@@ -52,7 +52,7 @@ export function commonAlgorithms({
5252 'specific cryptosuite proof generation algorithm.' , async function ( ) {
5353 this . test . link = 'https://w3c.github.io/vc-di-ecdsa/#algorithms:~:text=When%20generating%20ECDSA%20signatures%2C%20the%20signature%20value%20MUST%20be%20expressed%20according%20to%20section%207%20of%20%5BRFC4754%5D%20(sometimes%20referred%20to%20as%20the%20IEEE%20P1363%20format)%20and%20encoded%20according%20to%20the%20specific%20cryptosuite%20proof%20generation%20algorithm' ;
5454 for ( const [ keyType , fixtures ] of credentials ) {
55- await assertions . verificationSuccess ( {
55+ await assertions . verificationFail ( {
5656 credential : fixtures . get ( 'invalidHash' ) ,
5757 verifier,
5858 reason : `Should not verify VC signed w/ ${ keyType }
@@ -63,7 +63,7 @@ export function commonAlgorithms({
6363 it ( 'For P-256 keys, the default hashing function, SHA-2 with 256 ' +
6464 'bits of output, MUST be used.' , async function ( ) {
6565 this . test . link = 'https://w3c.github.io/vc-di-ecdsa/#algorithms:~:text=For%20P%2D256%20keys%2C%20the%20default%20hashing%20function%2C%20SHA%2D2%20with%20256%20bits%20of%20output%2C%20MUST%20be%20used.' ;
66- await assertions . verificationSuccess ( {
66+ await assertions . verificationFail ( {
6767 credential : credentials . get ( 'P-256' ) . get ( 'invalidHash' ) ,
6868 verifier,
6969 reason : `Should not verify VC with invalid hash.`
@@ -316,14 +316,19 @@ async function _commonSetup({
316316 } ) ;
317317 credentials . set ( 'invalidHash' , await issueCloned ( {
318318 credential : _credential ,
319- suite : invalidHashProxy ( { suite, suiteName} ) ,
320- selectiveSuite : invalidHashProxy ( { suite : selectiveSuite , suiteName} )
319+ suite : invalidHashProxy ( { suite, suiteName, keyType} ) ,
320+ selectiveSuite : invalidHashProxy ( {
321+ suite : selectiveSuite ,
322+ suiteName,
323+ keyType
324+ } )
321325 } ) ) ;
322326 return credentials ;
323327}
324328
325329function invalidHashProxy ( {
326330 suiteName,
331+ keyType,
327332 suite,
328333} ) {
329334 if ( typeof suite !== 'object' ) {
@@ -340,8 +345,7 @@ function invalidHashProxy({
340345 cryptosuite, document, proof,
341346 documentLoader, dataIntegrityProof
342347 } = { } ) {
343- const algorithm = 'SHA-512' ;
344-
348+ const algorithm = ( keyType === 'P-256' ) ? 'sha384' : 'sha256' ;
345349 const c14nOptions = {
346350 documentLoader,
347351 safe : true ,
@@ -355,13 +359,13 @@ function invalidHashProxy({
355359 // canonize and hash proof
356360 _canonizeProof ( proof , {
357361 document, cryptosuite, dataIntegrityProof, c14nOptions
358- } ) . then ( c14nProofOptions => sha512 ( {
362+ } ) . then ( c14nProofOptions => sha ( {
359363 algorithm,
360364 string : c14nProofOptions
361365 } ) ) ,
362366 // canonize and hash document
363367 cryptosuite . canonize ( document , c14nOptions ) . then (
364- c14nDocument => sha512 ( { algorithm, string : c14nDocument } ) )
368+ c14nDocument => sha ( { algorithm, string : c14nDocument } ) )
365369 ] ) ;
366370 // concatenate hash of c14n proof options and hash of c14n document
367371 return _concat ( proofHash , docHash ) ;
@@ -381,8 +385,8 @@ function _concat(b1, b2) {
381385 return rval ;
382386}
383387
384- export async function sha512 ( { string} ) {
385- return new Uint8Array ( crypto . createHash ( 'sha512' ) . update ( string ) . digest ( ) ) ;
388+ export async function sha ( { algorithm , string} ) {
389+ return new Uint8Array ( crypto . createHash ( algorithm ) . update ( string ) . digest ( ) ) ;
386390}
387391
388392async function _canonizeProof ( proof , {
0 commit comments