@naughtbot/e2ee-payloads 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/schema.d.ts +29 -2
- package/dist/schema.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/index.test.ts +85 -1
- package/src/schema.ts +29 -2
package/dist/schema.d.ts
CHANGED
|
@@ -305,7 +305,7 @@ export interface components {
|
|
|
305
305
|
MailboxSshAuthResponsePayloadV1: components["schemas"]["MailboxSshAuthResponseSuccessV1"] | components["schemas"]["MailboxSshAuthResponseFailureV1"];
|
|
306
306
|
/**
|
|
307
307
|
* MailboxSshAuthResponseSuccessV1
|
|
308
|
-
* @description Success branch of `MailboxSshAuthResponsePayloadV1`.
|
|
308
|
+
* @description Success branch of `MailboxSshAuthResponsePayloadV1`. Carries the raw SSH signature plus the per-signature SK assertion flags byte and monotonic counter the signer's secure element returned for this signing operation; all three are required so the requester can rebuild the OpenSSH SK signature preimage (`SHA256(application) || flags || counter || SHA256(data)`) and verify against the enrolled credential public key.
|
|
309
309
|
*/
|
|
310
310
|
MailboxSshAuthResponseSuccessV1: {
|
|
311
311
|
/**
|
|
@@ -313,6 +313,17 @@ export interface components {
|
|
|
313
313
|
* @description RFC 4648 standard base64 with `=` padding for the raw SSH signature blob (no SSH-wire framing).
|
|
314
314
|
*/
|
|
315
315
|
signature: string;
|
|
316
|
+
/**
|
|
317
|
+
* @description Per-signature SK assertion flags byte the signer's secure element actually asserted with. Approvers MUST either (a) assert with at least the bits the request `flags` byte asked for (UP=0x01, UV=0x04) and return the resulting byte here, or (b) return a `MailboxSshAuthResponseFailureV1` / `MailboxSshSignResponseFailureV1` with the appropriate signing error code. Approvers MUST NOT return a success response whose asserted flags byte clears bits the requester set; that would silently downgrade the security posture (e.g. UV-required → UP-only) below what the request agreed to. Receivers MUST embed this asserted byte at the `flags` position of the OpenSSH SK signature preimage; verification fails if the request `flags` byte is used instead. Receivers SHOULD additionally verify that every bit set in the request `flags` byte is also set here as belt-and-suspenders defence against a misbehaving approver.
|
|
318
|
+
* @example 1
|
|
319
|
+
*/
|
|
320
|
+
flags: number;
|
|
321
|
+
/**
|
|
322
|
+
* Format: int64
|
|
323
|
+
* @description Monotonic counter (u32) the signer's secure element returned for this SK signing operation. Receivers MUST embed this in the OpenSSH SK signature preimage at the position between `flags` and `SHA256(data)` as a 4-byte big-endian unsigned integer. Successive signatures from the same key handle MUST have strictly increasing counter values. The schema declares `format: int64` so 32-bit Go targets can still represent the full u32 range without overflow.
|
|
324
|
+
* @example 1
|
|
325
|
+
*/
|
|
326
|
+
counter: number;
|
|
316
327
|
approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
|
|
317
328
|
};
|
|
318
329
|
/**
|
|
@@ -368,7 +379,7 @@ export interface components {
|
|
|
368
379
|
MailboxSshSignResponsePayloadV1: components["schemas"]["MailboxSshSignResponseSuccessV1"] | components["schemas"]["MailboxSshSignResponseFailureV1"];
|
|
369
380
|
/**
|
|
370
381
|
* MailboxSshSignResponseSuccessV1
|
|
371
|
-
* @description Success branch of `MailboxSshSignResponsePayloadV1`.
|
|
382
|
+
* @description Success branch of `MailboxSshSignResponsePayloadV1`. Carries the raw SSH signature plus the per-signature SK assertion flags byte and monotonic counter the signer's secure element returned for this signing operation; all three are required so the requester can rebuild the OpenSSH SK signature preimage (`SHA256(application) || flags || counter || SHA256(data)`) and verify against the enrolled credential public key.
|
|
372
383
|
*/
|
|
373
384
|
MailboxSshSignResponseSuccessV1: {
|
|
374
385
|
/**
|
|
@@ -376,6 +387,17 @@ export interface components {
|
|
|
376
387
|
* @description RFC 4648 standard base64 with `=` padding for the raw SSH signature blob (no SSH-wire framing).
