packages/shade-core/tests/identity-rotation.test.ts

import { describe, test, expect } from 'bun:test';
import { SubtleCryptoProvider, MemoryStorage } from '@shade/crypto-web';
import { ShadeSessionManager, GRACE_PERIOD_MS } from '../src/index.js';

const crypto = new SubtleCryptoProvider();

describe('Identity rotation', () => {
  test('rotateIdentity generates new identity and archives old', async () => {
    const storage = new MemoryStorage();
    const mgr = new ShadeSessionManager(crypto, storage);
    await mgr.initialize();

    const oldFp = await mgr.getIdentityFingerprint();
    const oldPub = mgr.getPublicIdentity();

    await mgr.rotateIdentity();

    const newFp = await mgr.getIdentityFingerprint();
    const newPub = mgr.getPublicIdentity();

    // New identity should differ
    expect(newFp).not.toBe(oldFp);
    expect(newPub.signingKey).not.toEqual(oldPub.signingKey);
    expect(newPub.dhKey).not.toEqual(oldPub.dhKey);

    // Old identity is archived
    const retired = await storage.getRetiredIdentities();
    expect(retired.length).toBe(1);
    expect(retired[0].keyPair.signingPublicKey).toEqual(oldPub.signingKey);
  });

  test('rotation returns a new prekey bundle', async () => {
    const mgr = new ShadeSessionManager(crypto, new MemoryStorage());
    await mgr.initialize();

    const bundle = await mgr.rotateIdentity();
    expect(bundle.identitySigningKey.length).toBe(32);
    expect(bundle.identityDHKey.length).toBe(32);
    expect(bundle.signedPreKey.keyId).toBe(2); // advanced
    expect(bundle.signedPreKey.signature.length).toBe(64);
  });

  test('getActiveRetiredIdentities returns entries within grace period', async () => {
    const mgr = new ShadeSessionManager(crypto, new MemoryStorage());
    await mgr.initialize();

    await mgr.rotateIdentity();
    await mgr.rotateIdentity();

    const active = await mgr.getActiveRetiredIdentities();
    expect(active.length).toBe(2);
  });

  test('getActiveRetiredIdentities filters out expired entries', async () => {
    const storage = new MemoryStorage();
    const mgr = new ShadeSessionManager(crypto, storage);
    await mgr.initialize();

    // Manually add a very old retired identity
    await storage.addRetiredIdentity({
      keyPair: (await mgr.getPublicIdentity()) as any, // placeholder
      retiredAt: Date.now() - (GRACE_PERIOD_MS + 1000),
    });

    // And a fresh one
    await mgr.rotateIdentity();

    const active = await mgr.getActiveRetiredIdentities();
    expect(active.length).toBe(1);
  });

  test('pruneExpiredIdentities removes old entries', async () => {
    const storage = new MemoryStorage();
    const mgr = new ShadeSessionManager(crypto, storage);
    await mgr.initialize();

    // Rotate twice
    await mgr.rotateIdentity();
    await mgr.rotateIdentity();

    expect((await storage.getRetiredIdentities()).length).toBe(2);

    // Default grace period: nothing is expired yet
    await mgr.pruneExpiredIdentities();
    expect((await storage.getRetiredIdentities()).length).toBe(2);

    // Force prune with 0 grace → everything goes
    await mgr.pruneExpiredIdentities(0);
    expect((await storage.getRetiredIdentities()).length).toBe(0);
  });

  test('rotation persists across manager restart', async () => {
    const storage = new MemoryStorage();
    const mgr1 = new ShadeSessionManager(crypto, storage);
    await mgr1.initialize();
    await mgr1.rotateIdentity();
    const fp1 = await mgr1.getIdentityFingerprint();

    const mgr2 = new ShadeSessionManager(crypto, storage);
    await mgr2.initialize();
    const fp2 = await mgr2.getIdentityFingerprint();

    expect(fp1).toBe(fp2);
  });

  test('existing sessions survive identity rotation', async () => {
    // Set up Alice-Bob conversation
    const alice = new ShadeSessionManager(crypto, new MemoryStorage());
    const bob = new ShadeSessionManager(crypto, new MemoryStorage());
    await alice.initialize();
    await bob.initialize();

    const otpks = await bob.generateOneTimePreKeys(5);
    const bundle = await bob.createPreKeyBundle();
    bundle.oneTimePreKey = { keyId: otpks[0].keyId, publicKey: otpks[0].keyPair.publicKey };
    await alice.initSessionFromBundle('bob', bundle);

