Stian/Shade
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c95824f95fbf224a82dd720a3a86f966495e2b1e
Shade/packages/shade-core/tests/fingerprint-session.test.ts
Sterister 96a8c210b2 feat(hardening): M-Hard 1-5 — crypto, auth, rate limit, fingerprints, rotation 
M-Hard 1: Cryptographic Hardening
- constantTimeEqual, zeroize, randomUint32 on CryptoProvider
- Fix Math.random() → crypto.randomUint32() for registrationId
- Zero message keys and chain keys after use in ratchet.ts
- Constant-time trust comparison in MemoryStorage + SQLiteStorage
- Timing variance test catches early-exit regressions

M-Hard 2: Self-Authenticated Prekey Server
- Ed25519 signature verification on all write routes
- signPayload/verifyPayload with canonical JSON, ±5 min replay window
- Address validation (NFKC, alphanumeric + :_-.)
- Global ShadeError → HTTP status mapping
- ShadeFetchTransport signs requests when signingPrivateKey provided
- Anonymous bundle fetches still allowed (read-only)

M-Hard 3: Rate Limiting + DoS Protection
- Token bucket rate limiter with pluggable store
- Per-route limits: register 5/h/IP, fetch 60/min/IP, replenish 10/min/id
- 64KB body size limit on POST
- Retry-After header on 429 responses

M-Hard 4: Auto-replenish + Fingerprints + Session Reset
- Safety numbers (12 groups × 5 digits, Signal-style)
- ensurePreKeyStock, resetSession, acceptIdentityChange
- verifyRemoteIdentity for out-of-band comparison

M-Hard 5: Identity Rotation with Grace Period
- rotateIdentity archives old identity, generates fresh signed prekey
- RetiredIdentity storage with addRetired/getRetired/pruneRetired
- 7-day default grace period for decrypting old sessions
- pruneExpiredIdentities for cleanup

M-Hard 8: Error Hierarchy
- New error types: Network, Storage, Validation, Timeout, RateLimit,
  Configuration, Unauthorized, Replay, IdentityRotation
- All errors have stable SHADE_* codes
- errorToHttpStatus for consistent HTTP mapping
- toJSON() for network serialization

188 tests passing, zero failures.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 17:45:34 +02:00

