@dimzxzzx07/file-watcher 1.0.0

package/src/crypto/HashGenerator.ts

@@ -0,0 +1,234 @@
+import * as crypto from 'crypto';
+import { SecurityConfig } from '../types';
+
+export class HashGenerator {
+    private readonly config: SecurityConfig;
+    private readonly algorithms: string[];
+    private readonly salt: Buffer;
+
+    constructor(config: SecurityConfig) {
+        this.config = config;
+        this.algorithms = ['sha256', 'sha384', 'sha512', 'blake2b512'];
+        this.salt = crypto.randomBytes(32);
+    }
+
+    public generateHash(data: Buffer | string): string {
+        const input = typeof data === 'string' ? Buffer.from(data) : data;
+        
+        const hash1 = crypto.createHash(this.config.hashAlgorithm)
+            .update(input)
+            .update(this.salt)
+            .digest('hex');
+            
+        const hash2 = crypto.createHash('blake2b512')
+            .update(input)
+            .update(hash1)
+            .digest('hex');
+            
+        return this.combineHashes([hash1, hash2]);
+    }
+
+    public generateEncryptedHash(data: Buffer | string): string {
+        const input = typeof data === 'string' ? Buffer.from(data) : data;
+        
+        const normalHash = this.generateHash(input);
+        
+        const key = crypto.scryptSync(normalHash, this.salt, 32);
+        const iv = crypto.randomBytes(16);
+        
+        const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+        const encrypted = Buffer.concat([
+            cipher.update(Buffer.from(normalHash, 'hex')),
+            cipher.final()
+        ]);
+        
+        const authTag = cipher.getAuthTag();
+        
+        return Buffer.concat([iv, authTag, encrypted]).toString('base64');
+    }
+
+    public generateMultiHash(data: Buffer): string[] {
+        const hashes: string[] = [];
+        
+        for (const algorithm of this.algorithms) {
+            const hash = crypto.createHash(algorithm)
+                .update(data)
+                .update(this.salt)
+                .digest('hex');
+            hashes.push(hash);
+        }
+        
+        return hashes;
+    }
+
+    public generateRollingHash(data: Buffer, chunkSize: number = 1024): string[] {
+        const hashes: string[] = [];
+        
+        for (let i = 0; i < data.length; i += chunkSize) {
+            const chunk = data.subarray(i, Math.min(i + chunkSize, data.length));
+            const hash = crypto.createHash('sha256')
+                .update(chunk)
+                .digest('hex');
+            hashes.push(hash);
+        }
+        
+        return hashes;
+    }
+
+    public generateMerkleRoot(data: Buffer): string {
+        const leaves: string[] = [];
+        const chunkSize = 1024;
+        
+        for (let i = 0; i < data.length; i += chunkSize) {
+            const chunk = data.subarray(i, Math.min(i + chunkSize, data.length));
+            const hash = crypto.createHash('sha256')
+                .update(chunk)
+                .digest();
+            leaves.push(hash.toString('hex'));
+        }
+        
+        return this.buildMerkleTree(leaves);
+    }
+
+    private buildMerkleTree(leaves: string[]): string {
+        if (leaves.length === 1) {
+            return leaves[0] as string;
+        }
+        
+        const newLevel: string[] = [];
+        
+        for (let i = 0; i < leaves.length; i += 2) {
+            if (i + 1 < leaves.length) {
+                const left = leaves[i] as string;
+                const right = leaves[i + 1] as string;
+                const combined = left + right;
+                const hash = crypto.createHash('sha256')
+                    .update(Buffer.from(combined, 'hex'))
+                    .digest('hex');
+                newLevel.push(hash);
+            } else {
+                newLevel.push(leaves[i] as string);
+            }
+        }
+        
+        return this.buildMerkleTree(newLevel);
+    }
+
+    public generateHMAC(data: Buffer | string, key?: Buffer): string {
+        const secretKey = key || crypto.randomBytes(32);
+        const input = typeof data === 'string' ? Buffer.from(data) : data;
+        
+        const hmac = crypto.createHmac('sha512', secretKey)
+            .update(input)
+            .digest('hex');
+            
+        return hmac;
+    }
+
+    public generateKeyedHash(data: Buffer, key: Buffer): string {
+        const prk = crypto.createHmac('sha256', key)
+            .update(data)
+            .digest();
