sneak/quak
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 3a green: implement auth.unwrapAuth

Browse Source 
The implementation is exactly the decryption chain documented in the
test file: deriveKEK -> decryptBox(masterKey) -> decryptBox(secretKey)
-> decryptSealed(token) -> toBase64URL. Errors from the underlying
crypto primitives propagate; the only added validation is the up-front
check that the response actually contains both keyAttributes and
encryptedToken (caller bug if not).

Also re-exports the auth/unwrap and auth/types public surface from
src/index.ts.

All 38 tests pass; make check and make docker are green.
This commit is contained in:
Jeffrey Paul
2026-05-11 00:59:43 -07:00
parent 6386a0ec9f
commit 78fdabe54a
3 changed files with 64 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/index.ts
View File

@@ -1 +1,9 @@
export const VERSION = "0.0.0";
export { unwrapAuth, type UnwrapResult } from "./auth/unwrap.js";
export type {
AuthorizationResponse,
KeyAttributes,
LoginChallenge,
SRPAttributes,
} from "./auth/types.js";