    // Exchange messages to establish bidirectional session
    const env1 = await alice.encrypt('bob', 'hello');
    expect(await bob.decrypt('alice', env1)).toBe('hello');
    const env2 = await bob.encrypt('alice', 'hi');
    expect(await alice.decrypt('bob', env2)).toBe('hi');

    // Alice rotates her identity — but her session with Bob should still work
    // because the Double Ratchet uses ephemeral DH keys, not identity keys
    await alice.rotateIdentity();

    const env3 = await alice.encrypt('bob', 'after rotation');
    expect(await bob.decrypt('alice', env3)).toBe('after rotation');
  });
});
feat(hardening): M-Hard 1-5 — crypto, auth, rate limit, fingerprints, rotation M-Hard 1: Cryptographic Hardening - constantTimeEqual, zeroize, randomUint32 on CryptoProvider - Fix Math.random() → crypto.randomUint32() for registrationId - Zero message keys and chain keys after use in ratchet.ts - Constant-time trust comparison in MemoryStorage + SQLiteStorage - Timing variance test catches early-exit regressions M-Hard 2: Self-Authenticated Prekey Server - Ed25519 signature verification on all write routes - signPayload/verifyPayload with canonical JSON, ±5 min replay window - Address validation (NFKC, alphanumeric + :_-.) - Global ShadeError → HTTP status mapping - ShadeFetchTransport signs requests when signingPrivateKey provided - Anonymous bundle fetches still allowed (read-only) M-Hard 3: Rate Limiting + DoS Protection - Token bucket rate limiter with pluggable store - Per-route limits: register 5/h/IP, fetch 60/min/IP, replenish 10/min/id - 64KB body size limit on POST - Retry-After header on 429 responses M-Hard 4: Auto-replenish + Fingerprints + Session Reset - Safety numbers (12 groups × 5 digits, Signal-style) - ensurePreKeyStock, resetSession, acceptIdentityChange - verifyRemoteIdentity for out-of-band comparison M-Hard 5: Identity Rotation with Grace Period - rotateIdentity archives old identity, generates fresh signed prekey - RetiredIdentity storage with addRetired/getRetired/pruneRetired - 7-day default grace period for decrypting old sessions - pruneExpiredIdentities for cleanup M-Hard 8: Error Hierarchy - New error types: Network, Storage, Validation, Timeout, RateLimit, Configuration, Unauthorized, Replay, IdentityRotation - All errors have stable SHADE_* codes - errorToHttpStatus for consistent HTTP mapping - toJSON() for network serialization 188 tests passing, zero failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-10 17:45:34 +02:00			`import { describe, test, expect } from 'bun:test';`
			`import { SubtleCryptoProvider, MemoryStorage } from '@shade/crypto-web';`
			`import { ShadeSessionManager, GRACE_PERIOD_MS } from '../src/index.js';`

			`const crypto = new SubtleCryptoProvider();`

			`describe('Identity rotation', () => {`
			`test('rotateIdentity generates new identity and archives old', async () => {`
			`const storage = new MemoryStorage();`
			`const mgr = new ShadeSessionManager(crypto, storage);`
			`await mgr.initialize();`

			`const oldFp = await mgr.getIdentityFingerprint();`
			`const oldPub = mgr.getPublicIdentity();`

			`await mgr.rotateIdentity();`

			`const newFp = await mgr.getIdentityFingerprint();`
			`const newPub = mgr.getPublicIdentity();`

			`// New identity should differ`
			`expect(newFp).not.toBe(oldFp);`
			`expect(newPub.signingKey).not.toEqual(oldPub.signingKey);`
			`expect(newPub.dhKey).not.toEqual(oldPub.dhKey);`

			`// Old identity is archived`
			`const retired = await storage.getRetiredIdentities();`
			`expect(retired.length).toBe(1);`
			`expect(retired[0].keyPair.signingPublicKey).toEqual(oldPub.signingKey);`
			`});`

