exposure-notifications-android
exposure-notifications-android copied to clipboard
google
Key upload fails with error
Describe the bug If mobile and server are in different timezone, while submitting/uploading the keys to the sever we get below error:
unable to read request data: Invalid publish data: interval number 2651616 + interval count 144 represents a key that is still valid, must end <= 2651703.
The cause of the error is that an android device would send an interval number generated as per its time zone. The interval count by default is 144 (representing 24 hrs). When server (in different timezone as that of the mobile device) tries to process the request and matches it with server time (say EST in US), the request becomes incorrect as sum of interval number and interval count becomes greater than server timestamp.
This can also occur if the server and mobile device are in same time zone, but device uses a different locale setting.
To Reproduce Steps to reproduce the behavior:
- Keep the server in EST timezone.
- Put the mobile in a timezone before it say (IST)
- Upload the Exposure to server.
- Check server logs for error.
Expected behavior Can this be fixed, such that both mobile device and server use same time zone and we don't run into this error.
Device (if relevant): We tested on below devices
- Google Pixel3a - Android 25
- Xiaomi Redmi Pro8 - Android Pie
The interval numbers provided from the Exposure Notification API should all be in Unix Epoch Time: https://blog.google/documents/69/Exposure_Notification_-_Cryptography_Specification_v1.2.1.pdf
And the reference server should be processing it as UTC, so I don't believe this is a timezone issue. https://github.com/google/exposure-notifications-server/blob/9f63c8d95096e59d94fd52fedf59ec8a274a2110/internal/publish/model/exposure_model.go#L166
Instead I believe what you are encountering is the protection in place against publishing a key that could still be valid and if it were present in server exports could be replayed. Since for testing its useful to be able to quickly upload current keys like this, there is an option that allows a test server to accept them: https://github.com/google/exposure-notifications-server/blob/9f63c8d95096e59d94fd52fedf59ec8a274a2110/internal/publish/model/exposure_model.go#L273
Below is the code from exposure_model.go at line 227
```
// Validate that the key is no longer effective. if exposureKey.IntervalNumber+exposureKey.IntervalCount > maxIntervalNumber { return nil, fmt.Errorf("interval number %v + interval count %v represents a key that is still valid, must end <= %v", exposureKey.IntervalNumber, exposureKey.IntervalCount, maxIntervalNumber) }
The logs generated is :
"unable to read request data: Invalid publish data: interval number 2651904 + interval count 144 represents a key that is still valid, must end <= 2651983"
If you see, the gap is 72 intervals but server is adding 144 intervals which is exceeding the UTC time limit. Can you please check this portion?
Interval numbers are always UTC as processed by the server. What @gurayAlsac is correct, this is a protection to ensure a still valid key can be observed in a download and used in a replay attack.
I filed https://github.com/google/exposure-notifications-server/issues/543 to evaluate modifying this behvaiour on the server.
