From d4fd97e693e462f3bd16425f4e803fe5a99b9d62 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 20 Apr 2020 19:38:41 +0200 Subject: predate validity time on creation; extent ttl on validation --- src/revocation/revocation_api.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index fe600ec7a..291c58dd8 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c @@ -510,8 +510,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, */ buffer = GNUNET_TIME_relative_divide (epoch_length, 10); - ts = GNUNET_TIME_absolute_subtract (ts, - buffer); + exp = GNUNET_TIME_absolute_add (ts, ttl); + exp = GNUNET_TIME_absolute_add (exp, + buffer); if (0 != GNUNET_TIME_absolute_get_remaining (ts).rel_value_us) return GNUNET_NO; /* Not yet valid. */ @@ -519,10 +520,6 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, ts = GNUNET_TIME_absolute_add (ts, buffer); - exp = GNUNET_TIME_absolute_add (ts, ttl); - exp = GNUNET_TIME_absolute_add (exp, - buffer); - if (0 == GNUNET_TIME_absolute_get_remaining (exp).rel_value_us) return GNUNET_NO; /* expired */ return GNUNET_YES; @@ -545,6 +542,13 @@ GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, struct GNUNET_REVOCATION_PowCalculationHandle *pc; struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); + /** + * Predate the validity period to prevent rejections due to + * unsynchronized clocks + */ + ts = GNUNET_TIME_absolute_subtract (ts, + GNUNET_TIME_UNIT_WEEKS); + pc = GNUNET_new (struct GNUNET_REVOCATION_PowCalculationHandle); pc->pow.timestamp = GNUNET_TIME_absolute_hton (ts); pc->pow.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); -- cgit v1.2.3