			`test('rotation returns a new prekey bundle', async () => {`
			`const mgr = new ShadeSessionManager(crypto, new MemoryStorage());`
			`await mgr.initialize();`

			`const bundle = await mgr.rotateIdentity();`
			`expect(bundle.identitySigningKey.length).toBe(32);`
			`expect(bundle.identityDHKey.length).toBe(32);`
			`expect(bundle.signedPreKey.keyId).toBe(2); // advanced`
			`expect(bundle.signedPreKey.signature.length).toBe(64);`
			`});`

			`test('getActiveRetiredIdentities returns entries within grace period', async () => {`
			`const mgr = new ShadeSessionManager(crypto, new MemoryStorage());`
			`await mgr.initialize();`

			`await mgr.rotateIdentity();`
			`await mgr.rotateIdentity();`

			`const active = await mgr.getActiveRetiredIdentities();`
			`expect(active.length).toBe(2);`
			`});`

			`test('getActiveRetiredIdentities filters out expired entries', async () => {`
			`const storage = new MemoryStorage();`
			`const mgr = new ShadeSessionManager(crypto, storage);`
			`await mgr.initialize();`

			`// Manually add a very old retired identity`
			`await storage.addRetiredIdentity({`
			`keyPair: (await mgr.getPublicIdentity()) as any, // placeholder`
			`retiredAt: Date.now() - (GRACE_PERIOD_MS + 1000),`
			`});`

			`// And a fresh one`
			`await mgr.rotateIdentity();`

			`const active = await mgr.getActiveRetiredIdentities();`
			`expect(active.length).toBe(1);`
			`});`

			`test('pruneExpiredIdentities removes old entries', async () => {`
			`const storage = new MemoryStorage();`
			`const mgr = new ShadeSessionManager(crypto, storage);`
			`await mgr.initialize();`

			`// Rotate twice`
			`await mgr.rotateIdentity();`
			`await mgr.rotateIdentity();`

			`expect((await storage.getRetiredIdentities()).length).toBe(2);`

			`// Default grace period: nothing is expired yet`
			`await mgr.pruneExpiredIdentities();`
			`expect((await storage.getRetiredIdentities()).length).toBe(2);`

			`// Force prune with 0 grace → everything goes`
			`await mgr.pruneExpiredIdentities(0);`
			`expect((await storage.getRetiredIdentities()).length).toBe(0);`
			`});`

			`test('rotation persists across manager restart', async () => {`
			`const storage = new MemoryStorage();`
			`const mgr1 = new ShadeSessionManager(crypto, storage);`
			`await mgr1.initialize();`
			`await mgr1.rotateIdentity();`
			`const fp1 = await mgr1.getIdentityFingerprint();`

			`const mgr2 = new ShadeSessionManager(crypto, storage);`
			`await mgr2.initialize();`
			`const fp2 = await mgr2.getIdentityFingerprint();`

			`expect(fp1).toBe(fp2);`
			`});`

			`test('existing sessions survive identity rotation', async () => {`
			`// Set up Alice-Bob conversation`
			`const alice = new ShadeSessionManager(crypto, new MemoryStorage());`
			`const bob = new ShadeSessionManager(crypto, new MemoryStorage());`
			`await alice.initialize();`
			`await bob.initialize();`

			`const otpks = await bob.generateOneTimePreKeys(5);`
			`const bundle = await bob.createPreKeyBundle();`
			`bundle.oneTimePreKey = { keyId: otpks[0].keyId, publicKey: otpks[0].keyPair.publicKey };`
			`await alice.initSessionFromBundle('bob', bundle);`

			`// Exchange messages to establish bidirectional session`
			`const env1 = await alice.encrypt('bob', 'hello');`
			`expect(await bob.decrypt('alice', env1)).toBe('hello');`
			`const env2 = await bob.encrypt('alice', 'hi');`
			`expect(await alice.decrypt('bob', env2)).toBe('hi');`

			`// Alice rotates her identity — but her session with Bob should still work`
			`// because the Double Ratchet uses ephemeral DH keys, not identity keys`
			`await alice.rotateIdentity();`

			`const env3 = await alice.encrypt('bob', 'after rotation');`
			`expect(await bob.decrypt('alice', env3)).toBe('after rotation');`
			`});`
			`});`