From 2ab1e6658ed9f7e5c980987da28b9a79fa4635fc Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Tue, 9 Aug 2022 15:06:52 -0700 Subject: [PATCH] Fix nonce validation The attestation certificate contains the nonce as raw bytes in the extension 1.2.840.113635.100.8.11.1 --- acme/challenge.go | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/acme/challenge.go b/acme/challenge.go index 7f5a55cd..52be0ecd 100644 --- a/acme/challenge.go +++ b/acme/challenge.go @@ -346,12 +346,10 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose return err } - // Validate nonce with SHA-256 of the token - // - // TODO(mariano): validate this - if data.Nonce != "" { + // Validate nonce with SHA-256 of the token. + if len(data.Nonce) != 0 { sum := sha256.Sum256([]byte(ch.Token)) - if data.Nonce != hex.EncodeToString(sum[:]) { + if subtle.ConstantTimeCompare(data.Nonce, sum[:]) != 1 { return storeError(ctx, db, ch, true, NewError(ErrorBadAttestationStatement, "challenge token does not match")) } } @@ -408,7 +406,7 @@ var ( ) type appleAttestationData struct { - Nonce string + Nonce []byte SerialNumber string UDID string SEPVersion string @@ -474,7 +472,7 @@ func doAppleAttestationFormat(ctx context.Context, ch *Challenge, db DB, att *At case ext.Id.Equal(oidAppleSecureEnclaveProcessorOSVersion): data.SEPVersion = string(ext.Value) case ext.Id.Equal(oidAppleNonce): - data.Nonce = string(ext.Value) + data.Nonce = ext.Value } }