feat(noise): add 10s clock skew tolerance to signature verification

`SignatureNoiseMessage` verification now accepts messages whose
`valid_from`/`not_valid_after` bounds fall within a 10-second leeway. This
prevents false negatives when the local machine clock is a few seconds
ahead or behind (e.g., minor NTP drift).

Author: lucasbalieiro

sv2/noise-sv2/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "noise_sv2"
-version = "1.4.0"
+version = "1.4.1"
 authors = ["The Stratum V2 Developers"]
 edition = "2021"
 readme = "README.md"

sv2/noise-sv2/src/signature_message.rs

@@ -81,7 +81,8 @@ impl SignatureNoiseMessage {
         self.verify_with_now(pk, authority_pk, now)
     }
 
-    /// Verifies the validity and authenticity of the `SignatureNoiseMessage` at a given timestamp.
+    /// Verifies the validity and authenticity of the `SignatureNoiseMessage` at a given timestamp
+    /// with 10 seconds of tolerance.
     ///
     /// See [`Self::verify`] for more details.
     ///
@@ -94,8 +95,14 @@ impl SignatureNoiseMessage {
         authority_pk: &Option<XOnlyPublicKey>,
         now: u32,
     ) -> bool {
+        // Allow the local clock to drift up to 10 seconds ahead or behind.
+        // See https://github.com/stratum-mining/stratum/issues/2015
+        const TIME_LEEWAY: u32 = 10;
+
         if let Some(authority_pk) = authority_pk {
-            if self.valid_from <= now && self.not_valid_after >= now {
+            if self.valid_from.saturating_sub(TIME_LEEWAY) <= now
+                && self.not_valid_after.saturating_add(TIME_LEEWAY) >= now
+            {
                 let secp = Secp256k1::verification_only();
                 let (m, s) = self.split();
                 // m = SHA-256(version || valid_from || not_valid_after || server_static_key)