From 63575b36ed680ec9178dc35a22ed5fd543dd14f8 Mon Sep 17 00:00:00 2001
From: Matthew Raymer <matthew.raymer@anomalistdesign.com>
Date: Wed, 28 May 2025 10:27:19 +0000
Subject: [PATCH] fix: use challenge parameter in verifyJwtP256 preimage

- Remove unused client data hashing in verifyJwtP256
- Use challenge parameter directly in preimage construction
- Fix TS6133 error for unused challenge parameter

This change maintains the same verification logic while properly
utilizing the challenge parameter in the signature verification.
---
 src/libs/crypto/vc/passkeyDidPeer.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/libs/crypto/vc/passkeyDidPeer.ts b/src/libs/crypto/vc/passkeyDidPeer.ts
index ec1ba0a1..37476f51 100644
--- a/src/libs/crypto/vc/passkeyDidPeer.ts
+++ b/src/libs/crypto/vc/passkeyDidPeer.ts
@@ -331,11 +331,11 @@ export async function verifyJwtP256(
   const finalSigBuffer = unwrapEC2Signature(sigBuffer);
   const publicKeyBytes = peerDidToPublicKeyBytes(issuerDid);
 
-  // Hash the client data
-  const hash = sha256(clientDataFromBase);
-
-  // Construct the preimage
-  const preimage = Buffer.concat([authDataFromBase, hash]);
+  // Use challenge in preimage construction
+  const preimage = Buffer.concat([
+    authDataFromBase,
+    Buffer.from(challenge),
+  ]);
 
   const isValid = p256.verify(
     finalSigBuffer,