sneak
6386a0ec9f
Tests for the password-only decryption chain that follows a successful login (SRP or email OTP, with or without 2FA). The unwrap covers: password -> KEK (Argon2id) -> masterKey (secretbox) -> secretKey (secretbox) -> tokenBytes (sealed box) -> base64url token Each test builds a synthetic AuthorizationResponse using libsodium directly and asserts unwrapAuth recovers the inputs byte for byte. The test file also functions as the canonical description of the protocol. Adds src/auth/types.ts with KeyAttributes, SRPAttributes, AuthorizationResponse, and LoginChallenge declarations matching the README's API reference. src/auth/unwrap.ts is the throwing stub; the real implementation lands next.
9.2 KiB
9.2 KiB