|
|
377
388
|
*/
|
|
378
389
|
signature: string;
|
|
390
|
+
/**
|
|
391
|
+
* @description Per-signature SK assertion flags byte the signer's secure element actually asserted with. Approvers MUST either (a) assert with at least the bits the request `flags` byte asked for (UP=0x01, UV=0x04) and return the resulting byte here, or (b) return a `MailboxSshAuthResponseFailureV1` / `MailboxSshSignResponseFailureV1` with the appropriate signing error code. Approvers MUST NOT return a success response whose asserted flags byte clears bits the requester set; that would silently downgrade the security posture (e.g. UV-required → UP-only) below what the request agreed to. Receivers MUST embed this asserted byte at the `flags` position of the OpenSSH SK signature preimage; verification fails if the request `flags` byte is used instead. Receivers SHOULD additionally verify that every bit set in the request `flags` byte is also set here as belt-and-suspenders defence against a misbehaving approver.
|
|
392
|
+
* @example 1
|
|
393
|
+
*/
|
|
394
|
+
flags: number;
|
|
395
|
+
/**
|
|
396
|
+
* Format: int64
|
|
397
|
+
* @description Monotonic counter (u32) the signer's secure element returned for this SK signing operation. Receivers MUST embed this in the OpenSSH SK signature preimage at the position between `flags` and `SHA256(data)` as a 4-byte big-endian unsigned integer. Successive signatures from the same key handle MUST have strictly increasing counter values. The schema declares `format: int64` so 32-bit Go targets can still represent the full u32 range without overflow.
|
|
398
|
+
* @example 1
|
|
399
|
+
*/
|
|
400
|
+
counter: number;
|
|
379
401
|
approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
|
|
380
402
|
};
|
|
381
403
|
/**
|
|
@@ -778,6 +800,11 @@ export interface components {
|
|
|
778
800
|
encryption_public_key_hex?: string;
|
|
779
801
|
/** @description 40-character hex fingerprint of the ECDH encryption subkey. */
|
|
780
802
|
encryption_fingerprint?: string;
|
|
803
|
+
/**
|
|
804
|
+
* @description Per-credential SSH-SK flags byte the approver baked into a newly enrolled SSH security-key credential. **MUST be present when `purpose` is the SSH signing purpose; absent for all other key purposes.** (The schema cannot express that conditional requirement directly because `MailboxEnrollResponseApprovedV1` is a single monolithic shape with per-type-optional fields like `fingerprint` / `encryption_public_key_hex`; requesters MUST reject SSH-purpose approved responses that omit this field.) The requester MUST persist this byte alongside the credential public key and use it as the request `flags` input on every subsequent `ssh_auth` / `ssh_sign` call. The approver echoes the actual per-signature assertion flags byte back in the success response (see `MailboxSshAuthResponseSuccessV1.flags`); that asserted byte (which MAY differ from this enrollment flags byte when, e.g., the SK could not deliver user verification) is what the requester MUST embed into the OpenSSH SK signature preimage `SHA256(application) || flags || counter || SHA256(data)`. Bit `0x01` is "user presence required" and `0x04` is "user verification required" per the OpenSSH SK protocol.
|
|
805
|
+
* @example 1
|
|
806
|
+
*/
|
|
807
|
+
ssh_sk_flags?: number;
|
|
781
808
|
attestation?: components["schemas"]["KeyMetadataAttestation"];
|
|
782
809
|
approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
|
|
783
810
|
};
|
package/dist/schema.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1C,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC7C,MAAM,WAAW,UAAU;IACvB,OAAO,EAAE;QACL;;;WAGG;QACH,iBAAiB,EAAE;YACf;;;eAGG;YACH,CAAC,EAAE,CAAC,CAAC;YACL;;;eAGG;YACH,IAAI,EAAE,MAAM,CAAC;YACb;;;eAGG;YACH,EAAE,EAAE,MAAM,CAAC;YACX;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,mPAAmP;YACnP,OAAO,EAAE;gBACL,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;aAC1B,CAAC;SACL,CAAC;QACF;;;;;WAKG;QACH,mBAAmB,EAAE,cAAc,GAAG,eAAe,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,GAAG,UAAU,GAAG,aAAa,GAAG,YAAY,GAAG,aAAa,GAAG,eAAe,GAAG,QAAQ,CAAC;QACrO;;;WAGG;QACH,iBAAiB,EAAE;YACf;;;eAGG;YACH,OAAO,EAAE,uBAAuB,CAAC;YACjC,uFAAuF;YACvF,KAAK,EAAE,MAAM,CAAC;YACd,oEAAoE;YACpE,UAAU,EAAE,MAAM,CAAC;YACnB,0FAA0F;YAC1F,cAAc,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,sBAAsB,EAAE;YACpB,0HAA0H;YAC1H,qBAAqB,EAAE,MAAM,CAAC;YAC9B,oFAAoF;YACpF,eAAe,EAAE,MAAM,CAAC;YACxB;;;eAGG;YACH,cAAc,EAAE,MAAM,CAAC;YACvB;;;eAGG;YACH,GAAG,EAAE,MAAM,CAAC;YACZ,oFAAoF;YACpF,mBAAmB,EAAE,MAAM,CAAC;YAC5B,uFAAuF;YACvF,iBAAiB,EAAE,MAAM,CAAC;YAC1B,gGAAgG;YAChG,iBAAiB,EAAE,MAAM,CAAC;SAC7B,CAAC;QACF;;;WAGG;QACH,qBAAqB,EAAE;YACnB;;;eAGG;YACH,OAAO,EAAE,yBAAyB,CAAC;YACnC;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;SACrB,CAAC;QACF;;;WAGG;QACH,wBAAwB,EAAE;YACtB;;;eAGG;YACH,OAAO,EAAE,gCAAgC,CAAC;YAC1C,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YACtD,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,wBAAwB,CAAC,CAAC;YAC3D,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC5D;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;;WAIG;QACH,uBAAuB,EAAE,oBAAoB,GAAG,aAAa,GAAG,mBAAmB,GAAG,UAAU,GAAG,gBAAgB,CAAC;QACpH;;;WAGG;QACH,sBAAsB,EAAE;YACpB,6JAA6J;YAC7J,cAAc,EAAE,MAAM,CAAC;YACvB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,gBAAgB,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,yBAAyB,CAAC,CAAC;YACnE;;;eAGG;YACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,qBAAqB,EAAE,MAAM,CAAC;YAC9B,qHAAqH;YACrH,0BAA0B,CAAC,EAAE,MAAM,CAAC;SACvC,CAAC;QACF;;;;;WAKG;QACH,gBAAgB,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxC;;;;;WAKG;QACH,UAAU,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;QAClC;;;WAGG;QACH,YAAY,EAAE;YACV;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB;;;eAGG;YACH,UAAU,CAAC,EAAE,OAAO,CAAC;YACrB;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB,6DAA6D;YAC7D,IAAI,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;WAGG;QACH,aAAa,EAAE;YACX;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd,4DAA4D;YAC5D,aAAa,CAAC,EAAE,MAAM,CAAC;YACvB,qDAAqD;YACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,uCAAuC;YACvC,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;SACnD,CAAC;QACF;;;WAGG;QACH,YAAY,EAAE;YACV;;;eAGG;YACH,GAAG,EAAE,MAAM,CAAC;YACZ,iDAAiD;YACjD,QAAQ,EAAE,MAAM,CAAC;YACjB,gDAAgD;YAChD,OAAO,EAAE,MAAM,CAAC;SACnB,CAAC;QACF;;;WAGG;QACH,UAAU,EAAE;YACR,4CAA4C;YAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,6CAA6C;YAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,wDAAwD;YACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,wDAAwD;YACxD,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,0EAA0E;YAC1E,aAAa,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;SAC3D,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;eAKG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,2IAA2I;YAC3I,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;eAKG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,2IAA2I;YAC3I,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,iBAAiB,EAAE,MAAM,CAAC;YAC1B,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,cAAc,EAAE,MAAM,CAAC;YACvB,KAAK,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,WAAW,CAAC,CAAC;YAC1C;;;eAGG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;QAC9J;;;WAGG;QACH,kCAAkC,EAAE;YAChC;;;;eAIG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB;;;;eAIG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE;YAChC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,SAAS,EAAE;YACP;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB;;;;eAIG;YACH,MAAM,EAAE,MAAM,CAAC;YACf;;;;eAIG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;;eAIG;YACH,eAAe,EAAE,MAAM,CAAC;YACxB;;;;eAIG;YACH,WAAW,EAAE,MAAM,CAAC;SACvB,CAAC;QACF;;;WAGG;QACH,gCAAgC,EAAE;YAC9B;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;;eAIG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;QAC3J;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB,6GAA6G;YAC7G,aAAa,EAAE,MAAM,CAAC;YACtB,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;QAC9J;;;WAGG;QACH,kCAAkC,EAAE;YAChC;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE;YAChC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,mCAAmC,EAAE;YACjC;;;eAGG;YACH,eAAe,EAAE,MAAM,CAAC;YACxB,0GAA0G;YAC1G,aAAa,EAAE,MAAM,CAAC;YACtB,GAAG,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uBAAuB,CAAC,CAAC;YACrD,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,oCAAoC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