fix(sdk-lib-mpc): replace date:null with 24h tolerance window in OpenPGP calls

zahin-mohammad · claude · zahin-mohammad · commit 31e3b76f0184 · 2026-04-09T21:54:38.000-04:00
Replace `date: null as unknown as undefined` with a 24-hour tolerance window in all OpenPGP encrypt/decrypt/verify calls. The null date was intentionally added (HSM-706) for OVC cold-signing flows where air-gapped devices can have significant clock drift, but fully disabling date checks is unnecessary — the DKLS protocol has its own replay protection via session-bound commitments and round-specific validation. A 24-hour window preserves OVC compatibility while re-enabling key expiry checks as a defense-in-depth measure. Ticket: WAL-379 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/modules/sdk-lib-mpc/src/tss/ecdsa-dkls/commsLayer.ts b/modules/sdk-lib-mpc/src/tss/ecdsa-dkls/commsLayer.ts
@@ -1,6 +1,26 @@
 import { SerializedMessages, AuthEncMessage, AuthEncMessages, PartyGpgKey, AuthMessage } from './types';
 import * as pgp from 'openpgp';
 
+/**
+ * Tolerance window for OpenPGP date-based key validity checks (24 hours).
+ *
+ * Background: OpenPGP.js uses the `date` parameter to check key expiry at a
+ * given point in time. We previously passed `date: null` to disable this check
+ * entirely (see HSM-706) because OVC cold-signing flows for trust and SMC
+ * clients can involve significant clock skew between the signing device and the
+ * server — the device may be air-gapped and its clock can drift by hours.
+ *
+ * Note: this GPG expiry check is not strictly required for replay protection.
+ * The DKLS protocol has its own mechanism for preventing replay attacks
+ * (session-bound commitments and round-specific message validation), so the
+ * OpenPGP date check is a defense-in-depth measure rather than the primary
+ * replay mitigation.
+ *
+ * A 24-hour window preserves compatibility with OVC flows while still
+ * rejecting operations against keys that have been expired for more than a day.
+ */
+export const SIGNATURE_DATE_TOLERANCE_MS = 24 * 60 * 60 * 1000;
+
 /**
  * Detach signs a binary and encodes it in base64
  * @param data binary to encode in base64 and sign
@@ -49,7 +69,7 @@ export async function encryptAndDetachSignData(
       showVersion: false,
       showComment: false,
     },
-    date: null as unknown as undefined,
+    date: new Date(Date.now() + SIGNATURE_DATE_TOLERANCE_MS),
   });
   const signature = await pgp.sign({
     message,
@@ -90,13 +110,13 @@ export async function decryptAndVerifySignedData(
       showComment: false,
     },
     format: 'binary',
-    date: null as unknown as undefined,
+    date: new Date(Date.now() + SIGNATURE_DATE_TOLERANCE_MS),
   });
   const verificationResult = await pgp.verify({
     message: await pgp.createMessage({ binary: decryptedMessage.data }),
     signature: await pgp.readSignature({ armoredSignature: encryptedAndSignedMessage.signature }),
     verificationKeys: publicKey,
-    date: null as unknown as undefined,
+    date: new Date(Date.now() + SIGNATURE_DATE_TOLERANCE_MS),
   });
   await verificationResult.signatures[0].verified;
   return Buffer.from(decryptedMessage.data).toString('base64');
@@ -113,7 +133,7 @@ export async function verifySignedData(signedMessage: AuthMessage, publicArmor:
     message: await pgp.createMessage({ binary: Buffer.from(signedMessage.message, 'base64') }),
     signature: await pgp.readSignature({ armoredSignature: signedMessage.signature }),
     verificationKeys: publicKey,
-    date: null as unknown as undefined,
+    date: new Date(Date.now() + SIGNATURE_DATE_TOLERANCE_MS),
   });
   try {
     await verificationResult.signatures[0].verified;
diff --git a/modules/sdk-lib-mpc/test/unit/tss/ecdsa/dklsComms.ts b/modules/sdk-lib-mpc/test/unit/tss/ecdsa/dklsComms.ts
@@ -1,4 +1,8 @@
-import { decryptAndVerifySignedData, encryptAndDetachSignData } from '../../../../src/tss/ecdsa-dkls/commsLayer';
+import {
+  decryptAndVerifySignedData,
+  encryptAndDetachSignData,
+  SIGNATURE_DATE_TOLERANCE_MS,
+} from '../../../../src/tss/ecdsa-dkls/commsLayer';
 import * as openpgp from 'openpgp';
 
 describe('DKLS Communication Layer', function () {
@@ -94,4 +98,34 @@ describe('DKLS Communication Layer', function () {
         .toHex()}`
     );
   });
+
+  describe('signature date tolerance', function () {
+    // Key that expires in 1 second — well within the 24-hour tolerance window,
+    // so encrypt at Date.now() + 24h will see an expired key.
+    let shortLivedRecipientKey: { publicKey: string; privateKey: string };
+
+    before(async function () {
+      shortLivedRecipientKey = await openpgp.generateKey({
+        userIDs: [{ name: 'shortlived', email: 'shortlived@username.com' }],
+        curve: 'secp256k1',
+        keyExpirationTime: 1,
+      });
+    });
+
+    it('should reject encryption to an expired key', async function () {
+      const text = 'ffffffff';
+
+      // Encryption checks key validity at Date.now() + 24h, which is past
+      // the 1-second key expiry, so this should be rejected.
+      await encryptAndDetachSignData(
+        Buffer.from(text, 'base64'),
+        shortLivedRecipientKey.publicKey,
+        senderKey.privateKey
+      ).should.be.rejectedWith('Error encrypting message: Primary key is expired');
+    });
+
+    it('should confirm tolerance constant is 24 hours', function () {
+      SIGNATURE_DATE_TOLERANCE_MS.should.equal(24 * 60 * 60 * 1000);
+    });
+  });
 });