+            
+        const okm = crypto.createHmac('sha256', prk)
+            .update(Buffer.from([0x01]))
+            .digest();
+            
+        return okm.toString('hex');
+    }
+
+    public generateTimeBasedHash(data: Buffer, timestamp: number = Date.now()): string {
+        const timeBuffer = Buffer.alloc(8);
+        timeBuffer.writeBigUInt64BE(BigInt(timestamp));
+        
+        const combined = Buffer.concat([data, timeBuffer]);
+        
+        return crypto.createHash('sha512')
+            .update(combined)
+            .update(this.salt)
+            .digest('hex');
+    }
+
+    public generateHashChain(data: Buffer, chainLength: number = 10): string[] {
+        const chain: string[] = [];
+        let current = data;
+        
+        for (let i = 0; i < chainLength; i++) {
+            const hash = crypto.createHash('sha256')
+                .update(current)
+                .digest();
+            chain.push(hash.toString('hex'));
+            current = hash;
+        }
+        
+        return chain;
+    }
+
+    public verifyHashChain(chain: string[]): boolean {
+        for (let i = 0; i < chain.length - 1; i++) {
+            const hash = crypto.createHash('sha256')
+                .update(Buffer.from(chain[i] as string, 'hex'))
+                .digest('hex');
+                
+            if (hash !== chain[i + 1]) {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+
+    public generateFingerprint(data: Buffer): string {
+        const features = [
+            data.length.toString(),
+            this.generateHash(data).substring(0, 16),
+            this.calculateEntropy(data).toString(),
+            this.getFirstBytes(data, 32).toString('hex'),
+            this.getLastBytes(data, 32).toString('hex')
+        ];
+        
+        return this.generateHash(features.join('|'));
+    }
+
+    private calculateEntropy(data: Buffer): number {
+        const frequencies: { [key: number]: number } = {};
+        
+        for (const byte of data) {
+            frequencies[byte] = (frequencies[byte] || 0) + 1;
+        }
+        
+        let entropy = 0;
+        const length = data.length;
+        
+        for (const freq of Object.values(frequencies)) {
+            const probability = freq / length;
+            entropy -= probability * Math.log2(probability);
+        }
+        
+        return entropy;
+    }
+
+    private getFirstBytes(data: Buffer, count: number): Buffer {
+        return data.subarray(0, Math.min(count, data.length));
+    }
+
+    private getLastBytes(data: Buffer, count: number): Buffer {
+        const start = Math.max(0, data.length - count);
+        return data.subarray(start);
+    }
+
+    private combineHashes(hashes: string[]): string {
+        const combined = hashes.join('');
+        return crypto.createHash('sha512')
+            .update(combined)
+            .digest('hex');
+    }
+
+    public getSalt(): Buffer {
+        return Buffer.from(this.salt);
+    }
+
+    public getAlgorithms(): string[] {
+        return [...this.algorithms];
+    }
+}

package/src/crypto/KeyManager.ts

@@ -0,0 +1,249 @@
+import * as crypto from 'crypto';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import { SecurityConfig } from '../types';
+import { Logger } from '../utils/Logger';
+
+export class KeyManager {
+    private readonly keys: Map<string, Buffer>;
+    private readonly keyDir: string;
+    private masterKey: Buffer | null = null;
+
+    constructor(config: SecurityConfig) {
+        this.keys = new Map();
+        this.keyDir = path.join(config.watchDir, '.secure', 'keys');
+        
+        this.initializeKeyStorage();
+    }
+
+    private async initializeKeyStorage(): Promise<void> {
+        try {
+            await fs.mkdir(this.keyDir, { recursive: true, mode: 0o700 });
+            await this.loadMasterKey();
+        } catch (error) {
+            Logger.getInstance().error('Failed to initialize key storage', { error });
+        }
+    }
+
+    private async loadMasterKey(): Promise<void> {
+        const masterKeyPath = path.join(this.keyDir, 'master.key');
+        
+        try {
+            const encryptedKey = await fs.readFile(masterKeyPath);
+            this.masterKey = await this.decryptMasterKey(encryptedKey);
+        } catch {
+            this.masterKey = crypto.randomBytes(32);
+            const encryptedKey = await this.encryptMasterKey(this.masterKey);
+            await fs.writeFile(masterKeyPath, encryptedKey, { mode: 0o400 });