;QACpK;;;WAGG;QACH,oCAAoC,EAAE;YAClC;;;;eAIG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,oCAAoC,EAAE;YAClC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,qBAAqB,EAAE;YACnB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;;eAIG;YACH,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB;;;eAGG;YACH,IAAI,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;WAGG;QACH,6BAA6B,EAAE;YAC3B,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;YAC7C;;;eAGG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf;;;eAGG;YACH,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;YAChC,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACpJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,MAAM,EAAE,UAAU,CAAC;YACnB;;;eAGG;YACH,EAAE,EAAE,MAAM,CAAC;YACX,6IAA6I;YAC7I,cAAc,EAAE,MAAM,CAAC;YACvB,qJAAqJ;YACrJ,aAAa,EAAE,MAAM,CAAC;YACtB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,gEAAgE;YAChE,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;eAIG;YACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;YAChC;;;eAGG;YACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B;;;eAGG;YACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;YAC1B,4HAA4H;YAC5H,yBAAyB,CAAC,EAAE,MAAM,CAAC;YACnC,+EAA+E;YAC/E,sBAAsB,CAAC,EAAE,MAAM,CAAC;YAChC,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,wBAAwB,CAAC,CAAC;YAC9D,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,MAAM,EAAE,UAAU,CAAC;YACnB,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;KACL,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;IACjB,UAAU,EAAE,KAAK,CAAC;IAClB,aAAa,EAAE,KAAK,CAAC;IACrB,OAAO,EAAE,KAAK,CAAC;IACf,SAAS,EAAE,KAAK,CAAC;CACpB;AACD,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1C,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1C,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC7C,MAAM,WAAW,UAAU;IACvB,OAAO,EAAE;QACL;;;WAGG;QACH,iBAAiB,EAAE;YACf;;;eAGG;YACH,CAAC,EAAE,CAAC,CAAC;YACL;;;eAGG;YACH,IAAI,EAAE,MAAM,CAAC;YACb;;;eAGG;YACH,EAAE,EAAE,MAAM,CAAC;YACX;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,mPAAmP;YACnP,OAAO,EAAE;gBACL,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;aAC1B,CAAC;SACL,CAAC;QACF;;;;;WAKG;QACH,mBAAmB,EAAE,cAAc,GAAG,eAAe,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,GAAG,UAAU,GAAG,aAAa,GAAG,YAAY,GAAG,aAAa,GAAG,eAAe,GAAG,QAAQ,CAAC;QACrO;;;WAGG;QACH,iBAAiB,EAAE;YACf;;;eAGG;YACH,OAAO,EAAE,uBAAuB,CAAC;YACjC,uFAAuF;YACvF,KAAK,EAAE,MAAM,CAAC;YACd,oEAAoE;YACpE,UAAU,EAAE,MAAM,CAAC;YACnB,0FAA0F;YAC1F,cAAc,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,sBAAsB,EAAE;YACpB,0HAA0H;YAC1H,qBAAqB,EAAE,MAAM,CAAC;YAC9B,oFAAoF;YACpF,eAAe,EAAE,MAAM,CAAC;YACxB;;;eAGG;YACH,cAAc,EAAE,MAAM,CAAC;YACvB;;;eAGG;YACH,GAAG,EAAE,MAAM,CAAC;YACZ,oFAAoF;YACpF,mBAAmB,EAAE,MAAM,CAAC;YAC5B,uFAAuF;YACvF,iBAAiB,EAAE,MAAM,CAAC;YAC1B,gGAAgG;YAChG,iBAAiB,EAAE,MAAM,CAAC;SAC7B,CAAC;QACF;;;WAGG;QACH,qBAAqB,EAAE;YACnB;;;eAGG;YACH,OAAO,EAAE,yBAAyB,CAAC;YACnC;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;SACrB,CAAC;QACF;;;WAGG;QACH,wBAAwB,EAAE;YACtB;;;eAGG;YACH,OAAO,EAAE,gCAAgC,CAAC;YAC1C,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YACtD,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,wBAAwB,CAAC,CAAC;YAC3D,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC5D;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;;WAIG;QACH,uBAAuB,EAAE,oBAAoB,GAAG,aAAa,GAAG,mBAAmB,GAAG,UAAU,GAAG,gBAAgB,CAAC;QACpH;;;WAGG;QACH,sBAAsB,EAAE;YACpB,6JAA6J;YAC7J,cAAc,EAAE,MAAM,CAAC;YACvB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,gBAAgB,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,yBAAyB,CAAC,CAAC;YACnE;;;eAGG;YACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,qBAAqB,EAAE,MAAM,CAAC;YAC9B,qHAAqH;YACrH,0BAA0B,CAAC,EAAE,MAAM,CAAC;SACvC,CAAC;QACF;;;;;WAKG;QACH,gBAAgB,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxC;;;;;WAKG;QACH,UAAU,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;QAClC;;;WAGG;QACH,YAAY,EAAE;YACV;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB;;;eAGG;YACH,UAAU,CAAC,EAAE,OAAO,CAAC;YACrB;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB,6DAA6D;YAC7D,IAAI,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;WAGG;QACH,aAAa,EAAE;YACX;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd,4DAA4D;YAC5D,aAAa,CAAC,EAAE,MAAM,CAAC;YACvB,qDAAqD;YACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,uCAAuC;YACvC,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;SACnD,CAAC;QACF;;;WAGG;QACH,YAAY,EAAE;YACV;;;eAGG;YACH,GAAG,EAAE,MAAM,CAAC;YACZ,iDAAiD;YACjD,QAAQ,EAAE,MAAM,CAAC;YACjB,gDAAgD;YAChD,OAAO,EAAE,MAAM,CAAC;SACnB,CAAC;QACF;;;WAGG;QACH,UAAU,EAAE;YACR,4CAA4C;YAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,6CAA6C;YAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,wDAAwD;YACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,wDAAwD;YACxD,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,0EAA0E;YAC1E,aAAa,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;SAC3D,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;eAKG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,2IAA2I;YAC3I,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;eAKG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,2IAA2I;YAC3I,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,iBAAiB,EAAE,MAAM,CAAC;YAC1B,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,cAAc,EAAE,MAAM,CAAC;YACvB,KAAK,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,WAAW,CAAC,CAAC;YAC1C;;;eAGG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;QAC9J;;;WAGG;QACH,kCAAkC,EAAE;YAChC;;;;eAIG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB;;;;eAIG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE;YAChC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,SAAS,EAAE;YACP;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB;;;;eAIG;YACH,MAAM,EAAE,MAAM,CAAC;YACf;;;;eAIG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;;eAIG;YACH,eAAe,EAAE,MAAM,CAAC;YACxB;;;;eAIG;YACH,WAAW,EAAE,MAAM,CAAC;SACvB,CAAC;QACF;;;WAGG;QACH,gCAAgC,EAAE;YAC9B;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;;eAIG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;QAC3J;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB,6GAA6G;YAC7G,aAAa,EAAE,MAAM,CAAC;YACtB,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;QAC9J;;;WAGG;QACH,kCAAkC,EAAE;YAChC;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE;YAChC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,mCAAmC,EAAE;YACjC;;;eAGG;YACH,eAAe,EAAE,MAAM,CAAC;YACxB,0GAA0G;YAC1G,aAAa,EAAE,MAAM,CAAC;YACtB,GAAG,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uBAAuB,CAAC,CAAC;YACrD,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,oCAAoC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;QACpK;;;WAGG;QACH,oCAAoC,EAAE;YAClC;;;;eAIG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,oCAAoC,EAAE;YAClC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,qBAAqB,EAAE;YACnB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;;eAIG;YACH,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB;;;eAGG;YACH,IAAI,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;WAGG;QACH,6BAA6B,EAAE;YAC3B,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;YAC7C;;;eAGG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf;;;eAGG;YACH,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;YAChC,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACpJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,MAAM,EAAE,UAAU,CAAC;YACnB;;;eAGG;YACH,EAAE,EAAE,MAAM,CAAC;YACX,6IAA6I;YAC7I,cAAc,EAAE,MAAM,CAAC;YACvB,qJAAqJ;YACrJ,aAAa,EAAE,MAAM,CAAC;YACtB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,gEAAgE;YAChE,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;eAIG;YACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;YAChC;;;eAGG;YACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B;;;eAGG;YACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;YAC1B,4HAA4H;YAC5H,yBAAyB,CAAC,EAAE,MAAM,CAAC;YACnC,+EAA+E;YAC/E,sBAAsB,CAAC,EAAE,MAAM,CAAC;YAChC;;;eAGG;YACH,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,wBAAwB,CAAC,CAAC;YAC9D,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,MAAM,EAAE,UAAU,CAAC;YACnB,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;KACL,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;IACjB,UAAU,EAAE,KAAK,CAAC;IAClB,aAAa,EAAE,KAAK,CAAC;IACrB,OAAO,EAAE,KAAK,CAAC;IACf,SAAS,EAAE,KAAK,CAAC;CACpB;AACD,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1C,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC"}
