UNPKG

xypriss-security

Version:

XyPriss Security is an advanced JavaScript security library designed for enterprise applications. It provides military-grade encryption, secure data structures, quantum-resistant cryptography, and comprehensive security utilities for modern web applicatio

421 lines (415 loc) 15.8 kB
'use strict'; var crypto = require('crypto'); var types = require('../../types.js'); var randomTypes = require('./random-types.js'); var randomEntropy = require('./random-entropy.js'); var randomSources = require('./random-sources.js'); function _interopNamespaceDefault(e) { var n = Object.create(null); if (e) { Object.keys(e).forEach(function (k) { if (k !== 'default') { var d = Object.getOwnPropertyDescriptor(e, k); Object.defineProperty(n, k, d.get ? d : { enumerable: true, get: function () { return e[k]; } }); } }); } n.default = e; return Object.freeze(n); } var crypto__namespace = /*#__PURE__*/_interopNamespaceDefault(crypto); /** * Random security - Advanced security features and monitoring * Optimized for real-world applications */ class RandomSecurity { /** * Perform comprehensive security assessment * @param data - Data to assess (optional) * @returns Security monitoring result */ static performSecurityAssessment(data) { const timestamp = Date.now(); const libraryStatus = randomSources.RandomSources.getLibraryStatus(); // Analyze entropy if data provided let entropyQuality = randomTypes.EntropyQuality.GOOD; if (data && data.length > 0) { entropyQuality = randomEntropy.RandomEntropy.assessEntropyQuality(data); } // Assess threats const threats = this.assessThreats(libraryStatus, entropyQuality); // Generate recommendations const recommendations = this.generateRecommendations(threats, libraryStatus); // Determine security level const securityLevel = this.determineSecurityLevel(threats, entropyQuality); this.lastSecurityCheck = timestamp; return { entropyQuality, securityLevel, threats, recommendations, timestamp, bytesGenerated: 0, reseedCount: 0, libraryStatus, }; } /** * Assess current threats based on real-world security concerns */ static assessThreats(libraryStatus, entropyQuality) { const threats = []; // Reset threat level for fresh assessment this.threatLevel = "low"; // Critical entropy quality issues if (entropyQuality === randomTypes.EntropyQuality.POOR) { threats.push("Critical entropy quality - immediate attention required"); this.threatLevel = "critical"; } else if (entropyQuality === randomTypes.EntropyQuality.FAIR) { threats.push("Suboptimal entropy quality detected"); this.updateThreatLevel("medium"); } // Entropy source availability if (libraryStatus && typeof libraryStatus === "object") { const availableLibraries = Object.values(libraryStatus).filter(Boolean).length; if (availableLibraries === 0) { threats.push("No enhanced entropy sources available"); this.threatLevel = "critical"; } else if (availableLibraries === 1) { threats.push("Single point of failure in entropy sources"); this.updateThreatLevel("medium"); } } // Platform-specific entropy checks if (!this.isSecureRandomAvailable()) { threats.push("Secure random generation not available"); this.threatLevel = "critical"; } // Performance-based risk assessment if (this.detectHighFrequencyUsage()) { threats.push("High-frequency random generation detected"); this.updateThreatLevel("medium"); } return threats; } /** * Generate actionable security recommendations */ static generateRecommendations(threats, libraryStatus) { const recommendations = []; // Entropy quality recommendations if (threats.some((t) => t.includes("entropy quality"))) { recommendations.push("Implement entropy pooling and mixing"); recommendations.push("Consider hardware security modules"); } // Source diversity recommendations if (threats.some((t) => t.includes("entropy sources") || t.includes("Single point"))) { recommendations.push("Diversify entropy sources"); recommendations.push("Implement entropy source failover"); } // Platform security recommendations if (threats.some((t) => t.includes("Secure random"))) { recommendations.push("Upgrade to secure random generation"); recommendations.push("Verify cryptographic library