Skip to content

fix: reject stale and future-dated attestation blobs at provider registration #129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
antojoseph wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: reject stale and future-dated attestation blobs at provider registration #129

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
41b6cb2
fix: reject stale and future-dated attestation blobs at provider regi…
antojoseph May 4, 2026
acb977d
fix: reject future-dated attestation timestamps in CheckTimestamp
antojoseph May 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions coordinator/internal/api/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1208,6 +1208,22 @@ func (s *Server) verifyProviderAttestation(providerID string, provider *registry
return
}

// Reject stale attestation blobs. A replayed blob from a previously-valid
// provider could otherwise grant trust to a new connection without fresh
// hardware verification. 5 minutes matches the challenge cycle interval.
const attestationMaxAge = 5 * time.Minute
if !attestation.CheckTimestamp(result, attestationMaxAge) {
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Reject future attestations before trusting provider

This new gate calls attestation.CheckTimestamp, but that helper currently returns time.Since(result.Timestamp) <= maxAge (coordinator/internal/attestation/attestation.go), which evaluates to true for future timestamps because time.Since is negative. As a result, future-dated blobs are still accepted here even though the log/error path says they are rejected, so an attacker can use a far-future attestation timestamp to bypass the intended replay protection window.

Useful? React with 👍 / 👎.

s.logger.Warn("provider attestation timestamp out of range — rejecting stale or future-dated blob",
"provider_id", providerID,
"attestation_time", result.Timestamp,
)
result.Valid = false
result.Error = "attestation timestamp out of acceptable range"
provider.SetAttestationResult(&result)
s.registry.MarkUntrusted(providerID)
return
}

// Bind the WebSocket X25519 key used for E2E text encryption to the
// attested Secure Enclave identity. If a provider wants to serve private
// text, the attestation must carry the same encryption public key.
Expand Down
10 changes: 9 additions & 1 deletion coordinator/internal/attestation/attestation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -241,11 +241,19 @@ func VerifyJSON(jsonData []byte) (VerificationResult, error) {

// CheckTimestamp verifies that the attestation timestamp is within the
// given maximum age. This prevents replay of old attestations.
// Future-dated timestamps (clock skew beyond 30 s) are also rejected to
// prevent bypass via a far-future timestamp: time.Since is negative for
// future times, so without the upper-bound check it would always pass.
func CheckTimestamp(result VerificationResult, maxAge time.Duration) bool {
if result.Timestamp.IsZero() {
return false
}
return time.Since(result.Timestamp) <= maxAge
now := time.Now()
// Reject future-dated blobs (allow 30 s clock skew).
if result.Timestamp.After(now.Add(30 * time.Second)) {
return false
}
return now.Sub(result.Timestamp) <= maxAge
}

// ParseP256PublicKey parses a raw P-256 public key point.
Expand Down
Loading