UNPKG

trojanhorse-js

Version:

A comprehensive JavaScript library for fetching, managing, and analyzing global threat intelligence from multiple open-source feeds and security news sources. Unlike its mythological namesake, this Trojan protects your digital fortress.

github.com/sc4rfurry/TrojanHorse.js

sc4rfurry/TrojanHorse.js

268 lines (215 loc) 9.68 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
/** * CryptoEngine Security Tests * * Comprehensive security testing for cryptographic operations * - Tests encryption/decryption functionality * - Validates timing attack resistance * - Checks for memory leaks in crypto operations * - Ensures proper key derivation and IV generation */ import { CryptoEngine } from '../../security/CryptoEngine'; import { TestUtils, SecurityTestUtils, TEST_CONSTANTS } from '../../../tests/setup'; describe('CryptoEngine Security Tests', () => { let cryptoEngine: CryptoEngine; beforeEach(() => { cryptoEngine = new CryptoEngine(); }); afterEach(() => { // Secure cleanup TestUtils.secureCleanup(cryptoEngine); }); describe('Encryption/Decryption Operations', () => { test('should encrypt and decrypt data successfully', async () => { const testData = { apiKey: 'test-api-key-12345', sensitive: true }; const password = TEST_CONSTANTS.TEST_PASSWORD; // Generate key and IV const key = await cryptoEngine.deriveKey(password, 'test-salt'); const iv = cryptoEngine.generateIV(); // Encrypt const encrypted = await cryptoEngine.encrypt(testData, key, iv); expect(encrypted).toBeDefined(); expect(encrypted.encrypted).toBeTruthy(); expect(encrypted.iv).toBe(iv); expect(encrypted.algorithm).toBe('AES-256-CBC'); // Decrypt const decrypted = await cryptoEngine.decrypt(encrypted, key); expect(decrypted).toEqual(testData); }); test('should fail gracefully with wrong key', async () => { const testData = { secret: 'confidential-data' }; const password = TEST_CONSTANTS.TEST_PASSWORD; const wrongPassword = 'wrong-password'; const key = await cryptoEngine.deriveKey(password, 'test-salt'); const wrongKey = await cryptoEngine.deriveKey(wrongPassword, 'test-salt'); const iv = cryptoEngine.generateIV(); const encrypted = await cryptoEngine.encrypt(testData, key, iv); await expect(cryptoEngine.decrypt(encrypted, wrongKey)) .rejects .toThrow(); }); test('should generate unique IVs', () => { const ivs = new Set(); for (let i = 0; i < 100; i++) { const iv = cryptoEngine.generateIV(); expect(iv).toHaveLength(24); // Base64 encoded 16-byte IV expect(ivs.has(iv)).toBe(false); ivs.add(iv); } }); test('should derive deterministic keys from same input', async () => { const password = TEST_CONSTANTS.TEST_PASSWORD; const salt = 'consistent-salt'; const key1 = await cryptoEngine.deriveKey(password, salt); const key2 = await cryptoEngine.deriveKey(password, salt); expect(key1).toBe(key2); }); test('should derive different keys from different salts', async () => { const password = TEST_CONSTANTS.TEST_PASSWORD; const key1 = await cryptoEngine.deriveKey(password, 'salt1'); const key2 = await cryptoEngine.deriveKey(password, 'salt2'); expect(key1).not.toBe(key2); }); }); describe('Security Properties', () => { test('should be resistant to timing attacks', async () => { const validPassword = TEST_CONSTANTS.TEST_PASSWORD; const invalidPassword = 'invalid-password-with-same-length'; // Create a test function that simulates authentication const testAuthentication = async (password: string): Promise<boolean> => { try { const salt = 'test-salt'; const key = await cryptoEngine.deriveKey(password, salt); // Simulate some work with the key const testData = { test: 'data' }; const iv = cryptoEngine.generateIV(); await cryptoEngine.encrypt(testData, key, iv); return password === validPassword; } catch { return false; } }; const isTimingSecure = await SecurityTestUtils.testTimingAttack( testAuthentication, validPassword, invalidPassword, 50 // Reduced iterations for faster tests ); expect(isTimingSecure).toBe(true); }, 30000); test('should not leak memory during operations', () => { const isMemorySecure = SecurityTestUtils.testMemoryCleanup(() => { // Perform memory-intensive crypto operations for (let i = 0; i < 100; i++) { const iv = cryptoEngine.generateIV(); cryptoEngine.deriveKey(`password-${i}`, `salt-${i}`); } }); expect(isMemorySecure).toBe(true); }); test('should handle large data encryption/decryption', async () => { // Create a large test object (1MB) const largeData = { data: 'x'.repeat(1024 * 1024), timestamp: Date.now(), metadata: { size: 'large', test: true } }; const password = TEST_CONSTANTS.TEST_PASSWORD; const key = await cryptoEngine.deriveKey(password, 'large-data-salt'); const iv = cryptoEngine.generateIV(); const encrypted = await cryptoEngine.encrypt(largeData, key, iv); expect(encrypted.encrypted).toBeTruthy(); const decrypted = await cryptoEngine.decrypt(encrypted, key); expect(decrypted).toEqual(largeData); }, 15000); test('should handle edge cases gracefully', async () => { const password = TEST_CONSTANTS.TEST_PASSWORD; const key = await cryptoEngine.deriveKey(password, 'edge-case-salt'); const iv = cryptoEngine.generateIV(); // Empty object const emptyData = {}; const encrypted1 = await cryptoEngine.encrypt(emptyData, key, iv); const decrypted1 = await cryptoEngine.decrypt(encrypted1, key); expect(decrypted1).toEqual(emptyData); // Null values const nullData = { value: null, undefined: undefined }; const encrypted2 = await cryptoEngine.encrypt(nullData, key, iv); const decrypted2 = await cryptoEngine.decrypt(encrypted2, key); expect(decrypted2).toEqual({ value: null }); // Arrays const arrayData = [1, 'string', { nested: true }, null]; const encrypted3 = await cryptoEngine.encrypt(arrayData, key, iv); const decrypted3 = await cryptoEngine.decrypt(encrypted3, key); expect(decrypted3).toEqual([1, 'string', { nested: true }, null]); }); }); describe('Error Handling', () => { test('should throw on invalid encrypted data', async () => { const password = TEST_CONSTANTS.TEST_PASSWORD; const key = await cryptoEngine.deriveKey(password, 'test-salt'); const invalidEncrypted = { encrypted: 'invalid-base64-data!!!', iv: cryptoEngine.generateIV(), algorithm: 'AES-256-CBC' as const, keyDerivation: 'PBKDF2' as const, iterations: 100000, salt: 'test-salt' }; await expect(cryptoEngine.decrypt(invalidEncrypted, key)) .rejects .toThrow(); }); test('should throw on invalid IV', async () => { const testData = { test: 'data' }; const password = TEST_CONSTANTS.TEST_PASSWORD; const key = await cryptoEngine.deriveKey(password, 'test-salt'); const invalidIV = 'invalid-iv'; await expect(cryptoEngine.encrypt(testData, key, invalidIV)) .rejects .toThrow(); }); test('should validate key derivation parameters', async () => { const password = TEST_CONSTANTS.TEST_PASSWORD; // Empty password await expect(cryptoEngine.deriveKey('', 'salt')) .rejects .toThrow(); // Empty salt await expect(cryptoEngine.deriveKey(password, '')) .rejects .toThrow(); }); }); describe('Algorithm Compatibility', () => { test('should use AES-256-CBC algorithm', async () => { const testData = { algorithm: 'test' }; const password = TEST_CONSTANTS.TEST_PASSWORD; const key = await cryptoEngine.deriveKey(password, 'algo-salt'); const iv = cryptoEngine.generateIV(); const encrypted = await cryptoEngine.encrypt(testData, key, iv); expect(encrypted.algorithm).toBe('AES-256-CBC'); expect(encrypted.keyDerivation).toBe('PBKDF2'); expect(encrypted.iterations).toBe(100000); }); test('should produce consistent encryption format', async () => { const testData = { consistency: 'test' }; const password = TEST_CONSTANTS.TEST_PASSWORD; const key = await cryptoEngine.deriveKey(password, 'format-salt'); const iv = cryptoEngine.generateIV(); const encrypted = await cryptoEngine.encrypt(testData, key, iv); // Check that the encrypted object has all required fields expect(encrypted).toHaveProperty('encrypted'); expect(encrypted).toHaveProperty('iv'); expect(encrypted).toHaveProperty('algorithm'); expect(encrypted).toHaveProperty('keyDerivation'); expect(encrypted).toHaveProperty('iterations'); expect(encrypted).toHaveProperty('salt'); // Verify types expect(typeof encrypted.encrypted).toBe('string'); expect(typeof encrypted.iv).toBe('string'); expect(typeof encrypted.algorithm).toBe('string'); expect(typeof encrypted.keyDerivation).toBe('string'); expect(typeof encrypted.iterations).toBe('number'); expect(typeof encrypted.salt).toBe('string'); }); }); });