Remove time crate dependency

Cargo.toml

@@ -11,7 +11,6 @@ categories = ["network-programming", "cryptography"]
 
 [dependencies]
 untrusted = "0.5.1"
-time = "0.1.37"
 base64 = "0.6"
 log = { version = "0.3.6", optional = true }
 ring = { version = "0.12", features = ["rsa_signing"] }

src/client/hs.rs

@@ -27,7 +27,7 @@ use suites;
 use hash_hs;
 use verify;
 use rand;
-use time;
+use ticketer;
 use error::TLSError;
 use handshake::{check_message, check_handshake_message};
 
@@ -77,10 +77,6 @@ fn illegal_param(sess: &mut ClientSessionImpl, why: &str) -> TLSError {
     TLSError::PeerMisbehavedError(why.to_string())
 }
 
-fn ticket_timebase() -> u64 {
-    time::get_time().sec as u64
-}
-
 fn check_aligned_handshake(sess: &mut ClientSessionImpl) -> Result<(), TLSError> {
     if !sess.common.handshake_joiner.is_empty() {
         Err(illegal_param(sess, "keys changed with pending hs fragment"))
@@ -102,7 +98,7 @@ fn find_session(sess: &mut ClientSessionImpl, dns_name: &str) -> Option<persist:
 
     let value = maybe_value.unwrap();
     if let Some(result) = persist::ClientSessionValue::read_bytes(&value) {
-        if result.has_expired(ticket_timebase()) {
+        if result.has_expired(ticketer::timebase()) {
             None
         } else {
             Some(result)
@@ -308,7 +304,7 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl,
             let resuming = handshake.resuming_session
                 .as_ref()
                 .unwrap();
-            (resuming.get_obfuscated_ticket_age(ticket_timebase()), resuming.cipher_suite)
+            (resuming.get_obfuscated_ticket_age(ticketer::timebase()), resuming.cipher_suite)
         };
 
         let binder_len = sess.find_cipher_suite(suite).unwrap().get_hash().output_len;
@@ -1710,7 +1706,7 @@ fn save_session(handshake: &mut HandshakeDetails,
                                                      &handshake.session_id,
                                                      ticket,
                                                      master_secret);
-    value.set_times(ticket_timebase(),
+    value.set_times(ticketer::timebase(),
                     recvd_ticket.new_ticket_lifetime,
                     0);
     if handshake.using_ems {
@@ -1997,7 +1993,7 @@ impl ExpectTLS13Traffic {
                                                          &SessionID::empty(),
                                                          nst.ticket.0.clone(),
                                                          secret);
-        value.set_times(ticket_timebase(),
+        value.set_times(ticketer::timebase(),
                         nst.lifetime,
                         nst.age_add);
 

src/lib.rs

@@ -194,9 +194,6 @@ extern crate webpki;
 // *ring* for cryptography.
 extern crate ring;
 
-// TODO: Remove this dependency.
-extern crate time;
-
 // untrusted for feeding ring and webpki.
 extern crate untrusted;
 

src/ticketer.rs

@@ -2,11 +2,20 @@
 use server::ProducesTickets;
 use rand;
 
-use time;
 use std::mem;
 use std::sync::{Mutex, Arc};
+use std::time;
 use ring::aead;
 
+/// The timebase for expiring and rolling tickets and ticketing
+/// keys.  This is UNIX wall time in seconds.
+pub fn timebase() -> u64 {
+    time::SystemTime::now()
+        .duration_since(time::UNIX_EPOCH)
+        .unwrap()
+        .as_secs()
+}
+
 /// This is a `ProducesTickets` implementation which uses
 /// any *ring* `aead::Algorithm` to encrypt and authentication
 /// the ticket payload.  It does not enforce any lifetime
@@ -96,7 +105,7 @@ impl ProducesTickets for AEADTicketer {
 struct TicketSwitcherState {
     current: Box<ProducesTickets>,
     previous: Option<Box<ProducesTickets>>,
-    next_switch_time: i64,
+    next_switch_time: u64,
 }
 
 /// A ticketer that has a 'current' sub-ticketer and a single
@@ -122,7 +131,7 @@ impl TicketSwitcher {
             state: Mutex::new(TicketSwitcherState {
                 current: generator(),
                 previous: None,
-                next_switch_time: time::get_time().sec + lifetime as i64,
+                next_switch_time: timebase() + lifetime as u64,
             }),
         }
     }
@@ -135,11 +144,11 @@ impl TicketSwitcher {
     /// key erasure will be delayed until the next encrypt/decrypt call.
     pub fn maybe_roll(&self) {
         let mut state = self.state.lock().unwrap();
-        let now = time::get_time().sec;
+        let now = timebase();
 
         if now > state.next_switch_time {
             state.previous = Some(mem::replace(&mut state.current, (self.generator)()));
-            state.next_switch_time = now + self.lifetime as i64;
+            state.next_switch_time = now + self.lifetime as u64;
         }
     }
 }

src/verify.rs

@@ -1,5 +1,4 @@
 use webpki;
-use time;
 use untrusted;
 use sct;
 use std;
@@ -267,11 +266,20 @@ pub fn verify_tls13(cert: &Certificate,
         .map(|_| HandshakeSignatureValid::assertion())
 }
 
+fn unix_time_millis() -> Result<u64, TLSError> {
+    std::time::SystemTime::now()
+        .duration_since(std::time::UNIX_EPOCH)
+        .map(|dur| dur.as_secs())
+        .map_err(|_| TLSError::FailedToGetCurrentTime)
+        .and_then(|secs| secs.checked_mul(1000)
+                  .ok_or(TLSError::FailedToGetCurrentTime))
+}
+
 pub fn verify_scts(cert: &Certificate,
                    scts: &SCTList,
                    logs: &[&sct::Log]) -> Result<(), TLSError> {
     let mut valid_scts = 0;
-    let now = (time::get_time().sec * 1000) as u64;
+    let now = unix_time_millis()?;
     let mut last_sct_error = None;
 
     for sct in scts {