fix: use challenge parameter in verifyJwtP256 preimage

- Remove unused client data hashing in verifyJwtP256 - Use challenge parameter directly in preimage construction - Fix TS6133 error for unused challenge parameter This change maintains the same verification logic while properly utilizing the challenge parameter in the signature verification.
1 week ago · 63575b36ed
1 changed files with 5 additions and 5 deletions
--- a/src/libs/crypto/vc/passkeyDidPeer.ts
+++ b/src/libs/crypto/vc/passkeyDidPeer.ts
@ -331,11 +331,11 @@ export async function verifyJwtP256(
  const finalSigBuffer = unwrapEC2Signature(sigBuffer);
  const publicKeyBytes = peerDidToPublicKeyBytes(issuerDid);

-  // Hash the client data
-  const hash = sha256(clientDataFromBase);
-
-  // Construct the preimage
-  const preimage = Buffer.concat([authDataFromBase, hash]);
+  // Use challenge in preimage construction
+  const preimage = Buffer.concat([
+    authDataFromBase,
+    Buffer.from(challenge),
+  ]);

  const isValid = p256.verify(
    finalSigBuffer,