aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xlocal/require-signed-push6
1 files changed, 4 insertions, 2 deletions
diff --git a/local/require-signed-push b/local/require-signed-push
index 20bc2e1..447e14a 100755
--- a/local/require-signed-push
+++ b/local/require-signed-push
@@ -98,7 +98,7 @@ verify_pusher_clock() {
# Timestamps:
# T0: nonce generation time (server, trusted input)
- # T1: nonce signature time (client, untrusted input!)
+ # T1: nonce signature START time (client, untrusted input!)
# T2: signed-nonce receive time (server, trusted input)
T0="$SERVER_NONCE_TIME"
T1="$PUSHER_SIGN_TIME"
@@ -111,9 +111,11 @@ verify_pusher_clock() {
# T2-T0: how long the roundtrip took (only contains trusted inputs)
# - will only be negative if the server clock jump backwards during the round-trip!
#
- # T2-T1: how long it took the client to send the signed nonce back (depends on untrusted input)
+ # T2-T1: how long it took the client to sign their timestamp & nonce and
+ # send it back (depends on untrusted input)
# - will be negative if the client (T1) has a clock AHEAD of server (T2),
# e.g. clock is "fast"
+ # - MAY contain delay from smartcards/tokens requiring interaction.
DELTA_T1_T0=$(( T1 - T0 ))
DELTA_T2_T0=$(( T2 - T0 ))
DELTA_T2_T1=$(( T2 - T1 ))