Handle the clock skew check

author: Alex Gaynor <alex.gaynor@gmail.com> 2013-11-23 07:47:23 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2013-11-23 07:47:23 -0800
commit: 3417656d6e35bd5c6e4687bb7d008be6d8c73b43 (patch)
tree: e5fc962abef2a16934692f9d6dcf2463442fb7cd
parent: 09bff867916af9694d66c2fea917d192f7dd1a25 (diff)
download: cryptography-3417656d6e35bd5c6e4687bb7d008be6d8c73b43.tar.gz
cryptography-3417656d6e35bd5c6e4687bb7d008be6d8c73b43.tar.bz2
cryptography-3417656d6e35bd5c6e4687bb7d008be6d8c73b43.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index aa46b36f..2ae0ae8b 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -57,6 +57,8 @@ bool Cryptography_constant_time_compare(uint8_t *a, size_t len_a, uint8_t *b,
 }
 """)
 
+_MAX_CLOCK_SKEW = 60
+
 
 class Fernet(object):
     def __init__(self, key, backend=None):
@@ -117,6 +119,8 @@ class Fernet(object):
         if ttl is not None:
             if struct.unpack(">Q", timestamp)[0] + ttl < current_time:
                 raise InvalidToken
+        if current_time + _MAX_CLOCK_SKEW < struct.unpack(">Q", timestamp)[0]:
+            raise InvalidToken
         h = HMAC(self.signing_key, hashes.SHA256(), self.backend)
         h.update(data[:-32])
         hmac = h.finalize()
author	Alex Gaynor <alex.gaynor@gmail.com>	2013-11-23 07:47:23 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2013-11-23 07:47:23 -0800
commit	3417656d6e35bd5c6e4687bb7d008be6d8c73b43 (patch)
tree	e5fc962abef2a16934692f9d6dcf2463442fb7cd
parent	09bff867916af9694d66c2fea917d192f7dd1a25 (diff)
download	cryptography-3417656d6e35bd5c6e4687bb7d008be6d8c73b43.tar.gz cryptography-3417656d6e35bd5c6e4687bb7d008be6d8c73b43.tar.bz2 cryptography-3417656d6e35bd5c6e4687bb7d008be6d8c73b43.zip