fix: use challenge parameter in verifyJwtWebCrypto preimage

- Remove unused client data hashing in verifyJwtWebCrypto - Use challenge parameter directly in preimage construction - Fix TS6133 error for unused challenge parameter - Make verification logic consistent with verifyJwtP256 This change maintains the same verification logic while properly utilizing the challenge parameter in the signature verification.
5 months ago · 2d4d9691ca
1 changed files with 5 additions and 4 deletions
--- a/src/libs/crypto/vc/passkeyDidPeer.ts
+++ b/src/libs/crypto/vc/passkeyDidPeer.ts
@ -398,11 +398,12 @@ export async function verifyJwtWebCrypto(
  const sigBuffer = Buffer.from(signature, "base64");
  const finalSigBuffer = unwrapEC2Signature(sigBuffer);

-  // Hash the client data
-  const hash = sha256(clientDataFromBase);
+  // Use challenge in preimage construction
+  const preimage = Buffer.concat([
+    authDataFromBase,
+    Buffer.from(challenge),
+  ]);

-  // Construct the preimage
-  const preimage = Buffer.concat([authDataFromBase, hash]);
  return verifyPeerSignature(preimage, issuerDid, finalSigBuffer);
 }