|
package/package.json
CHANGED
package/src/index.test.ts
CHANGED
|
@@ -6,11 +6,14 @@ import { describe, it } from "node:test";
|
|
|
6
6
|
|
|
7
7
|
import type {
|
|
8
8
|
MailboxAgeUnwrapRequestPayloadV1,
|
|
9
|
+
MailboxEnrollResponseApprovedV1,
|
|
9
10
|
MailboxEnrollResponsePayloadV1,
|
|
10
11
|
MailboxEnvelopeV1,
|
|
11
12
|
MailboxGpgDecryptResponseSuccessV1,
|
|
13
|
+
MailboxSshAuthResponseSuccessV1,
|
|
12
14
|
MailboxSshSignRequestPayloadV1,
|
|
13
15
|
MailboxSshSignResponsePayloadV1,
|
|
16
|
+
MailboxSshSignResponseSuccessV1,
|
|
14
17
|
} from "./index.ts";
|
|
15
18
|
|
|
16
19
|
describe("MailboxEnvelopeV1", () => {
|
|
@@ -62,9 +65,11 @@ describe("MailboxSshSignRequestPayloadV1", () => {
|
|
|
62
65
|
|
|
63
66
|
describe("MailboxSshSignResponsePayloadV1", () => {
|
|
64
67
|
it("decodes success branch by structural narrowing", () => {
|
|
65
|
-
const json = '{"signature":"YWJj"}';
|
|
68
|
+
const json = '{"signature":"YWJj","flags":1,"counter":7}';
|
|
66
69
|
const resp = JSON.parse(json) as MailboxSshSignResponsePayloadV1;
|
|
67
70
|
assert.ok("signature" in resp && resp.signature !== undefined);
|
|
71
|
+
assert.ok("flags" in resp && resp.flags === 1);
|
|
72
|
+
assert.ok("counter" in resp && resp.counter === 7);
|
|
68
73
|
assert.ok(!("error_code" in resp) || resp.error_code === undefined);
|
|
69
74
|
});
|
|
70
75
|
|
|
@@ -75,6 +80,52 @@ describe("MailboxSshSignResponsePayloadV1", () => {
|
|
|
75
80
|
});
|
|
76
81
|
});
|
|
77
82
|
|
|
83
|
+
// Regression test for NaughtBot/e2ee-payloads#17. The SK monotonic counter
|
|
84
|
+
// and per-signature flags byte are now required on both `ssh_auth` and
|
|
85
|
+
// `ssh_sign` success branches. The compile-time bindings below also pin
|
|
86
|
+
// that `counter` and `flags` are required (a regression that makes either
|
|
87
|
+
// optional turns this file into a `tsc` error).
|
|
88
|
+
describe("SSH-SK counter + flags (issue #17)", () => {
|
|
89
|
+
it("requires counter + flags on MailboxSshAuthResponseSuccessV1", () => {
|
|
90
|
+
const success: MailboxSshAuthResponseSuccessV1 = {
|
|
91
|
+
signature: "YWJj",
|
|
92
|
+
flags: 1,
|
|
93
|
+
counter: 7,
|
|
94
|
+
};
|
|
95
|
+
const parsed = JSON.parse(
|
|
96
|
+
JSON.stringify(success),
|
|
97
|
+
) as MailboxSshAuthResponseSuccessV1;
|
|
98
|
+
assert.equal(parsed.counter, 7);
|
|
99
|
+
assert.equal(parsed.flags, 1);
|
|
100
|
+
assert.equal(parsed.signature, "YWJj");
|
|
101
|
+
|
|
102
|
+
// u32 max counter + u8 max flags round-trip without overflow.
|
|
103
|
+
const maxBoundary: MailboxSshAuthResponseSuccessV1 = {
|
|
104
|
+
signature: "YWJj",
|
|
105
|
+
flags: 255,
|
|
106
|
+
counter: 4294967295,
|
|
107
|
+
};
|
|
108
|
+
const parsedMax = JSON.parse(
|
|
109
|
+
JSON.stringify(maxBoundary),
|
|
110
|
+
) as MailboxSshAuthResponseSuccessV1;
|
|
111
|
+
assert.equal(parsedMax.counter, 4294967295);
|
|
112
|
+
assert.equal(parsedMax.flags, 255);
|
|
113
|
+
});
|
|
114
|
+
|
|
115
|
+
it("requires counter + flags on MailboxSshSignResponseSuccessV1", () => {
|
|
116
|
+
const success: MailboxSshSignResponseSuccessV1 = {
|
|
117
|
+
signature: "YWJj",
|
|
118
|
+
flags: 1,
|
|
119
|
+
counter: 42,
|
|
120
|
+
};
|
|
121
|
+
const parsed = JSON.parse(
|
|
122
|
+
JSON.stringify(success),
|
|
123
|
+
) as MailboxSshSignResponseSuccessV1;
|
|
124
|
+
assert.equal(parsed.counter, 42);
|
|
125
|
+
assert.equal(parsed.flags, 1);
|
|
126
|
+
});
|
|
127
|
+
});
|
|
128
|
+
|
|
78
129
|
describe("MailboxGpgDecryptResponseSuccessV1", () => {
|
|
79
130
|
it("requires both session_key and algorithm on success", () => {
|
|
80
131
|
// Bind to the success branch directly so the compile-time check is
|
|
@@ -133,4 +184,37 @@ describe("MailboxEnrollResponsePayloadV1", () => {
|
|
|
133
184
|
assert.equal(rejected.error_code, 1);
|
|
134
185
|
}
|
|
135
186
|
});
|
|
187
|
+
|
|
188
|
+
// Regression test for NaughtBot/e2ee-payloads#17. The per-credential
|
|
189
|
+
// SSH-SK flags byte must be carried back to the requester on approved
|
|
190
|
+
// SSH-SK enrollments so the requester can rebuild the OpenSSH SK
|
|
191
|
+
// signature preimage on every subsequent `ssh_auth` / `ssh_sign` call.
