DCAppAttestService generateAssertion invalidInput

Hi!

Sometimes when calling

DCAppAttestService.shared.generateAssertion(key.id, clientDataHash: hash)

I'm getting DCError.Code.invalidInput. I am formatting clientDataHash usingSHA256.hash - so it is always 32 bytes long.

As I found out - this error depends on hash that I pass to generateAssertion method. But I could not find any system - which hashes are good and which are not.

Keys are always correct, otherwise invalidKey error would be risen. What can cause the issue? I'm testing on iPhone 11, iOS 15.2.1

Up vote post of beetlab Down vote post of beetlab
323 views
Posted by
beetlab
Reply
Add a Comment

Replies

I've tested assertion with random keyId and it's invalidKey error, so the problem is definitely in clientDataHash. Please, help, Apple Engineering!

Here are the examples of hashes, that running into issue:

uqQ2OEoaFGyzYarDffqkJxeBIumSfIMYmdb/LWkmCvI= XAJ048L6kuYbFclShqDhFaw8L4qhyznusyg4ZQd/qFY= QASl9kEHRGFNw9rHfW3nk8r+1OXy014mJI+7Z//dyEo= hCF1dlIpa/jp4P6KQUT1CuWordnSJSNL/03+HOYrJHk= 90y0Y1UiIpyEY4jbAF/9SPj70rFooD4dzvnbn1s4WrM=

Here are successful hashes:

FIBEpdhRUX92mLLqSfaTl45cwePuCKFYyyp3zI0j5g4= GJ8qc3EPK+o8mqo9AssnUMhbqf6xZmJETFLDHJ+mdao= xTeQF2d5Qr4n3iJa+ECRTrpBclZdYatQUNHv0cQPYKE= Tn20+JzM3FWQtVEk+EWALEfJrMIN1FR+y7FoeJIALeY= NGK8gPiaIPI4W37MEY8B9aGhhEpgcFZj09qOd4LHmnM= vFQzqndMCvG2wdNHCD95CJu4QIX1IXxrYvWczp4wXWQ=

Looks like it's a bug - if a hash contains / than generateAssertion method will fail with DCError.Code.invalidInput

Posted by
beetlab
Up vote reply of beetlab Down vote reply of beetlab
Add a Comment