diff --git a/vclib/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/HolderAgent.kt b/vclib/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/HolderAgent.kt index e45b8ea72..6ea5b2a76 100644 --- a/vclib/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/HolderAgent.kt +++ b/vclib/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/HolderAgent.kt @@ -185,7 +185,7 @@ class HolderAgent( val deviceSignature = coseService.createSignedCose( protectedHeader = CoseHeader(algorithm = CoseAlgorithm.ES256), unprotectedHeader = null, - payload = null, //TODO challenge + payload = challenge.encodeToByteArray(), addKeyId = false ).getOrNull() ?: return null .also { Napier.w("Could not create DeviceAuth for presentation") } diff --git a/vclib/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt b/vclib/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt index 47de63cac..4cfec573d 100644 --- a/vclib/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt +++ b/vclib/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt @@ -222,6 +222,14 @@ class Validator( .also { Napier.w("DeviceSignature not verified") } } + val deviceSignaturePayload = deviceSignature.payload + ?: return Verifier.VerifyPresentationResult.InvalidStructure(doc.serialize().encodeBase16()) + .also { Napier.w("DeviceSignature does not contain challenge") } + if (!deviceSignaturePayload.contentEquals(challenge.encodeToByteArray())) { + return Verifier.VerifyPresentationResult.InvalidStructure(doc.serialize().encodeBase16()) + .also { Napier.w("DeviceSignature does not contain correct challenge") } + } + val issuerSignedItems = issuerSigned.namespaces?.get(NAMESPACE_MDL) ?: return Verifier.VerifyPresentationResult.InvalidStructure(doc.serialize().encodeBase16()) .also { Napier.w("No issuer signed items in ${issuerSigned.namespaces}") }