import { describe, test, expect } from 'bun:test'; import { SubtleCryptoProvider } from '../src/provider.js'; import { constantTimeEqual } from '@shade/core'; const crypto = new SubtleCryptoProvider(); describe('Cryptographic Hardening', () => { // ─── constantTimeEqual ─────────────────────────────────── describe('constantTimeEqual', () => { test('equal arrays return true', () => { const a = new Uint8Array([1, 2, 3, 4, 5]); const b = new Uint8Array([1, 2, 3, 4, 5]); expect(crypto.constantTimeEqual(a, b)).toBe(true); }); test('unequal arrays return false', () => { const a = new Uint8Array([1, 2, 3, 4, 5]); const b = new Uint8Array([1, 2, 3, 4, 6]); expect(crypto.constantTimeEqual(a, b)).toBe(false); }); test('different lengths return false', () => { const a = new Uint8Array([1, 2, 3]); const b = new Uint8Array([1, 2, 3, 4]); expect(crypto.constantTimeEqual(a, b)).toBe(false); }); test('empty arrays are equal', () => { expect(crypto.constantTimeEqual(new Uint8Array(0), new Uint8Array(0))).toBe(true); }); test('works on full 32-byte keys', () => { const k1 = crypto.randomBytes(32); const k2 = new Uint8Array(k1); expect(crypto.constantTimeEqual(k1, k2)).toBe(true); k2[31] ^= 0x01; expect(crypto.constantTimeEqual(k1, k2)).toBe(false); }); test('standalone function gives same result', () => { const a = crypto.randomBytes(32); const b = new Uint8Array(a); expect(constantTimeEqual(a, b)).toBe(true); b[0] ^= 0x01; expect(constantTimeEqual(a, b)).toBe(false); }); // Statistical timing test — measure variance between mismatch-at-start vs mismatch-at-end // This is noisy on CI but catches obvious early-exit regressions. test('timing variance stays bounded across mismatch positions', () => { const len = 256; const target = crypto.randomBytes(len); const mismatchAtStart = new Uint8Array(target); mismatchAtStart[0] ^= 0xff; const mismatchAtEnd = new Uint8Array(target); mismatchAtEnd[len - 1] ^= 0xff; // Measure many iterations to get a stable signal const iterations = 50000; const start1 = performance.now(); for (let i = 0; i < iterations; i++) { crypto.constantTimeEqual(target, mismatchAtStart); } const timeStart = performance.now() - start1; const start2 = performance.now(); for (let i = 0; i < iterations; i++) { crypto.constantTimeEqual(target, mismatchAtEnd); } const timeEnd = performance.now() - start2; // With constant-time comparison, these should be very close. // Non-constant-time would show timeEnd >> timeStart (early exit vs full scan). // Allow 2x variance for JIT/noise, but it should never be 10x. const ratio = Math.max(timeStart, timeEnd) / Math.min(timeStart, timeEnd); expect(ratio).toBeLessThan(3); }); }); // ─── zeroize ────────────────────────────────────────────── describe('zeroize', () => { test('fills buffer with zeros', () => { const buf = crypto.randomBytes(32); // Make sure it's not already zero const anyNonZero = buf.some((b) => b !== 0); expect(anyNonZero).toBe(true); crypto.zeroize(buf); expect(buf.every((b) => b === 0)).toBe(true); }); test('handles empty buffer', () => { crypto.zeroize(new Uint8Array(0)); // Should not throw }); test('handles large buffer', () => { const buf = crypto.randomBytes(4096); crypto.zeroize(buf); expect(buf.every((b) => b === 0)).toBe(true); }); }); // ─── randomUint32 ───────────────────────────────────────── describe('randomUint32', () => { test('returns number in 32-bit unsigned range', () => { for (let i = 0; i < 100; i++) { const n = crypto.randomUint32(); expect(n).toBeGreaterThanOrEqual(0); expect(n).toBeLessThanOrEqual(0xffffffff); expect(Number.isInteger(n)).toBe(true); } }); test('produces different values each call', () => { const values = new Set(); for (let i = 0; i < 100; i++) { values.add(crypto.randomUint32()); } // With 32 bits, 100 samples should all be unique expect(values.size).toBe(100); }); test('distribution is not biased toward low values', () => { // Generate many and check that at least some are above 2^31 // (would fail if using Math.random() with weird multiplier bugs) let highCount = 0; for (let i = 0; i < 1000; i++) { if (crypto.randomUint32() >= 0x80000000) highCount++; } // Should be around 500, accept 400-600 as "not obviously broken" expect(highCount).toBeGreaterThan(400); expect(highCount).toBeLessThan(600); }); }); });