|
|
192
|
+
it("round-trips per-credential ssh_sk_flags on SSH-SK enrollments", () => {
|
|
193
|
+
const approved: MailboxEnrollResponseApprovedV1 = {
|
|
194
|
+
status: "approved",
|
|
195
|
+
id: "550e8400-e29b-41d4-a716-446655440000",
|
|
196
|
+
public_key_hex:
|
|
197
|
+
"02a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
|
|
198
|
+
device_key_id: "dev-1",
|
|
199
|
+
algorithm: "ed25519",
|
|
200
|
+
ssh_sk_flags: 5, // 0x05 = user presence + user verification
|
|
201
|
+
};
|
|
202
|
+
const json = JSON.stringify(approved);
|
|
203
|
+
assert.ok(json.includes('"ssh_sk_flags":5'));
|
|
204
|
+
const parsed = JSON.parse(json) as MailboxEnrollResponseApprovedV1;
|
|
205
|
+
assert.equal(parsed.ssh_sk_flags, 5);
|
|
206
|
+
|
|
207
|
+
// Non-SSH enrollments omit the field; verify the surface stays
|
|
208
|
+
// optional (a regression that makes it required turns this into a
|
|
209
|
+
// `tsc` error rather than a silent on-the-wire change).
|
|
210
|
+
const noFlags: MailboxEnrollResponseApprovedV1 = {
|
|
211
|
+
status: "approved",
|
|
212
|
+
id: "550e8400-e29b-41d4-a716-446655440000",
|
|
213
|
+
public_key_hex:
|
|
214
|
+
"02a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
|
|
215
|
+
device_key_id: "dev-1",
|
|
216
|
+
algorithm: "ed25519",
|
|
217
|
+
};
|
|
218
|
+
assert.ok(!JSON.stringify(noFlags).includes("ssh_sk_flags"));
|
|
219
|
+
});
|
|
136
220
|
});
|
package/src/schema.ts
CHANGED
|
@@ -306,7 +306,7 @@ export interface components {
|
|
|
306
306
|
MailboxSshAuthResponsePayloadV1: components["schemas"]["MailboxSshAuthResponseSuccessV1"] | components["schemas"]["MailboxSshAuthResponseFailureV1"];
|
|
307
307
|
/**
|
|
308
308
|
* MailboxSshAuthResponseSuccessV1
|
|
309
|
-
* @description Success branch of `MailboxSshAuthResponsePayloadV1`.
|
|
309
|
+
* @description Success branch of `MailboxSshAuthResponsePayloadV1`. Carries the raw SSH signature plus the per-signature SK assertion flags byte and monotonic counter the signer's secure element returned for this signing operation; all three are required so the requester can rebuild the OpenSSH SK signature preimage (`SHA256(application) || flags || counter || SHA256(data)`) and verify against the enrolled credential public key.
|
|
310
310
|
*/
|
|
311
311
|
MailboxSshAuthResponseSuccessV1: {
|
|
312
312
|
/**
|
|
@@ -314,6 +314,17 @@ export interface components {
|
|
|
314
314
|
* @description RFC 4648 standard base64 with `=` padding for the raw SSH signature blob (no SSH-wire framing).
|
|
315
315
|
*/
|
|
316
316
|
signature: string;
|
|
317
|
+
/**
|
|
318
|
+
* @description Per-signature SK assertion flags byte the signer's secure element actually asserted with. Approvers MUST either (a) assert with at least the bits the request `flags` byte asked for (UP=0x01, UV=0x04) and return the resulting byte here, or (b) return a `MailboxSshAuthResponseFailureV1` / `MailboxSshSignResponseFailureV1` with the appropriate signing error code. Approvers MUST NOT return a success response whose asserted flags byte clears bits the requester set; that would silently downgrade the security posture (e.g. UV-required → UP-only) below what the request agreed to. Receivers MUST embed this asserted byte at the `flags` position of the OpenSSH SK signature preimage; verification fails if the request `flags` byte is used instead. Receivers SHOULD additionally verify that every bit set in the request `flags` byte is also set here as belt-and-suspenders defence against a misbehaving approver.
|
|
319
|
+
* @example 1
|
|
320
|
+
*/
|
|
321
|
+
flags: number;
|
|
322
|
+
/**
|
|
323
|
+
* Format: int64
|
|
324
|
+
* @description Monotonic counter (u32) the signer's secure element returned for this SK signing operation. Receivers MUST embed this in the OpenSSH SK signature preimage at the position between `flags` and `SHA256(data)` as a 4-byte big-endian unsigned integer. Successive signatures from the same key handle MUST have strictly increasing counter values. The schema declares `format: int64` so 32-bit Go targets can still represent the full u32 range without overflow.