versions"); } // Performance recommendations if (threats.some((t) => t.includes("High-frequency"))) { recommendations.push("Implement entropy caching"); recommendations.push("Use batch random generation"); } // Default recommendation for secure systems if (threats.length === 0) { recommendations.push("Maintain current security practices"); recommendations.push("Schedule regular security assessments"); } return recommendations; } /** * Determine security level based on threat assessment */ static determineSecurityLevel(threats, entropyQuality) { // Critical threats require immediate attention if (this.threatLevel === "critical") { return types.SecurityLevel.STANDARD; // Fallback to standard until issues resolved } // High-quality entropy deserves maximum security if (entropyQuality === randomTypes.EntropyQuality.MILITARY && threats.length === 0) { return types.SecurityLevel.MAXIMUM; } // Medium threats or fair entropy if (this.threatLevel === "medium" || entropyQuality === randomTypes.EntropyQuality.FAIR) { return types.SecurityLevel.HIGH; } // Default to high security for good entropy return types.SecurityLevel.HIGH; } /** * Check if secure random generation is available */ static isSecureRandomAvailable() { try { // Node.js crypto module if (typeof crypto__namespace !== "undefined" && crypto__namespace.randomBytes) { crypto__namespace.randomBytes(1); // Test generation return true; } // Browser Web Crypto API if (typeof window !== "undefined" && window.crypto?.getRandomValues) { const test = new Uint8Array(1); window.crypto.getRandomValues(test); return true; } return false; } catch (error) { return false; } } /** * Detect high-frequency usage patterns */ static detectHighFrequencyUsage() { const now = Date.now(); const timeSinceLastCheck = now - this.lastSecurityCheck; // Consider high frequency if called more than once per 50ms return timeSinceLastCheck < 50; } /** * Update threat level (only escalate, never de-escalate) */ static updateThreatLevel(newLevel) { const levels = { low: 0, medium: 1, high: 2, critical: 3 }; if (levels[newLevel] > levels[this.threatLevel]) { this.threatLevel = newLevel; } } /** * Monitor for side-channel attacks with real-world heuristics */ static monitorSideChannelAttacks(data) { const indicators = []; const recommendations = []; let riskLevel = "low"; if (!data || data.length === 0) { return { riskLevel, indicators, recommendations }; } // Statistical analysis for bias detection const entropy = this.calculateShannonEntropy(data); if (entropy < 7.5) { // Good entropy should be close to 8 bits indicators.push("Low entropy detected in random data"); riskLevel = "medium"; recommendations.push("Investigate entropy source quality"); } // Frequency analysis for bias const frequencies = new Uint32Array(256); for (const byte of data) { frequencies[byte]++; } const expectedFreq = data.length / 256; const maxDeviation = Math.max(...frequencies) / expectedFreq; if (maxDeviation > 2.0) { indicators.push("Statistical bias detected"); riskLevel = "high"; recommendations.push("Implement entropy whitening"); } // Timing analysis const now = Date.now(); if (now - this.lastSecurityCheck < 10) { indicators.push("Potential timing attack pattern"); riskLevel = "high"; recommendations.push("Implement timing attack countermeasures"); } return { riskLevel, indicators, recommendations }; } /** * Calculate Shannon entropy for data quality assessment */ static calculateShannonEntropy(data) { const frequencies = new Uint32Array(256); for (const byte of data) { frequencies[byte]++; } let entropy = 0; const length = data.length; for (let i = 0; i < 256; i++) { if (frequencies[i] > 0) { const probability = frequencies[i] / length; entropy -= probability * Math.log2(probability); } } return entropy; } /** * Validate entropy source integrity */ static validateEntropySourceIntegrity(sourceName) { const issues = []; let confidence = 1.0; try { // Basic availability test const testResult = randomSources.RandomSources.testEntropySource?.