This repository has been archived by the owner on Jul 11, 2024. It is now read-only.
Nonce bug #3
Comments
|
Hello, Could you provide an example of what you are sending and what is actually sent by the plugin? |
|
@g123k This function in your code says it all If I generated my own nonce, say on a backend server and passed it to your function, it would add some random bytes in-front then that new_nonce is what is sent to Google. Google then responds with the attestation result based on the altered nonce...so comparing my original server nonce and the Google-derived nonce results in a fail. Simply removing those SecureRandom bytes fixed the issue for me. private byte[] getRequestNonce(String data) {
ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
byte[] bytes = new byte[24];
//You generate 24 random bytes here
new SecureRandom().nextBytes(bytes);
try {
//and add those bytes in front the user specified nonce
byteStream.write(bytes);
//my nonce
byteStream.write(data.getBytes());
} catch (IOException e) {
return null;
}
return byteStream.toByteArray();
} |
|
Ok, could you send a PR with your modification? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
There's a bug when you specify your own nonce, a few bytes are added in front of it changing it. This happens at the getRequestNonce() function
The text was updated successfully, but these errors were encountered: