App Attest Server Validations

I'm following the attestation object validation guide to check my attestation server validations, but having a different output of that it's expected in the documentation.

Everything goes well until the step 2, where it's created the SHA256 hash of the one-time challenge, then this hash it's appended to the end of the authenticator data from the decoded attestation object.

Here the generated client data hash is different from the one in the documentation, which also causes a different nonce value.

Full implementation at Go Playground: https://go.dev/play/p/DpL_H3L8yWV

	// generate the SHA256 hash of the one-time challenge
	challengeHash := sha256.Sum256([]byte(serverChallenge))

	// append the one-time challenge hash to the end of the authenticator data
	clientDataHash := append([]byte(att.AuthData), challengeHash[:]...)

	// create a SHA256 hash of the composite item to create nonce
	nonce := sha256.Sum256(clientDataHash)

Then I noticed that if the one-time challenge value it's just appended to the end of the authenticator data, the value it's correctly according to the documentation.

Full implementation at Go Playground: https://go.dev/play/p/qqN97SevJAB

	// append the one-time challenge byte array to the end of the authenticator data
	// this time not generating the SHA256 hash of the one-time challenge
	clientDataHash := append([]byte(att.AuthData), []byte(serverChallenge)...)

	// create a SHA256 hash of the composite item to create nonce
	nonce := sha256.Sum256(clientDataHash)

My question is which of the implementations is correct, because if I didn't get it wrong it should be the first one and we would have an error in the documentation.

Anyone knows how to solve this?

We are having some issues with our current attestation solution that may be related to this. In apps that were built with an Intel architecture, everything goes well, but if it is a Mac with architecture M, the nonce is never correct.

App Attest Server Validations
 
 
Q