From c281837b88055e4e1eaf0cda28049fad9d775a73 Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@hebeler.club>
Date: Sun, 12 Mar 2023 22:11:32 +0100
Subject: [PATCH] fixed time signatures and checks

---
 pass/app/Crypto.js | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/pass/app/Crypto.js b/pass/app/Crypto.js
index 5985c77..bff2b96 100644
--- a/pass/app/Crypto.js
+++ b/pass/app/Crypto.js
@@ -73,28 +73,38 @@ class Crypto {
    *
    * @param {String} blinded_token
    * @param {NodeRSA} private_key
-   * @returns {BigInteger}
+   * @returns {Promise<BigInteger>}
    */
-  sign(blinded_token, private_key) {
-    return BlindSignature.sign({
+  async sign(blinded_token, private_key) {
+    let min_ms = 150;
+    let start = dayjs();
+    let signature = BlindSignature.sign({
       blinded: new BigInteger(blinded_token),
       key: private_key,
     });
+    let missing_ms = Math.max(min_ms - dayjs().diff(start, "millisecond"), 0);
+    await new Promise((resolve) => setTimeout(resolve, missing_ms));
+    return signature;
   }
 
   /**
    *
    * @param {String} token
-   * @param {String} expiration
+   * @param {String} date
    */
-  async validateToken(token, signature, expiration) {
-    let date = dayjs(expiration, this.#dayjs_format);
-    let private_key = await this.get_private_key(date);
-    return BlindSignature.verify2({
+  async validateToken(token, signature, date) {
+    let min_ms = 150;
+    let start = dayjs();
+    let current_date = dayjs(date, this.#dayjs_format);
+    let private_key = await this.get_private_key(current_date);
+    let verification_result = BlindSignature.verify2({
       unblinded: signature,
       key: private_key,
       message: token,
     });
+    let missing_ms = Math.max(min_ms - dayjs().diff(start, "millisecond"), 0);
+    await new Promise((resolve) => setTimeout(resolve, missing_ms));
+    return verification_result;
   }
 
   async validateMetaGerPassCode(
-- 
GitLab