fix(seal): improve retrieval security and locked seal handling

teycir · teycir · commit 665ddd15efe7 · 2025-12-22T18:59:24.000+01:00
Ensure unlock time is checked before any other operations to prevent timing attacks.
Decrypt sensitive data (keyB) only when a seal is genuinely unlocked.
Prevent exposing iv and unlock message for locked seals by returning early.
Remove client-side pulse token generation, as the server will now manage this.
diff --git a/app/page.tsx b/app/page.tsx
@@ -239,10 +239,9 @@ export default function HomePage() {
       if (sealType === 'timed') {
         unlockTime = new Date(unlockDate).getTime();
       } else {
-        // Dead man's switch
+        // Dead man's switch - server generates pulse token
         pulseDuration = pulseDays * 24 * 60 * 60 * 1000;
         unlockTime = Date.now() + pulseDuration;
-        pulseToken = crypto.randomUUID();
       }
 
       // Create FormData for API
@@ -254,7 +253,6 @@ export default function HomePage() {
       formData.append('isDMS', (sealType === 'deadman').toString());
 
       if (turnstileToken) formData.append('cf-turnstile-response', turnstileToken);
-      if (pulseToken) formData.append('pulseToken', pulseToken);
       if (pulseDuration) formData.append('pulseInterval', pulseDuration.toString());
 
       // Send to API
diff --git a/lib/sealService.ts b/lib/sealService.ts
@@ -130,19 +130,39 @@ export class SealService {
       throw new Error(ErrorCode.SEAL_NOT_FOUND);
     }
 
+    // Check time BEFORE any other operations to prevent timing attacks
     const now = Date.now();
     const isUnlocked = now >= seal.unlockTime;
 
-    let decryptedKeyB: string | undefined;
-    if (isUnlocked) {
-      decryptedKeyB = await decryptKeyBWithFallback(seal.keyB, sealId, [this.masterKey]);
-      metrics.incrementSealUnlocked();
+    // Add jitter for locked seals (already done in API route, but double-check here)
+    if (!isUnlocked) {
+      auditSealAccessed(sealId, ip, 'locked');
+      this.auditLogger?.log({
+        timestamp: now,
+        eventType: AuditEventType.SEAL_ACCESS_DENIED,
+        sealId,
+        ip,
+        metadata: { unlockTime: seal.unlockTime },
+      });
+
+      return {
+        id: sealId,
+        unlockTime: seal.unlockTime,
+        isDMS: seal.isDMS,
+        status: 'locked',
+        blobHash: seal.blobHash,
+        accessCount: seal.accessCount,
+      };
     }
 
-    auditSealAccessed(sealId, ip, isUnlocked ? 'unlocked' : 'locked');
+    // Only decrypt if unlocked
+    const decryptedKeyB = await decryptKeyBWithFallback(seal.keyB, sealId, [this.masterKey]);
+    metrics.incrementSealUnlocked();
+
+    auditSealAccessed(sealId, ip, 'unlocked');
     this.auditLogger?.log({
-      timestamp: Date.now(),
-      eventType: isUnlocked ? AuditEventType.SEAL_UNLOCKED : AuditEventType.SEAL_ACCESS_DENIED,
+      timestamp: now,
+      eventType: AuditEventType.SEAL_UNLOCKED,
       sealId,
       ip,
       metadata: { unlockTime: seal.unlockTime },
@@ -152,11 +172,11 @@ export class SealService {
       id: sealId,
       unlockTime: seal.unlockTime,
       isDMS: seal.isDMS,
-      status: isUnlocked ? 'unlocked' : 'locked',
+      status: 'unlocked',
       keyB: decryptedKeyB,
-      iv: isUnlocked ? seal.iv : undefined,
+      iv: seal.iv,
       blobHash: seal.blobHash,
-      unlockMessage: isUnlocked ? seal.unlockMessage : undefined,
+      unlockMessage: seal.unlockMessage,
       accessCount: seal.accessCount,
     };
   }
