-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cleanup fixed time and allow using time offset for crypto operations #239
base: main
Are you sure you want to change the base?
Conversation
056fbc6
to
fe7a414
Compare
I have also cleaned up time mocking in tests. It was a bit inconsistent and error prone. |
ca14aa2
to
94bd176
Compare
Ok, I have also cleaned up internal usage of time. It is now much simpler and I believe it was not used properly in one place: https://github.com/ProtonMail/gopenpgp/pull/239/files#diff-272d3efde9c97e3f529b9386d56cd495e9d376b40fb514548fe48396570dc766R96 password.go line 96 was using default configuration time instead of internal one |
Hey 👋 Thanks for the PR and the work on this! However, this would be a breaking change to the API, as well as changing the intended use case of the functions. Just to give some background on why the functions (and naming) are this way, and how we use them - though I don't mean to imply you should use gopenpgp that way - we continually poll the server time, and pass that to But - of course I understand that this setup might not work for you, and it's a bit overly specific, perhaps. So we could try to make the time handling more generic. We are anyway planning to overhaul and simplify the API, which has been growing organically for a while, in a new major version (v3). The first ideas for that can be found in this branch. Perhaps, rather than having global variables and functions for setting the time (offset), we could simply add a time paramater to each of the handles / params proposed there, allowing to more easily pass a time for each individual operation. And then, for your use case you could simply pass (And, in the meantime while that API isn't ready yet, you could call |
Thank you for explanation @twiss 😄! This is a bit odd then, since this function used to behave "correctly" using server time before while not making time a constant (it was few years ago, probably initial version looking at the file history), but now it no longer updates the server time to compensate the difference but instead sets fixed time for the whole framework. I know that this PR makes a breaking change but this is intentional to prevent incorrect function use and force update. Anyway, if you have to keep those functions (for proper semver without a major version you probably have to) I can put them back with the same behavior, next to the new ones but this seems to be a bit strange to do so when knowing that this is not working as expected. I will at least leave a note there 😇 . |
I have put back previous public functions to prevent breaking changes and added additional unit tests to ensure previous behavior. |
Yes, we used to "progress" the time relatively to the last call to
Right, but The reason why we enforce the time to be monotonically increasing is that if, for example, you first generate a key and then sign a message using it, and the signature creation time is behind the key creation time, the signature won't verify.
Not at all, it's still a work in progress.
This time management is in fact the most reliable method we've found to make sure all cryptographic artefacts are usable (albeit at a small cost to the precision of the timestamps, which I think is not a huge deal).
OK 👍 Let's go with that, then. In the meantime, do you think you could live with calling I do agree it's a bit weird that you can't revert to client time currently, so maybe we could add an escape hatch to And then, if you really need non-monotonically increasing time for some reason, you could call |
I should have explained my issue a bit better 😉 The issue I have and try to solve here is time difference between the client and the server which causes i.e. signatures to be invalid. However, the client time being both ahead and behind will cause those. If I sign a message with the client with time ahead of the server time, server refuses to accept this because signature is not yet valid. If the client is behind, it can fail verifying signatures received from server as those may yet be invalid from client perspective. This can also apply for the opposite case so the client being behind can send valid signatures to the server that are no longer valid from the server perspective but that usually requires greater time difference between sides. From what you have explained to me it looks like you are solving this issue by forcing the client time to be equal to whatever server time you have received from the last response / synchronization which is fine and solves the issue (regardless of the client time being ahead or behind, it will eventually be in sync) as long as you update it all the time. But this is fine only if you synchronize time with one server or multiple servers that are for sure in time sync. When you have more than one server and those have time out of sync between them, communicating with one can force you to update the time to the future while communicating with the second one will force you to update time to the past from the previous server perspective. This is impossible with the current implementation of
I am trying not to call
It seems that you are already handling time on the client side but the framework uses a global variable instead of allowing client to specify the time when executing operations. Global mutable variables are almost always bad 😉 in this case you have to manage it, use dedicated locking and can't use more than one time source at the same time (which shouldn't be the case but unfortunately I have exactly that issue).
I can remove |
I have made |
Rename "latestServerTime" to "fixedTime" which better describes actual behavior (it was already setting fixed time for all time related operations). Allow using custom time offset for all time related operations in order to compensate client and server time difference.