use a high resolution timestamp in the token

internal/handshake/token_generator.go

@@ -17,17 +17,15 @@ const (
 // A Token is derived from the client address and can be used to verify the ownership of this address.
 type Token struct {
 	RemoteAddr               string
+	SentTime                 time.Time
 	OriginalDestConnectionID protocol.ConnectionID
-	// The time that the Token was issued (resolution 1 second)
-	SentTime time.Time
 }
 
 // token is the struct that is used for ASN1 serialization and deserialization
 type token struct {
 	RemoteAddr               []byte
+	Timestamp                int64
 	OriginalDestConnectionID []byte
-
-	Timestamp int64
 }
 
 // A TokenGenerator generates tokens
@@ -51,7 +49,7 @@ func (g *TokenGenerator) NewToken(raddr net.Addr, origConnID protocol.Connection
 	data, err := asn1.Marshal(token{
 		RemoteAddr:               encodeRemoteAddr(raddr),
 		OriginalDestConnectionID: origConnID,
-		Timestamp:                time.Now().Unix(),
+		Timestamp:                time.Now().UnixNano(),
 	})
 	if err != nil {
 		return nil, err
@@ -80,7 +78,7 @@ func (g *TokenGenerator) DecodeToken(encrypted []byte) (*Token, error) {
 	}
 	token := &Token{
 		RemoteAddr: decodeRemoteAddr(t.RemoteAddr),
-		SentTime:   time.Unix(t.Timestamp, 0),
+		SentTime:   time.Unix(0, t.Timestamp),
 	}
 	if len(t.OriginalDestConnectionID) > 0 {
 		token.OriginalDestConnectionID = protocol.ConnectionID(t.OriginalDestConnectionID)

internal/handshake/token_generator_test.go

@@ -43,9 +43,7 @@ var _ = Describe("Token Generator", func() {
 		token, err := tokenGen.DecodeToken(tokenEnc)
 		Expect(err).ToNot(HaveOccurred())
 		Expect(token.RemoteAddr).To(Equal("192.168.0.1"))
-		// the time resolution of the token is just 1 second
+		Expect(token.SentTime).To(BeTemporally("~", time.Now(), 10*time.Millisecond))
-		// if token generation and this check happen in "different seconds", the difference will be between 1 and 2 seconds
-		Expect(token.SentTime).To(BeTemporally("~", time.Now(), 2*time.Second))
 		Expect(token.OriginalDestConnectionID).To(BeNil())
 	})
 
@@ -108,9 +106,7 @@ var _ = Describe("Token Generator", func() {
 			token, err := tokenGen.DecodeToken(tokenEnc)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(token.RemoteAddr).To(Equal(ip.String()))
-			// the time resolution of the token is just 1 second
+			Expect(token.SentTime).To(BeTemporally("~", time.Now(), 10*time.Millisecond))
-			// if token generation and this check happen in "different seconds", the difference will be between 1 and 2 seconds
-			Expect(token.SentTime).To(BeTemporally("~", time.Now(), 2*time.Second))
 		}
 	})
 
@@ -121,8 +117,6 @@ var _ = Describe("Token Generator", func() {
 		token, err := tokenGen.DecodeToken(tokenEnc)
 		Expect(err).ToNot(HaveOccurred())
 		Expect(token.RemoteAddr).To(Equal("192.168.13.37:1337"))
-		// the time resolution of the token is just 1 second
+		Expect(token.SentTime).To(BeTemporally("~", time.Now(), 10*time.Millisecond))
-		// if token generation and this check happen in "different seconds", the difference will be between 1 and 2 seconds
-		Expect(token.SentTime).To(BeTemporally("~", time.Now(), 2*time.Second))
 	})
 })