(sourceName) ?? false; if (!testResult) { issues.push(`Entropy source '${sourceName}' unavailable or failed test`); confidence = 0.0; } // Additional validation could include: // - Statistical tests (NIST SP 800-22) // - Performance benchmarks // - Compliance verification } catch (error) { issues.push(`Entropy source validation error: ${error instanceof Error ? error.message : String(error)}`); confidence = 0.0; } return { valid: issues.length === 0 && confidence > 0.5, confidence, issues, }; } /** * Generate comprehensive security report */ static generateSecurityReport(includeDetails = false) { const assessment = this.performSecurityAssessment(); const summary = assessment.threats.length === 0 ? "Security posture is acceptable with no critical issues detected." : `Security assessment identified ${assessment.threats.length} issue(s) requiring attention.`; const report = { summary, threatLevel: this.threatLevel, recommendations: assessment.recommendations, }; if (includeDetails) { report.details = { entropyQuality: assessment.entropyQuality, securityLevel: assessment.securityLevel, threats: assessment.threats, libraryStatus: assessment.libraryStatus, timestamp: assessment.timestamp, lastSecurityCheck: this.lastSecurityCheck, }; } return report; } /** * Enable security monitoring with configurable interval */ static enableSecurityMonitoring(intervalMs = 300000) { // 5 minutes default if (this.monitoringEnabled) { return; } this.monitoringEnabled = true; this.monitoringInterval = setInterval(() => { try { const assessment = this.performSecurityAssessment(); if (assessment.threats.length > 0) { const criticalThreats = assessment.threats.filter((t) => t.includes("Critical") || t.includes("critical")); if (criticalThreats.length > 0) { console.error("CRITICAL Security Alert:", criticalThreats); } else { console.warn("Security Alert:", assessment.threats); } this.securityAlerts.push(...assessment.threats); } } catch (error) { console.error("Security monitoring error:", error); } }, intervalMs); } /** * Disable security monitoring */ static disableSecurityMonitoring() { if (this.monitoringInterval) { clearInterval(this.monitoringInterval); this.monitoringInterval = null; } this.monitoringEnabled = false; } /** * Get security alerts */ static getSecurityAlerts() { return [...this.securityAlerts]; } /** * Clear security alerts */ static clearSecurityAlerts() { this.securityAlerts = []; } /** * Get current threat level */ static getThreatLevel() { return this.threatLevel; } /** * Assess quantum readiness with realistic recommendations */ static assessQuantumReadiness() { const algorithms = [ { name: "AES-256", quantumSafe: false, available: true }, { name: "ChaCha20", quantumSafe: false, available: true }, { name: "RSA-2048", quantumSafe: false, available: true }, { name: "ECDSA", quantumSafe: false, available: true }, { name: "Kyber", quantumSafe: true, available: false }, { name: "Dilithium", quantumSafe: true, available: false }, { name: "SPHINCS+", quantumSafe: true, available: false }, ]; const availableAlgorithms = algorithms.filter((a) => a.available); const quantumSafeAvailable = availableAlgorithms.filter((a) => a.quantumSafe); const score = availableAlgorithms.length > 0 ? (quantumSafeAvailable.length / availableAlgorithms.length) * 100 : 0; const ready = score >= 25; // More realistic threshold const recommendations = []; if (!ready) { recommendations.push("Evaluate post-quantum cryptography libraries"); recommendations.push("Plan quantum-safe migration strategy"); recommendations.push("Monitor NIST post-quantum standards"); } else { recommendations.push("Continue monitoring quantum computing developments"); recommendations.push("Test quantum-safe implementations"); } return { ready, score: Math.round(score), recommendations, algorithms, }; } /** * Get monitoring status */ static getMonitoringStatus() { return { enabled: this.monitoringEnabled, lastCheck: this.lastSecurityCheck, alertCount: this.securityAlerts.length, threatLevel: this.threatLevel, }; } } RandomSecurity.securityAlerts = []; RandomSecurity.lastSecurityCheck = Date.now(); RandomSecurity.threatLevel = "low"; RandomSecurity.monitoringEnabled = false; RandomSecurity.monitoringInterval = null; exports.RandomSecurity = RandomSecurity; //# sourceMappingURL=random-security.js.map