@omindu/yaksha 1.0.0

package/src/security/levels.js

@@ -0,0 +1,316 @@
+'use strict';
+
+/**
+ * Yaksha Security Levels Manager
+ * Centralized configuration for different security levels
+ */
+
+const SECURITY_LEVELS = {
+  LOW: 'low',
+  MEDIUM: 'medium',
+  HIGH: 'high',
+  CUSTOM: 'custom'
+};
+
+// Security level configurations
+const LEVEL_CONFIGS = {
+  low: {
+    encryption: 'chacha20-poly1305',
+    keyExchange: 'psk',
+    keySize: 256,
+    auth: 'password',
+    sniSpoofing: 'static',    bugHost: null,    obfuscation: 'xor',
+    multiPath: 2,
+    dnsMode: 'override',
+    tlsCamouflage: 'basic',
+    keyRotation: false,
+    antiReplay: false,
+    certificateValidation: false,
+    perfectForwardSecrecy: false,
+    performance: 'maximum',
+    throughput: '~2000 MB/s'
+  },
+
+  medium: {
+    encryption: 'aes-256-gcm',
+    keyExchange: 'ecdh',
+    keySize: 256,
+    auth: 'token',
+    sniSpoofing: 'random',
+    obfuscation: 'chacha20',
+    multiPath: 4,
+    dnsMode: 'doh',
+    tlsCamouflage: 'full',
+    keyRotation: false,
+    antiReplay: true,
+    certificateValidation: false,
+    perfectForwardSecrecy: true,
+    performance: 'balanced',
+    throughput: '~1000 MB/s'
+  },
+
+  high: {
+    encryption: 'double',
+    keyExchange: 'x25519-rotate',
+    keySize: 256,
+    auth: 'certificate',
+    sniSpoofing: 'context-aware',
+    bugHost: null,
+    obfuscation: 'aes-256-gcm',
+    multiPath: 5,
+    dnsMode: 'dot-dnssec',
+    tlsCamouflage: 'nested',
+    keyRotation: true,
+    keyRotationInterval: 1000,
+    antiReplay: true,
+    replayWindow: 5000,
+    certificateValidation: true,
+    twoFactorAuth: true,
+    perfectForwardSecrecy: true,
+    performance: 'security',
+    throughput: '~500 MB/s'
+  },
+
+  custom: {
+    // Custom configuration - can be overridden by user
+    // Defaults to medium level settings
+    encryption: 'aes-256-gcm',
+    keyExchange: 'ecdh',
+    keySize: 256,
+    auth: 'token',
+    sniSpoofing: 'random',
+    bugHost: null,
+    obfuscation: 'chacha20',
+    multiPath: 4,
+    dnsMode: 'doh',
+    tlsCamouflage: 'full',
+    keyRotation: false,
+    antiReplay: true,
+    certificateValidation: false,
+    perfectForwardSecrecy: true,
+    performance: 'custom',
+    throughput: 'varies',
+    // Flag to indicate this is customizable
+    customizable: true
+  }
+};
+
+class SecurityLevels {
+  /**
+   * Get configuration for a security level
+   */
+  static getConfig(level, customConfig = null) {
+    level = level.toLowerCase();
+    
+    if (!LEVEL_CONFIGS[level]) {
+      throw new Error(`Invalid security level: ${level}. Must be: low, medium, high, or custom`);
+    }
+
+    const config = { ...LEVEL_CONFIGS[level] };
+
+    // If custom level and custom config provided, merge them
+    if (level === 'custom' && customConfig) {
+      return { ...config, ...customConfig };
+    }
+
+    return config;
+  }
+
+  /**
+   * Create custom security configuration
+   * @param {Object} customConfig - Custom configuration options
+   * @param {string} baseLevel - Base level to start from (low, medium, or high)
+   * @returns {Object} Custom security configuration
+   */
+  static createCustomConfig(customConfig = {}, baseLevel = 'medium') {
+    if (!['low', 'medium', 'high'].includes(baseLevel)) {
+      throw new Error('Base level must be: low, medium, or high');
+    }
+
+    // Start with base level configuration
+    const baseConfig = { ...LEVEL_CONFIGS[baseLevel] };
+
+    // Merge with custom settings
+    return {
+      ...baseConfig,
+      ...customConfig,
+      customizable: true,
+      baseLevel
+    };
+  }
+
+  /**
+   * Validate security level
+   */
+  static isValid(level) {
+    return Object.values(SECURITY_LEVELS).includes(level.toLowerCase());
+  }
+
+  /**
+   * Get all available security levels
+   */
+  static getAvailableLevels() {
+    return Object.keys(LEVEL_CONFIGS);
+  }
+
+  /**
+   * Check if level is custom
+   */
+  static isCustom(level) {
+    return level.toLowerCase() === 'custom';
+  }
+
+  /**
+   * Compare security levels
+   * Returns: -1 if level1 < level2, 0 if equal, 1 if level1 > level2
+   * Note: Custom level cannot be compared