+        }
+    }
+
+    public generateKey(keyId: string, length: number = 32): Buffer {
+        const key = crypto.randomBytes(length);
+        this.keys.set(keyId, key);
+        return key;
+    }
+
+    public async generateKeyPair(keyId: string): Promise<{
+        publicKey: Buffer;
+        privateKey: Buffer;
+    }> {
+        const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
+            modulusLength: 2048,
+            publicKeyEncoding: {
+                type: 'spki',
+                format: 'der'
+            },
+            privateKeyEncoding: {
+                type: 'pkcs8',
+                format: 'der'
+            }
+        });
+
+        this.keys.set(`${keyId}_public`, publicKey);
+        this.keys.set(`${keyId}_private`, privateKey);
+
+        await this.saveKeyToDisk(`${keyId}_public`, publicKey);
+        await this.saveKeyToDisk(`${keyId}_private`, privateKey);
+
+        return { publicKey, privateKey };
+    }
+
+    public getKey(keyId: string): Buffer | undefined {
+        return this.keys.get(keyId);
+    }
+
+    public async rotateKey(keyId: string): Promise<Buffer> {
+        const newKey = this.generateKey(`${keyId}_${Date.now()}`);
+        this.keys.set(keyId, newKey);
+        
+        const oldKey = this.keys.get(`${keyId}_old`);
+        if (oldKey) {
+            await this.archiveKey(keyId, oldKey);
+        }
+        
+        return newKey;
+    }
+
+    public async deriveKey(password: string, salt?: Buffer): Promise<Buffer> {
+        const useSalt = salt || crypto.randomBytes(16);
+        
+        return new Promise((resolve, reject) => {
+            crypto.scrypt(password, useSalt, 32, (err, derivedKey) => {
+                if (err) reject(err);
+                else resolve(derivedKey);
+            });
+        });
+    }
+
+    public generateSessionKey(): Buffer {
+        return crypto.randomBytes(32);
+    }
+
+    public generateIV(): Buffer {
+        return crypto.randomBytes(16);
+    }
+
+    public async encryptWithMasterKey(data: Buffer): Promise<Buffer> {
+        if (!this.masterKey) {
+            throw new Error('Master key not initialized');
+        }
+
+        const iv = crypto.randomBytes(16);
+        const cipher = crypto.createCipheriv('aes-256-gcm', this.masterKey, iv);
+        
+        const encrypted = Buffer.concat([
+            cipher.update(data),
+            cipher.final()
+        ]);
+        
+        const authTag = cipher.getAuthTag();
+        
+        return Buffer.concat([iv, authTag, encrypted]);
+    }
+
+    public async decryptWithMasterKey(encryptedData: Buffer): Promise<Buffer> {
+        if (!this.masterKey) {
+            throw new Error('Master key not initialized');
+        }
+
+        const iv = encryptedData.subarray(0, 16);
+        const authTag = encryptedData.subarray(16, 32);
+        const data = encryptedData.subarray(32);
+
+        const decipher = crypto.createDecipheriv('aes-256-gcm', this.masterKey, iv);
+        decipher.setAuthTag(authTag);
+
+        return Buffer.concat([
+            decipher.update(data),
+            decipher.final()
+        ]);
+    }
+
+    public async signData(keyId: string, data: Buffer): Promise<Buffer> {
+        const privateKey = this.keys.get(keyId);
+        if (!privateKey) {
+            throw new Error(`Key not found: ${keyId}`);
+        }
+
+        const sign = crypto.createSign('RSA-SHA256');
+        sign.update(data);
+        
+        return sign.sign({
+            key: privateKey,
+            format: 'der',
+            type: 'pkcs8'
+        });
+    }
+
+    public async verifySignature(
+        keyId: string,
+        data: Buffer,
+        signature: Buffer
+    ): Promise<boolean> {
+        const publicKey = this.keys.get(keyId);
+        if (!publicKey) {
+            throw new Error(`Key not found: ${keyId}`);
+        }
+
+        const verify = crypto.createVerify('RSA-SHA256');
+        verify.update(data);
+
+        return verify.verify({
+            key: publicKey,
+            format: 'der',
+            type: 'spki'
+        }, signature);
+    }
+
+    private async saveKeyToDisk(keyId: string, keyData: Buffer): Promise<void> {
+        try {
+            const keyPath = path.join(this.keyDir, `${keyId}.key`);
+            const encrypted = await this.encryptWithMasterKey(keyData);
+            await fs.writeFile(keyPath, encrypted, { mode: 0o400 });
+        } catch (error) {
