Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions api/challenge-response/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ session expiry has elapsed.
Location: https://veraison.example/challenge-response/v1/session/1234567890

{
"nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=",
"nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI",
Comment thread
cowbon marked this conversation as resolved.
"expiry": "2030-10-12T07:20:50.52Z",
"accept": [
"application/psa-attestation-token"
Expand All @@ -68,9 +68,9 @@ session expiry has elapsed.
}
```

`nonceSize` must be between `8` and `64`. Analogously, `nonce` must be between
8 and 64 bytes when decoded (which means the specified base64 string must be no
longer than 88 bytes).
`nonceSize` must be between `8` and `64`. Analogously, `nonce` must be
URL-safe base64 encoded and between 8 and 64 bytes when decoded (which means
the specified base64 string must be no longer than 88 bytes).

### Asynchronous verification

Expand All @@ -90,7 +90,7 @@ longer than 88 bytes).
Content-format: application/vnd.veraison.challenge-response-session+json

{
"nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=",
"nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI",
"expiry": "2031-10-12T07:20:50.52Z",
"accept": [
"application/psa-attestation-token"
Expand All @@ -116,7 +116,7 @@ longer than 88 bytes).
Content-format: application/vnd.veraison.challenge-response-session+json

{
"nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=",
"nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI",
"expiry": "2031-10-12T07:20:50.52Z",
"accept": [
"application/psa-attestation-token"
Expand Down Expand Up @@ -154,7 +154,7 @@ longer than 88 bytes).
Content-format: application/vnd.veraison.challenge-response-session+json

{
"nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=",
"nonce": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI",
"expiry": "2030-10-12T07:20:50.52Z",
"accept": [
"application/psa-attestation-token"
Expand Down
8 changes: 4 additions & 4 deletions api/challenge-response/challenge-response.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,13 @@ paths:
in: query
description: >
the API server should not generate a nonce for this session and
instead use the one supplied by the client. The supplied base64
URL-encoded value must decode to a byte sequence between 8 and
64 bytes long.
instead use the one supplied by the client. The supplied nonce
MUST be URL-safe base64 encoded and must decode to a byte sequence
between 8 and 64 bytes long.
required: false
schema:
type: string
format: byte
pattern: '^[A-Za-z0-9_-]+={0,2}$'
responses:
'201':
description: >
Expand Down
9 changes: 5 additions & 4 deletions api/challenge-response/schemas/components.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,12 @@ components:
properties:
nonce:
type: string
format: byte
pattern: '^[A-Za-z0-9_-]+={0,2}$'
description:
base64 encoded random value. Must be between 8 and 64 bytes long in
its raw form (the base64 encoding must be no longer than 88 bytes).
example: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=
URL-safe base64 encoded random value. Must be between 8 and 64
bytes long in its raw form (the base64 encoding must be no longer
than 88 bytes).
example: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI
expiry:
type: string
format: date-time
Expand Down
Loading