search

veehaitch / devicecheck-appattest

Server-side library to validate the authenticity of Apple App Attest artifacts, written in Kotlin.
Apache License 2.0
66 stars 8 forks source link

Apple Attestation Object Validation Guide #40

Open rogervinas opened 1 month ago

rogervinas commented 1 month ago

Hello! First of all, great library πŸš€

I am checking it using Apple's Attestation Object Validation Guide sample and I get an error "The attestation's nonce is invalid"

val appleAppAttest = AppleAppAttest(
  app = App("0352187391", "com.apple.example_app_attest"),
  appleAppAttestEnvironment = AppleAppAttestEnvironment.PRODUCTION,
)
val attestationValidator = appleAppAttest.createAttestationValidator(
  clock = Clock.fixed(Instant.parse("2024-04-18T00:00:00Z"), ZoneId.systemDefault()),
)
attestationValidator.validate(
  attestationObject = Base64.decode("o2NmbXRvYXBwbGUtYXBwYXR..."), // get the whole value from the guide
  keyIdBase64 = "bSrEhF8TIzIvWSPwvZ0i2+UOBre4ASH84rK15m6emNY=",
  serverChallenge = "test_server_challenge".toByteArray(),
)

I think the problem is in Apple's documentation sample because in step 2:

Create clientDataHash as the SHA256 hash of the one-time challenge your server sends to your app before performing the attestation, and append that hash to the end of the authenticator data

They really do not do the SHA256 of the server challenge but append its plain bytes instead.

I already submitted this feedback to Apple's documentation.

Anybody else encountered this problem? πŸ™

JesusMcCloud commented 1 month ago

We're using this library to support iOS attestation in WARDEN and we have even started to exploit the fact that only the hash is passed. See here, for a description.

rogervinas commented 1 month ago

Thanks @JesusMcCloud we will take a look at WARDEN

JesusMcCloud commented 1 month ago

I think it really depends, whether this makes sense for you. Don't get me wrong: We're always happy about new users, because it is an opportunity to gather feedback and improve, but if you are only interested in iOS, that additional layer of indirection may not be worth it. In this case, it's probably easier to just use this library here.

On a related note: We're reworking the iOS attestation format to emulate key attestation and neither back-end nor iOS samples in the WARDEN repo have been updated yet.
What I showed you was a peek into the next release, to stress that there's indeed hashing going on. Here's the corresponding client code including hashing, from our Supreme KMP crypto provider.