+            Logger.getInstance().error(`Failed to save key: ${keyId}`, { error });
+        }
+    }
+
+    private async encryptMasterKey(key: Buffer): Promise<Buffer> {
+        const platformKey = await this.getPlatformKey();
+        
+        const iv = crypto.randomBytes(16);
+        const cipher = crypto.createCipheriv('aes-256-gcm', platformKey, iv);
+        
+        const encrypted = Buffer.concat([
+            cipher.update(key),
+            cipher.final()
+        ]);
+        
+        const authTag = cipher.getAuthTag();
+        
+        return Buffer.concat([iv, authTag, encrypted]);
+    }
+
+    private async decryptMasterKey(encrypted: Buffer): Promise<Buffer> {
+        const platformKey = await this.getPlatformKey();
+        
+        const iv = encrypted.subarray(0, 16);
+        const authTag = encrypted.subarray(16, 32);
+        const data = encrypted.subarray(32);
+
+        const decipher = crypto.createDecipheriv('aes-256-gcm', platformKey, iv);
+        decipher.setAuthTag(authTag);
+
+        return Buffer.concat([
+            decipher.update(data),
+            decipher.final()
+        ]);
+    }
+
+    private async getPlatformKey(): Promise<Buffer> {
+        const platformData = [
+            process.platform,
+            process.arch,
+            process.cwd(),
+            __filename,
+            process.pid
+        ].join('|');
+
+        return crypto.createHash('sha256').update(platformData).digest();
+    }
+
+    private async archiveKey(keyId: string, keyData: Buffer): Promise<void> {
+        const archiveDir = path.join(this.keyDir, 'archive');
+        await fs.mkdir(archiveDir, { recursive: true });
+        
+        const archivePath = path.join(archiveDir, `${keyId}_${Date.now()}.key.old`);
+        const encrypted = await this.encryptWithMasterKey(keyData);
+        await fs.writeFile(archivePath, encrypted, { mode: 0o400 });
+    }
+
+    public getStatus(): any {
+        return {
+            keyCount: this.keys.size,
+            masterKeyInitialized: this.masterKey !== null,
+            keyDirectory: this.keyDir
+        };
+    }
+}

package/src/crypto/SignatureValidator.ts

@@ -0,0 +1,76 @@
+import * as crypto from 'crypto';
+import { Logger } from '../utils/Logger';
+
+export class SignatureValidator {
+    private readonly logger: Logger;
+    private readonly keyPair: { publicKey: string; privateKey: string };
+
+    constructor() {
+        this.logger = Logger.getInstance();
+        
+        this.keyPair = this.generateKeyPair();
+    }
+
+    private generateKeyPair(): { publicKey: string; privateKey: string } {
+        const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
+            modulusLength: 2048,
+            publicKeyEncoding: {
+                type: 'spki',
+                format: 'pem'
+            },
+            privateKeyEncoding: {
+                type: 'pkcs8',
+                format: 'pem'
+            }
+        });
+
+        return { publicKey, privateKey };
+    }
+
+    public async generateSignature(data: Buffer): Promise<string> {
+        try {
+            const hash = crypto.createHash('sha512')
+                .update(data)
+                .digest();
+                
+            const sign = crypto.createSign('RSA-SHA512');
+            sign.update(hash);
+            
+            const signature = sign.sign(this.keyPair.privateKey, 'base64');
+            
+            return signature;
+        } catch (error) {
+            this.logger.error('Failed to generate signature', { error });
+            throw error;
+        }
+    }
+
+    public async validateSignature(data: Buffer, signature: string): Promise<boolean> {
+        try {
+            const hash = crypto.createHash('sha512')
+                .update(data)
+                .digest();
+                
+            const verify = crypto.createVerify('RSA-SHA512');
+            verify.update(hash);
+            
+            return verify.verify(this.keyPair.publicKey, signature, 'base64');
+        } catch (error) {
+            this.logger.error('Failed to validate signature', { error });
+            return false;
+        }
+    }
+
+    public exportPublicKey(): string {
+        return this.keyPair.publicKey;
+    }
+
+    public getStatus(): any {
+        return {
+            algorithm: 'RSA-SHA512',
+            keySize: 2048,
+            publicKeyAvailable: !!this.keyPair.publicKey,
+            privateKeyAvailable: !!this.keyPair.privateKey
+        };
+    }
+}