|
|
325
|
+
* @example 1
|
|
326
|
+
*/
|
|
327
|
+
counter: number;
|
|
317
328
|
approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
|
|
318
329
|
};
|
|
319
330
|
/**
|
|
@@ -369,7 +380,7 @@ export interface components {
|
|
|
369
380
|
MailboxSshSignResponsePayloadV1: components["schemas"]["MailboxSshSignResponseSuccessV1"] | components["schemas"]["MailboxSshSignResponseFailureV1"];
|
|
370
381
|
/**
|
|
371
382
|
* MailboxSshSignResponseSuccessV1
|
|
372
|
-
* @description Success branch of `MailboxSshSignResponsePayloadV1`.
|
|
383
|
+
* @description Success branch of `MailboxSshSignResponsePayloadV1`. Carries the raw SSH signature plus the per-signature SK assertion flags byte and monotonic counter the signer's secure element returned for this signing operation; all three are required so the requester can rebuild the OpenSSH SK signature preimage (`SHA256(application) || flags || counter || SHA256(data)`) and verify against the enrolled credential public key.
|
|
373
384
|
*/
|
|
374
385
|
MailboxSshSignResponseSuccessV1: {
|
|
375
386
|
/**
|
|
@@ -377,6 +388,17 @@ export interface components {
|
|
|
377
388
|
* @description RFC 4648 standard base64 with `=` padding for the raw SSH signature blob (no SSH-wire framing).
|
|
378
389
|
*/
|
|
379
390
|
signature: string;
|
|
391
|
+
/**
|
|
392
|
+
* @description Per-signature SK assertion flags byte the signer's secure element actually asserted with. Approvers MUST either (a) assert with at least the bits the request `flags` byte asked for (UP=0x01, UV=0x04) and return the resulting byte here, or (b) return a `MailboxSshAuthResponseFailureV1` / `MailboxSshSignResponseFailureV1` with the appropriate signing error code. Approvers MUST NOT return a success response whose asserted flags byte clears bits the requester set; that would silently downgrade the security posture (e.g. UV-required → UP-only) below what the request agreed to. Receivers MUST embed this asserted byte at the `flags` position of the OpenSSH SK signature preimage; verification fails if the request `flags` byte is used instead. Receivers SHOULD additionally verify that every bit set in the request `flags` byte is also set here as belt-and-suspenders defence against a misbehaving approver.
|
|
393
|
+
* @example 1
|
|
394
|
+
*/
|
|
395
|
+
flags: number;
|
|
396
|
+
/**
|
|
397
|
+
* Format: int64
|
|
398
|
+
* @description Monotonic counter (u32) the signer's secure element returned for this SK signing operation. Receivers MUST embed this in the OpenSSH SK signature preimage at the position between `flags` and `SHA256(data)` as a 4-byte big-endian unsigned integer. Successive signatures from the same key handle MUST have strictly increasing counter values. The schema declares `format: int64` so 32-bit Go targets can still represent the full u32 range without overflow.
|
|
399
|
+
* @example 1
|
|
400
|
+
*/
|
|
401
|
+
counter: number;
|
|
380
402
|
approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
|
|
381
403
|
};
|
|
382
404
|
/**
|
|
@@ -779,6 +801,11 @@ export interface components {
|
|
|
779
801
|
encryption_public_key_hex?: string;
|
|
780
802
|
/** @description 40-character hex fingerprint of the ECDH encryption subkey. */
|
|
781
803
|
encryption_fingerprint?: string;
|
|
804
|
+
/**
|
|
805
|
+
* @description Per-credential SSH-SK flags byte the approver baked into a newly enrolled SSH security-key credential. **MUST be present when `purpose` is the SSH signing purpose; absent for all other key purposes.** (The schema cannot express that conditional requirement directly because `MailboxEnrollResponseApprovedV1` is a single monolithic shape with per-type-optional fields like `fingerprint` / `encryption_public_key_hex`; requesters MUST reject SSH-purpose approved responses that omit this field.) The requester MUST persist this byte alongside the credential public key and use it as the request `flags` input on every subsequent `ssh_auth` / `ssh_sign` call. The approver echoes the actual per-signature assertion flags byte back in the success response (see `MailboxSshAuthResponseSuccessV1.flags`); that asserted byte (which MAY differ from this enrollment flags byte when, e.g., the SK could not deliver user verification) is what the requester MUST embed into the OpenSSH SK signature preimage `SHA256(application) || flags || counter || SHA256(data)`. Bit `0x01` is "user presence required" and `0x04` is "user verification required" per the OpenSSH SK protocol.
|
|
806
|
+
* @example 1
|
|
807
|
+
*/
|
|
808
|
+
ssh_sk_flags?: number;
|
|
782
809
|
attestation?: components["schemas"]["KeyMetadataAttestation"];
|
|
783
810
|
approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
|
|
784
811
|
};
|