fix(attestation): different challenge was used.

Ansonhkg · Ansonhkg · commit 56b3e7626252 · 2025-06-10T17:08:05.000+01:00
diff --git a/package.json b/package.json
@@ -3,7 +3,7 @@
   "version": "0.0.1",
   "license": "MIT",
   "scripts": {
-    "reset": "bun unlink-all && rimraf dist node_modules doc tmp yarn-error.log yarn.lock package-lock.json bun.lockb learn-debug.log tmp .nx lit-auth-storage pkp-tokens lit-auth-local",
+    "reset": "bun unlink-all && rimraf dist node_modules doc tmp yarn-error.log yarn.lock package-lock.json bun.lockb learn-debug.log tmp .nx lit-auth-storage pkp-tokens lit-auth-local ./e2e/dist ./e2e/node_modules",
     "go": "bun run build && bun link-all",
     "build": "bun unlink-all && bun scripts/auto-fix-deps.mjs && nx run-many --parallel=false --target=build --all --exclude=wrapped-keys,wrapped-keys-lit-actions",
     "build:affected": "bun scripts/auto-fix-deps.mjs && nx affected --target=build --exclude=wrapped-keys,wrapped-keys-lit-actions",
diff --git a/packages/lit-client/src/lib/LitClient/orchestrateHandshake.ts b/packages/lit-client/src/lib/LitClient/orchestrateHandshake.ts
@@ -71,11 +71,14 @@ export const orchestrateHandshake = async (params: {
               endpoint: params.endpoints.HANDSHAKE,
             });
 
+            // Create the challenge once and use it for both handshake request and attestation verification
+            const challenge = createRandomHexString(64);
+
             const _data = {
               fullPath: fullPath,
               data: {
                 clientPublicKey: 'test',
-                challenge: createRandomHexString(64),
+                challenge: challenge,
               },
               requestId: requestId,
               epoch: params.currentEpoch,
@@ -111,8 +114,6 @@ export const orchestrateHandshake = async (params: {
 
             // 2. Process the response (verify attestation etc.)
             if (params.requiredAttestation) {
-              const challenge = createRandomHexString(64);
-
               if (!retrievedServerKeys.attestation) {
                 throw new InvalidNodeAttestation(
                   {},
@@ -121,6 +122,7 @@ export const orchestrateHandshake = async (params: {
               }
 
               // Verify the attestation by checking the signature against AMD certs
+              // Use the same challenge that was sent to the node
               try {
                 const releaseVerificationFn =
                   params.networkModule?.getVerifyReleaseId?.();
diff --git a/packages/networks/src/networks/vNaga/envs/naga-staging/naga-staging.module.ts b/packages/networks/src/networks/vNaga/envs/naga-staging/naga-staging.module.ts
@@ -287,7 +287,7 @@ const networkModuleObject = {
   id: 'naga',
   version: `${version}-naga-staging`,
   config: {
-    requiredAttestation: false,
+    requiredAttestation: true,
     abortTimeout: 20_000,
     minimumThreshold: networkConfig.minimumThreshold,
     httpProtocol: networkConfig.httpProtocol,