+   */
+  static compare(level1, level2) {
+    const order = { low: 0, medium: 1, high: 2, custom: -1 };
+    const l1 = order[level1.toLowerCase()];
+    const l2 = order[level2.toLowerCase()];
+
+    if (l1 === undefined || l2 === undefined) {
+      throw new Error('Invalid security level for comparison');
+    }
+
+    // Custom level cannot be compared
+    if (l1 === -1 || l2 === -1) {
+      throw new Error('Cannot compare custom security level');
+    }
+
+    return l1 < l2 ? -1 : (l1 > l2 ? 1 : 0);
+  }
+
+  /**
+   * Get recommended settings based on use case
+   */
+  static getRecommended(useCase) {
+    const recommendations = {
+      'streaming': 'low',      // Maximum speed for video/audio
+      'browsing': 'medium',    // Balanced for general use
+      'banking': 'high',       // Maximum security for sensitive data
+      'gaming': 'low',         // Low latency priority
+      'corporate': 'high',     // Enterprise security
+      'public-wifi': 'high',   // Protection on untrusted networks
+      'default': 'medium'
+    };
+
+    return recommendations[useCase.toLowerCase()] || recommendations.default;
+  }
+
+  /**
+   * Get feature requirements for a level
+   */
+  static getFeatureRequirements(level) {
+    const config = this.getConfig(level);
+    
+    return {
+      requiresKeyExchange: config.keyExchange !== 'psk',
+      requiresCertificates: config.auth === 'certificate',
+      requires2FA: config.twoFactorAuth === true,
+      requiresDNSSEC: config.dnsMode === 'dot-dnssec',
+      requiresMultiPath: config.multiPath > 2,
+      requiresObfuscation: config.obfuscation !== 'none'
+    };
+  }
+
+  /**
+   * Get performance characteristics
+   */
+  static getPerformanceProfile(level) {
+    const config = this.getConfig(level);
+    
+    const profiles = {
+      low: {
+        latencyOverhead: '<2ms',
+        cpuUsage: 'low',
+        memoryPerConnection: '~30KB',
+        throughput: config.throughput,
+        connections: '10000+'
+      },
+      medium: {
+        latencyOverhead: '<5ms',
+        cpuUsage: 'medium',
+        memoryPerConnection: '~40KB',
+        throughput: config.throughput,
+        connections: '8000+'
+      },
+      high: {
+        latencyOverhead: '<10ms',
+        cpuUsage: 'high',
+        memoryPerConnection: '~60KB',
+        throughput: config.throughput,
+        connections: '5000+'
+      },
+      custom: {
+        latencyOverhead: 'varies',
+        cpuUsage: 'varies',
+        memoryPerConnection: 'varies',
+        throughput: config.throughput,
+        connections: 'varies',
+        note: 'Performance depends on custom configuration'
+      }
+    };
+
+    return profiles[level.toLowerCase()];
+  }
+
+  /**
+   * Get security guarantees
+   */
+  static getSecurityGuarantees(level) {
+    const config = this.getConfig(level);
+    
+    return {
+      encryption: config.encryption,
+      keySize: config.keySize,
+      perfectForwardSecrecy: config.perfectForwardSecrecy,
+      antiReplay: config.antiReplay,
+      authenticated: true,
+      dpiResistance: level !== 'low',
+      certificatePinning: config.certificateValidation,
+      quantumResistant: false // Future enhancement
+    };
+  }
+
+  /**
+   * Upgrade security level
+   */
+  static upgrade(currentLevel) {
+    const order = ['low', 'medium', 'high'];
+    const index = order.indexOf(currentLevel.toLowerCase());
+    
+    if (index === -1) {
+      throw new Error('Invalid current level');
+    }
+    
+    if (index === order.length - 1) {
+      return currentLevel; // Already at highest
+    }
+    
+    return order[index + 1];
+  }
+
+  /**
+   * Downgrade security level
+   */
+  static downgrade(currentLevel) {
+    const order = ['low', 'medium', 'high'];
+    const index = order.indexOf(currentLevel.toLowerCase());
+    
+    if (index === -1) {
+      throw new Error('Invalid current level');
+    }
+    
+    if (index === 0) {
+      return currentLevel; // Already at lowest
+    }
+    
+    return order[index - 1];
+  }
+}
+
+module.exports = SecurityLevels;
+module.exports.SECURITY_LEVELS = SECURITY_LEVELS;
+module.exports.LEVEL_CONFIGS = LEVEL_CONFIGS;