165 lines
5.8 KiB
TypeScript
Raw Blame History

import { describe, test, expect } from 'bun:test';
import { SubtleCryptoProvider, MemoryStorage } from '@shade/crypto-web';
import { ShadeSessionManager, computeFingerprint, shortFingerprint } from '../src/index.js';
const crypto = new SubtleCryptoProvider();
describe('Fingerprints (safety numbers)', () => {
test('computeFingerprint produces 12 groups of 5 digits', async () => {
const sig = crypto.randomBytes(32);
const dh = crypto.randomBytes(32);
const fp = await computeFingerprint(crypto, sig, dh);
const groups = fp.split(' ');
expect(groups.length).toBe(12);
for (const g of groups) {
expect(g).toMatch(/^\d{5}$/);
}
});
test('same input produces same fingerprint (deterministic)', async () => {
const sig = new Uint8Array(32).fill(0xab);
const dh = new Uint8Array(32).fill(0xcd);
const fp1 = await computeFingerprint(crypto, sig, dh);
const fp2 = await computeFingerprint(crypto, sig, dh);
expect(fp1).toBe(fp2);
});
test('different identities produce different fingerprints', async () => {
const sig1 = crypto.randomBytes(32);
const dh1 = crypto.randomBytes(32);
const sig2 = crypto.randomBytes(32);
const dh2 = crypto.randomBytes(32);
const fp1 = await computeFingerprint(crypto, sig1, dh1);
const fp2 = await computeFingerprint(crypto, sig2, dh2);
expect(fp1).not.toBe(fp2);
});
test('shortFingerprint is 4 groups', () => {
const full = '11111 22222 33333 44444 55555 66666 77777 88888 99999 11111 22222 33333';
expect(shortFingerprint(full)).toBe('11111 22222 33333 44444');
});
});
describe('ShadeSessionManager fingerprints', () => {
test('getIdentityFingerprint returns stable value', async () => {
const storage = new MemoryStorage();
const mgr = new ShadeSessionManager(crypto, storage);
await mgr.initialize();
const fp1 = await mgr.getIdentityFingerprint();
const fp2 = await mgr.getIdentityFingerprint();
expect(fp1).toBe(fp2);
expect(fp1.split(' ').length).toBe(12);
});
test('fingerprint persists across SessionManager instances', async () => {
const storage = new MemoryStorage();
const mgr1 = new ShadeSessionManager(crypto, storage);
await mgr1.initialize();
const fp1 = await mgr1.getIdentityFingerprint();
const mgr2 = new ShadeSessionManager(crypto, storage);
await mgr2.initialize();
const fp2 = await mgr2.getIdentityFingerprint();
expect(fp1).toBe(fp2);
});
test('different identities have different fingerprints', async () => {
const alice = new ShadeSessionManager(crypto, new MemoryStorage());
const bob = new ShadeSessionManager(crypto, new MemoryStorage());
await alice.initialize();
await bob.initialize();
const fpA = await alice.getIdentityFingerprint();
const fpB = await bob.getIdentityFingerprint();
expect(fpA).not.toBe(fpB);
});
test('getShortFingerprint returns 4 groups', async () => {
const mgr = new ShadeSessionManager(crypto, new MemoryStorage());
await mgr.initialize();
const short = await mgr.getShortFingerprint();
expect(short.split(' ').length).toBe(4);
});
});
describe('Prekey stock management', () => {
test('ensurePreKeyStock generates keys when below min', async () => {
const mgr = new ShadeSessionManager(crypto, new MemoryStorage());
await mgr.initialize();
// Start with 0 OTPKs
const generated = await mgr.ensurePreKeyStock(5, 10);
expect(generated).toBe(10);
});
test('ensurePreKeyStock does nothing when above min', async () => {
const mgr = new ShadeSessionManager(crypto, new MemoryStorage());
await mgr.initialize();
await mgr.generateOneTimePreKeys(10);
const generated = await mgr.ensurePreKeyStock(5, 10);
expect(generated).toBe(0);
});
test('ensurePreKeyStock tops up to target', async () => {
const mgr = new ShadeSessionManager(crypto, new MemoryStorage());
await mgr.initialize();
await mgr.generateOneTimePreKeys(3);
// Below min of 5, should generate enough to reach target of 20
const generated = await mgr.ensurePreKeyStock(5, 20);
expect(generated).toBe(17);
});
});
describe('Session reset + identity change', () => {
async function setupPair() {
const alice = new ShadeSessionManager(crypto, new MemoryStorage());
const bob = new ShadeSessionManager(crypto, new MemoryStorage());
await alice.initialize();
await bob.initialize();
const otpks = await bob.generateOneTimePreKeys(5);
const bundle = await bob.createPreKeyBundle();
bundle.oneTimePreKey = { keyId: otpks[0].keyId, publicKey: otpks[0].keyPair.publicKey };
await alice.initSessionFromBundle('bob', bundle);
return { alice, bob };
}
test('resetSession removes the session', async () => {
const { alice } = await setupPair();
// Encrypt once to confirm session exists
await alice.encrypt('bob', 'hello');
await alice.resetSession('bob');
expect(alice.encrypt('bob', 'next')).rejects.toThrow('No session');
});
test('acceptIdentityChange updates pinned trust', async () => {
const { alice, bob } = await setupPair();
// Alice verifies Bob's current identity
const bobId = bob.getPublicIdentity();
expect(await alice.verifyRemoteIdentity('bob', bobId.dhKey)).toBe(true);
// Different key is rejected
const fakeKey = crypto.randomBytes(32);
expect(await alice.verifyRemoteIdentity('bob', fakeKey)).toBe(false);
// Accept the fake key as the new Bob
await alice.acceptIdentityChange('bob', fakeKey);
// Now the fake key is trusted, old one isn't
expect(await alice.verifyRemoteIdentity('bob', fakeKey)).toBe(true);
expect(await alice.verifyRemoteIdentity('bob', bobId.dhKey)).toBe(false);
// Session was also removed
expect(alice.encrypt('bob', 'test')).rejects.toThrow('No session');
});
});
Reference in New Issue View Git Blame Copy Permalink