Code Monkey home page Code Monkey logo

Comments (3)

gurayAlsac avatar gurayAlsac commented on August 19, 2024

The interval numbers provided from the Exposure Notification API should all be in Unix Epoch Time:
https://blog.google/documents/69/Exposure_Notification_-_Cryptography_Specification_v1.2.1.pdf

And the reference server should be processing it as UTC, so I don't believe this is a timezone issue.
https://github.com/google/exposure-notifications-server/blob/9f63c8d95096e59d94fd52fedf59ec8a274a2110/internal/publish/model/exposure_model.go#L166

Instead I believe what you are encountering is the protection in place against publishing a key that could still be valid and if it were present in server exports could be replayed. Since for testing its useful to be able to quickly upload current keys like this, there is an option that allows a test server to accept them:
https://github.com/google/exposure-notifications-server/blob/9f63c8d95096e59d94fd52fedf59ec8a274a2110/internal/publish/model/exposure_model.go#L273

from exposure-notifications-android.

mukund-k-sharma avatar mukund-k-sharma commented on August 19, 2024

Below is the code from exposure_model.go at line 227

```

// Validate that the key is no longer effective.
if exposureKey.IntervalNumber+exposureKey.IntervalCount > maxIntervalNumber {
return nil, fmt.Errorf("interval number %v + interval count %v represents a key that is still valid, must end <= %v",
exposureKey.IntervalNumber, exposureKey.IntervalCount, maxIntervalNumber)
}



The logs generated is : 
"unable to read request data: Invalid publish data: interval number 2651904 + interval count 144 represents a key that is still valid, must end <= 2651983"

If you see, the gap is 72 intervals but server is adding 144 intervals which is exceeding the UTC time limit. Can you please check this portion?

from exposure-notifications-android.

mikehelmick avatar mikehelmick commented on August 19, 2024

Interval numbers are always UTC as processed by the server. What @gurayAlsac is correct, this is a protection to ensure a still valid key can be observed in a download and used in a replay attack.

I filed google/exposure-notifications-server#543 to evaluate modifying this behvaiour on the server.

from exposure-notifications-android.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.