fix(sdk-lib-mpc): remove date override from encrypt/decrypt, keep +24h tolerance on verify

zahin-mohammad · claude · zahin-mohammad · commit 67f18f91eea5 · 2026-04-09T22:39:51.000-04:00
The original date:null→date:now+24h change made encrypt/decrypt stricter
(requiring keys valid for 24 more hours) instead of more tolerant.
Flipping to now-24h breaks self-signature validation on fresh keys.

The correct fix: omit date from encrypt/decrypt (default key expiry checks)
and keep now+24h only on verify (tolerates future-dated OVC signatures).

Tests now validate clock-skew tolerance on verify and key expiry on encrypt.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/modules/sdk-lib-mpc/src/tss/ecdsa-dkls/commsLayer.ts b/modules/sdk-lib-mpc/src/tss/ecdsa-dkls/commsLayer.ts
@@ -16,8 +16,16 @@ import * as pgp from 'openpgp';
  * OpenPGP date check is a defense-in-depth measure rather than the primary
  * replay mitigation.
  *
- * A 24-hour window preserves compatibility with OVC flows while still
- * rejecting operations against keys that have been expired for more than a day.
+ * OpenPGP's `date` parameter shifts the reference time for ALL temporal
+ * checks simultaneously (key expiry, self-signature validity, signature
+ * freshness). This means a single shifted date cannot independently relax
+ * key-expiry checks without breaking self-signature validation on fresh keys.
+ *
+ * Therefore:
+ * - encrypt/decrypt omit `date` (use default = current time) for normal key
+ *   expiry checking and self-signature validation.
+ * - verify uses `now + tolerance` so that signatures from OVC devices whose
+ *   clocks are up to 24 hours ahead are not rejected as "from the future".
  */
 export const SIGNATURE_DATE_TOLERANCE_MS = 24 * 60 * 60 * 1000;
 
@@ -69,7 +77,6 @@ export async function encryptAndDetachSignData(
       showVersion: false,
       showComment: false,
     },
-    date: new Date(Date.now() + SIGNATURE_DATE_TOLERANCE_MS),
   });
   const signature = await pgp.sign({
     message,
@@ -110,7 +117,6 @@ export async function decryptAndVerifySignedData(
       showComment: false,
     },
     format: 'binary',
-    date: new Date(Date.now() + SIGNATURE_DATE_TOLERANCE_MS),
   });
   const verificationResult = await pgp.verify({
     message: await pgp.createMessage({ binary: decryptedMessage.data }),
diff --git a/modules/sdk-lib-mpc/test/unit/tss/ecdsa/dklsComms.ts b/modules/sdk-lib-mpc/test/unit/tss/ecdsa/dklsComms.ts
@@ -1,6 +1,7 @@
 import {
   decryptAndVerifySignedData,
   encryptAndDetachSignData,
+  verifySignedData,
   SIGNATURE_DATE_TOLERANCE_MS,
 } from '../../../../src/tss/ecdsa-dkls/commsLayer';
 import * as openpgp from 'openpgp';
@@ -100,32 +101,67 @@ describe('DKLS Communication Layer', function () {
   });
 
   describe('signature date tolerance', function () {
-    // Key that expires in 1 second — well within the 24-hour tolerance window,
-    // so encrypt at Date.now() + 24h will see an expired key.
-    let shortLivedRecipientKey: { publicKey: string; privateKey: string };
-
-    before(async function () {
-      shortLivedRecipientKey = await openpgp.generateKey({
-        userIDs: [{ name: 'shortlived', email: 'shortlived@username.com' }],
-        curve: 'secp256k1',
-        keyExpirationTime: 1,
-      });
+    it('should confirm tolerance constant is 24 hours', function () {
+      SIGNATURE_DATE_TOLERANCE_MS.should.equal(24 * 60 * 60 * 1000);
     });
 
     it('should reject encryption to an expired key', async function () {
-      const text = 'ffffffff';
+      // Key created 48h ago with a 23h lifetime → expired 25h ago.
+      const expiredKey = await openpgp.generateKey({
+        userIDs: [{ name: 'expired', email: 'expired@username.com' }],
+        curve: 'secp256k1',
+        date: new Date(Date.now() - 48 * 60 * 60 * 1000),
+        keyExpirationTime: 23 * 3600,
+      });
 
-      // Encryption checks key validity at Date.now() + 24h, which is past
-      // the 1-second key expiry, so this should be rejected.
       await encryptAndDetachSignData(
-        Buffer.from(text, 'base64'),
-        shortLivedRecipientKey.publicKey,
+        Buffer.from('ffffffff', 'base64'),
+        expiredKey.publicKey,
         senderKey.privateKey
       ).should.be.rejectedWith('Error encrypting message: Primary key is expired');
     });
 
-    it('should confirm tolerance constant is 24 hours', function () {
-      SIGNATURE_DATE_TOLERANCE_MS.should.equal(24 * 60 * 60 * 1000);
+    it('should accept verification of a signature created by a device whose clock is ahead', async function () {
+      // Simulate a signature created by a device whose clock is 12 hours
+      // ahead. The verify tolerance (now + 24h) should accept it.
+      const futureDate = new Date(Date.now() + 12 * 60 * 60 * 1000);
+      const message = await openpgp.createMessage({ binary: Buffer.from('ffffffff', 'base64') });
+      const privateKey = await openpgp.readPrivateKey({ armoredKey: senderKey.privateKey });
+      const signature = await openpgp.sign({
+        message,
+        signingKeys: privateKey,
+        format: 'armored',
+        detached: true,
+        date: futureDate,
+        config: { rejectCurves: new Set(), showVersion: false, showComment: false },
+      });
+
+      const result = await verifySignedData(
+        { message: Buffer.from('ffffffff', 'base64').toString('base64'), signature },
+        senderKey.publicKey
+      );
+      result.should.equal(true);
+    });
+
+    it('should reject verification of a signature created more than 24h in the future', async function () {
+      // Simulate a signature from a device whose clock is 25 hours ahead.
+      const farFutureDate = new Date(Date.now() + 25 * 60 * 60 * 1000);
+      const message = await openpgp.createMessage({ binary: Buffer.from('ffffffff', 'base64') });
+      const privateKey = await openpgp.readPrivateKey({ armoredKey: senderKey.privateKey });
+      const signature = await openpgp.sign({
+        message,
+        signingKeys: privateKey,
+        format: 'armored',
+        detached: true,
+        date: farFutureDate,
+        config: { rejectCurves: new Set(), showVersion: false, showComment: false },
+      });
+
+      const result = await verifySignedData(
+        { message: Buffer.from('ffffffff', 'base64').toString('base64'), signature },
+        senderKey.publicKey
+      );
+      result.should.equal(false);
     });
   });
 });
