From f39d2c5566a30515a3879eae465ddfb113e37738 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Thu, 30 Nov 2023 17:58:10 +0100
Subject: [PATCH] Prevent subkey binding signature from predating subkey

Fixes #419
---
 .../org/pgpainless/key/generation/KeyRingBuilder.kt      | 9 ++++++---
 .../main/kotlin/org/pgpainless/key/generation/KeySpec.kt | 2 +-
 .../org/pgpainless/key/generation/KeySpecBuilder.kt      | 2 +-
 .../modification/secretkeyring/SecretKeyRingEditor.kt    | 3 ++-
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
index 8404b652..67ad9669 100644
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
@@ -246,7 +246,11 @@ class KeyRingBuilder : KeyRingBuilderInterface<KeyRingBuilder> {
         const val MILLIS_IN_YEAR = 1000L * 60 * 60 * 24 * 365
 
         @JvmStatic
-        fun generateKeyPair(spec: KeySpec): PGPKeyPair {
+        @JvmOverloads
+        fun generateKeyPair(
+            spec: KeySpec,
+            creationTime: Date = spec.keyCreationDate ?: Date()
+        ): PGPKeyPair {
             spec.keyType.let { type ->
                 // Create raw Key Pair
                 val keyPair =
@@ -254,10 +258,9 @@ class KeyRingBuilder : KeyRingBuilderInterface<KeyRingBuilder> {
                         .also { it.initialize(type.algorithmSpec) }
                         .generateKeyPair()
 
-                val keyCreationDate = spec.keyCreationDate ?: Date()
                 // Form PGP Key Pair
                 return ImplementationFactory.getInstance()
-                    .getPGPKeyPair(type.algorithm, keyPair, keyCreationDate)
+                    .getPGPKeyPair(type.algorithm, keyPair, creationTime)
             }
         }
     }
diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpec.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpec.kt
index bc8d5599..f616a7f2 100644
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpec.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpec.kt
@@ -15,7 +15,7 @@ data class KeySpec(
     val keyType: KeyType,
     val subpacketGenerator: SignatureSubpackets,
     val isInheritedSubPackets: Boolean,
-    val keyCreationDate: Date
+    val keyCreationDate: Date?
 ) {
 
     val subpackets: PGPSignatureSubpacketVector
diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpecBuilder.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpecBuilder.kt
index 03291f2d..0e7f9aae 100644
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpecBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpecBuilder.kt
@@ -25,7 +25,7 @@ constructor(
     private var preferredHashAlgorithms: Set<HashAlgorithm> = algorithmSuite.hashAlgorithms
     private var preferredSymmetricAlgorithms: Set<SymmetricKeyAlgorithm> =
         algorithmSuite.symmetricKeyAlgorithms
-    private var keyCreationDate = Date()
+    private var keyCreationDate: Date? = null
 
     constructor(type: KeyType, vararg keyFlags: KeyFlag) : this(type, listOf(*keyFlags))
 
diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
index 7dff25f7..5fdd2da5 100644
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
@@ -231,6 +231,7 @@ class SecretKeyRingEditor(
                 override fun modifyHashedSubpackets(hashedSubpackets: SelfSignatureSubpackets) {
                     SignatureSubpacketsHelper.applyFrom(
                         keySpec.subpackets, hashedSubpackets as SignatureSubpackets)
+                    hashedSubpackets.setSignatureCreationTime(referenceTime)
                 }
             }
         return addSubKey(keySpec, subkeyPassphrase, callback, protector)
@@ -242,7 +243,7 @@ class SecretKeyRingEditor(
         callback: SelfSignatureSubpackets.Callback?,
         protector: SecretKeyRingProtector
     ): SecretKeyRingEditorInterface {
-        val keyPair = KeyRingBuilder.generateKeyPair(keySpec)
+        val keyPair = KeyRingBuilder.generateKeyPair(keySpec, referenceTime)
         val subkeyProtector =
             PasswordBasedSecretKeyRingProtector.forKeyId(keyPair.keyID, subkeyPassphrase)
         val keyFlags = KeyFlag.fromBitmask(keySpec.subpackets.keyFlags).toMutableList()