From f8b5efbd0c23630f07270c893e89c716eb6e0147 Mon Sep 17 00:00:00 2001 From: Yuanyuan <45467248+Li-Yuanyuan@users.noreply.github.com> Date: Mon, 6 Jan 2025 23:44:20 -0800 Subject: [PATCH 1/3] Update verify.ts Fixed the issue where ecdsa-sha256 is always chosen. --- src/rfc9421/verify.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rfc9421/verify.ts b/src/rfc9421/verify.ts index cf21b02..946108e 100644 --- a/src/rfc9421/verify.ts +++ b/src/rfc9421/verify.ts @@ -86,7 +86,7 @@ export async function verifyRFC9421Signature( if (importedKeys.length === 0) { importedKeys = await Promise.all( Array.from(keys.values()) - .map(key => parseAndImportPublicKey(key, ['verify'])) + .map(key => parseAndImportPublicKey(key, ['verify']), alg) ); } @@ -127,7 +127,7 @@ export async function verifyRFC9421Signature( for (const [label, parsed, key] of toVerify) { try { - const { publicKey, algorithm } = await parseAndImportPublicKey(key, ['verify']); + const { publicKey, algorithm } = await parseAndImportPublicKey(key, ['verify'], alg); const verify = await (await getWebcrypto()).subtle.verify( algorithm, publicKey, base64.parse(parsed.signature), textEncoder.encode(parsed.base) From 98a298f8456301937f0ed198c274410bd2c531df Mon Sep 17 00:00:00 2001 From: Yuanyuan <45467248+Li-Yuanyuan@users.noreply.github.com> Date: Mon, 6 Jan 2025 23:49:47 -0800 Subject: [PATCH 2/3] Update verify.ts Fixed a copy-paste issue with `ecdsa-p384-sha384` --- src/shared/verify.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/verify.ts b/src/shared/verify.ts index c1ee749..a0e0a04 100644 --- a/src/shared/verify.ts +++ b/src/shared/verify.ts @@ -87,7 +87,7 @@ export function parseSignInfo(algorithm: string | undefined, real: ParsedAlgorit if (namedCurve !== 'P-384') { throw new KeyHashValidationError(`curve is not P-384: ${namedCurve}`); } - return { name: 'ECDSA', hash: 'SHA-256', namedCurve }; + return { name: 'ECDSA', hash: 'SHA-384', namedCurve }; } //#region Draft From 032fb4fe94269f85dadbb8f91a69abcb81fad1f4 Mon Sep 17 00:00:00 2001 From: Yuanyuan <45467248+Li-Yuanyuan@users.noreply.github.com> Date: Tue, 7 Jan 2025 00:04:53 -0800 Subject: [PATCH 3/3] Update parse.ts Fixed SFV parsing failure, added the sfv dictionary option to `RFC9421SignatureBaseFactory`. --- src/rfc9421/parse.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rfc9421/parse.ts b/src/rfc9421/parse.ts index 93a49ff..ea80d2e 100644 --- a/src/rfc9421/parse.ts +++ b/src/rfc9421/parse.ts @@ -90,7 +90,7 @@ export function parseRFC9421RequestOrResponse( if (!inputIsValid) throw new Error('signatureInput'); const factory = new RFC9421SignatureBaseFactory( - request, undefined, undefined, undefined, + request, undefined, options?.additionalSfvTypeDictionary, undefined, options?.requiredComponents?.rfc9421 || options?.requiredInputs?.rfc9421, ); const results = new Map();