {
    printf("rnp_key_valid_till: %x\n", err);
    return 1;
  }
  printf("key valid till %"PRIu32" seconds after epoch.\n",
         valid_till);

  err = rnp_ffi_destroy(ffi);
  if (err) {
    printf("Destroying ffi: %x\n", err);
    return 1;
  }

  return 0;
}

$ ./overflow
Hello, world.
key valid till 545764253 seconds after epoch.
$ date --date='@545764253'
Sat 18 Apr 1987 07:10:53 PM CEST

[ni4]

Thanks for pointing us on this, definitely 32 bit could be not enough.

[ni4]

Fixed via #1492