From 98bc3b3271ccb527f02d42be58ffa7a120731b67 Mon Sep 17 00:00:00 2001
From: Kevin Froman <beardog@firemail.cc>
Date: Sat, 15 Dec 2018 23:35:06 -0600
Subject: [PATCH] actually handle future-set blocks properly

---
 onionr/onionrcrypto.py | 9 +++------
 onionr/onionrutils.py  | 2 +-
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/onionr/onionrcrypto.py b/onionr/onionrcrypto.py
index 35a8050d..04c821cd 100644
--- a/onionr/onionrcrypto.py
+++ b/onionr/onionrcrypto.py
@@ -33,9 +33,7 @@ class OnionrCrypto:
         self._keyFile = self._core.dataDir + 'keys.txt'
         self.pubKey = None
         self.privKey = None
-
         self.secrets = secrets
-        
         self.deterministicRequirement = 25 # Min deterministic password/phrase length
         self.HASH_ID_ROUNDS = 2000
         self.keyManager = keymanager.KeyManager(self)
@@ -99,7 +97,6 @@ class OnionrCrypto:
     def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False):
         '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
         retVal = ''
-
         try:
             pubkey = pubkey.encode()
         except AttributeError:
@@ -198,7 +195,7 @@ class OnionrCrypto:
         private_key = nacl.signing.SigningKey.generate()
         public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder())
         return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode())
-    
+
     def generateDeterministic(self, passphrase, bypassCheck=False):
         '''Generate a Ed25519 public key pair from a password'''
         passStrength = self.deterministicRequirement
@@ -212,7 +209,7 @@ class OnionrCrypto:
         salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes
         ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
         mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
-        
+
         key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem)
         key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder())
         publicKey = key.public_key
@@ -285,6 +282,6 @@ class OnionrCrypto:
             logger.debug("Invalid token, bad proof")
 
         return retData
-    
+
     def safeCompare(self, one, two):
         return hmac.compare_digest(one, two)
diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py
index f94116f0..948563e3 100644
--- a/onionr/onionrutils.py
+++ b/onionr/onionrutils.py
@@ -392,7 +392,7 @@ class OnionrUtils:
                     if not self.isIntegerString(metadata[i]):
                         logger.warn('Block metadata time stamp is not integer string')
                         break
-                    if metadata[i] > self.getEpoch():
+                    if (metadata[i] - self.getEpoch()) > 30:
                         logger.warn('Block metadata time stamp is set for the future, which is not allowed.')
                         break
                     if (self.getEpoch() - metadata[i]) > maxAge: