@omindu/yaksha 1.0.0

package/src/core/connection.js

@@ -0,0 +1,393 @@
+'use strict';
+
+/**
+ * Yaksha Connection Manager
+ * Handles TCP/UDP connections with pooling and automatic reconnection
+ */
+
+const net = require('net');
+const dgram = require('dgram');
+const EventEmitter = require('events');
+const Logger = require('../utils/logger');
+
+// Connection states
+const CONNECTION_STATES = {
+  DISCONNECTED: 'disconnected',
+  CONNECTING: 'connecting',
+  AUTHENTICATING: 'authenticating',
+  CONNECTED: 'connected',
+  DISCONNECTING: 'disconnecting'
+};
+
+class Connection extends EventEmitter {
+  constructor(options = {}) {
+    super();
+    
+    this.host = options.host || 'localhost';
+    this.port = options.port || 8443;
+    this.useUDP = options.useUDP !== false;
+    this.useTCP = options.useTCP !== false;
+    this.timeout = options.timeout || 60000;
+    this.keepaliveInterval = options.keepaliveInterval || 30000;
+    this.autoReconnect = options.autoReconnect !== false;
+    this.reconnectDelay = options.reconnectDelay || 1000;
+    this.maxReconnectDelay = options.maxReconnectDelay || 30000;
+    this.reconnectBackoff = options.reconnectBackoff || 2.0;
+
+    this.state = CONNECTION_STATES.DISCONNECTED;
+    this.tcpSocket = null;
+    this.udpSocket = null;
+    this.keepaliveTimer = null;
+    this.timeoutTimer = null;
+    this.reconnectTimer = null;
+    this.currentReconnectDelay = this.reconnectDelay;
+    this.reconnectAttempts = 0;
+
+    this.logger = new Logger({ prefix: 'Connection' });
+
+    this.stats = {
+      bytesReceived: 0,
+      bytesSent: 0,
+      packetsReceived: 0,
+      packetsSent: 0,
+      errors: 0,
+      reconnects: 0
+    };
+  }
+
+  /**
+   * Connect to server
+   */
+  async connect() {
+    if (this.state !== CONNECTION_STATES.DISCONNECTED) {
+      throw new Error(`Cannot connect from state: ${this.state}`);
+    }
+
+    this.state = CONNECTION_STATES.CONNECTING;
+    this.emit('connecting');
+
+    try {
+      // Connect TCP control channel
+      if (this.useTCP) {
+        await this._connectTCP();
+      }
+
+      // Connect UDP data channel
+      if (this.useUDP) {
+        await this._connectUDP();
+      }
+
+      this.state = CONNECTION_STATES.CONNECTED;
+      this.currentReconnectDelay = this.reconnectDelay;
+      this.reconnectAttempts = 0;
+      
+      this._startKeepalive();
+      this._startTimeout();
+
+      this.emit('connected');
+      this.logger.info(`Connected to ${this.host}:${this.port}`);
+    } catch (error) {
+      this.state = CONNECTION_STATES.DISCONNECTED;
+      this.stats.errors++;
+      this.emit('error', error);
+      
+      if (this.autoReconnect) {
+        this._scheduleReconnect();
+      }
+      
+      throw error;
+    }
+  }
+
+  /**
+   * Connect TCP socket
+   */
+  _connectTCP() {
+    return new Promise((resolve, reject) => {
+      this.tcpSocket = new net.Socket();
+
+      this.tcpSocket.on('data', (data) => {
+        this.stats.bytesReceived += data.length;
+        this.stats.packetsReceived++;
+        this._resetTimeout();
+        this.emit('tcp:data', data);
+      });
+
+      this.tcpSocket.on('close', () => {
+        this.logger.debug('TCP connection closed');
+        this._handleDisconnection();
+      });
+
+      this.tcpSocket.on('error', (error) => {
+        this.stats.errors++;
+        this.logger.error('TCP error:', error.message);
+        this.emit('error', error);
+        reject(error);
+      });
+
+      this.tcpSocket.connect(this.port, this.host, () => {
+        this.logger.debug('TCP connected');
+        resolve();
+      });
+
+      // Set timeout for connection
+      this.tcpSocket.setTimeout(this.timeout);
+      this.tcpSocket.on('timeout', () => {
+        this.logger.warn('TCP connection timeout');
+        this.tcpSocket.destroy();
+        reject(new Error('Connection timeout'));
+      });
+    });
+  }
+
+  /**
+   * Connect UDP socket
+   */
+  _connectUDP() {
+    return new Promise((resolve, reject) => {
+      this.udpSocket = dgram.createSocket('udp4');
+
+      this.udpSocket.on('message', (data, rinfo) => {
+        this.stats.bytesReceived += data.length;
+        this.stats.packetsReceived++;
+        this._resetTimeout();
+        this.emit('udp:data', data, rinfo);
+      });
+
+      this.udpSocket.on('error', (error) => {
+        this.stats.errors++;
+        this.logger.error('UDP error:', error.message);
+        this.emit('error', error);
+      });
+
+      this.udpSocket.bind(() => {
+        this.logger.debug(`UDP socket bound to port ${this.udpSocket.address().port}`);
+        resolve();
+      });
+    });
+  }
+
+  /**
+   * Send data via TCP
+   */
+  sendTCP(data) {
+    if (!this.tcpSocket || this.state !== CONNECTION_STATES.CONNECTED) {
+      throw new Error('TCP socket not connected');
+    }
+
+    return new Promise((resolve, reject) => {
+      this.tcpSocket.write(data, (error) => {
+        if (error) {
+          this.stats.errors++;
+          reject(error);
+        } else {
+          this.stats.bytesSent += data.length;
+          this.stats.packetsSent++;
+          resolve();
+        }
+      });
+    });
+  }
+
+  /**
+   * Send data via UDP
+   */
+  sendUDP(data, port, host) {
+    if (!this.udpSocket) {
+      throw new Error('UDP socket not created');
+    }
+
+    port = port || this.port;
+    host = host || this.host;
+
+    return new Promise((resolve, reject) => {
+      this.udpSocket.send(data, port, host, (error) => {
+        if (error) {
+          this.stats.errors++;
+          reject(error);
+        } else {
+          this.stats.bytesSent += data.length;
+          this.stats.packetsSent++;
+          resolve();
+        }
+      });
+    });
+  }
+
+  /**
+   * Start keepalive mechanism
+   */
+  _startKeepalive() {
+    this._stopKeepalive();
+    
+    this.keepaliveTimer = setInterval(() => {
+      this.emit('keepalive');
+    }, this.keepaliveInterval);
+  }
+
+  /**
+   * Stop keepalive mechanism
+   */
+  _stopKeepalive() {
+    if (this.keepaliveTimer) {
+      clearInterval(this.keepaliveTimer);
+      this.keepaliveTimer = null;
+    }
+  }
+
+  /**
+   * Start connection timeout timer
+   */
+  _startTimeout() {
+    this._resetTimeout();
+  }
+
+  /**
+   * Reset connection timeout timer
+   */
+  _resetTimeout() {
+    if (this.timeoutTimer) {
+      clearTimeout(this.timeoutTimer);
+    }
+
+    this.timeoutTimer = setTimeout(() => {
+      this.logger.warn('Connection timeout - no data received');
+      this.disconnect();
+    }, this.timeout);
+  }
+
+  /**
+   * Handle disconnection
+   */
+  _handleDisconnection() {
+    if (this.state === CONNECTION_STATES.DISCONNECTING || 
+        this.state === CONNECTION_STATES.DISCONNECTED) {
+      return;
+    }
+
+    this.logger.info('Connection lost');
+    this.state = CONNECTION_STATES.DISCONNECTED;
+    this._cleanup();
+    this.emit('disconnected');
+
+    if (this.autoReconnect) {
+      this._scheduleReconnect();
+    }
+  }
+
+  /**
+   * Schedule reconnection attempt
+   */
+  _scheduleReconnect() {
+    if (this.reconnectTimer) {
+      return;
+    }
+
+    this.reconnectAttempts++;
+    this.stats.reconnects++;
+
+    this.logger.info(`Reconnecting in ${this.currentReconnectDelay}ms (attempt ${this.reconnectAttempts})`);
+    this.emit('reconnecting', this.reconnectAttempts, this.currentReconnectDelay);
+
+    this.reconnectTimer = setTimeout(async () => {
+      this.reconnectTimer = null;
+      
+      try {
+        await this.connect();
+      } catch (error) {
+        // connect() will schedule next reconnect automatically
+      }
+    }, this.currentReconnectDelay);
+
+    // Exponential backoff
+    this.currentReconnectDelay = Math.min(
+      this.currentReconnectDelay * this.reconnectBackoff,
+      this.maxReconnectDelay
+    );
+  }
+
+  /**
+   * Disconnect
+   */
+  disconnect() {
+    if (this.state === CONNECTION_STATES.DISCONNECTED) {
+      return;
+    }
+
+    this.state = CONNECTION_STATES.DISCONNECTING;
+    this.emit('disconnecting');
+
+    this._cleanup();
+
+    this.state = CONNECTION_STATES.DISCONNECTED;
+    this.emit('disconnected');
+    this.logger.info('Disconnected');
+  }
+
+  /**
+   * Cleanup resources
+   */
+  _cleanup() {
+    this._stopKeepalive();
+
+    if (this.timeoutTimer) {
+      clearTimeout(this.timeoutTimer);
+      this.timeoutTimer = null;
+    }
+
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
+    }
+
+    if (this.tcpSocket) {
+      this.tcpSocket.removeAllListeners();
+      this.tcpSocket.destroy();
+      this.tcpSocket = null;
+    }
+
+    if (this.udpSocket) {
+      this.udpSocket.removeAllListeners();
+      this.udpSocket.close();
+      this.udpSocket = null;
+    }
+  }
+
+  /**
+   * Get connection state
+   */
+  getState() {
+    return this.state;
+  }
+
+  /**
+   * Check if connected
+   */
+  isConnected() {
+    return this.state === CONNECTION_STATES.CONNECTED;
+  }
+
+  /**
+   * Get connection statistics
+   */
+  getStats() {
+    return { ...this.stats };
+  }
+
+  /**
+   * Reset statistics
+   */
+  resetStats() {
+    this.stats = {
+      bytesReceived: 0,
+      bytesSent: 0,
+      packetsReceived: 0,
+      packetsSent: 0,
+      errors: 0,
+      reconnects: 0
+    };
+  }
+}
+
+module.exports = Connection;
+module.exports.CONNECTION_STATES = CONNECTION_STATES;

package/src/core/encryption.js

@@ -0,0 +1,299 @@
+'use strict';
+
+/**
+ * Yaksha Encryption Engine
+ * Supports multiple encryption algorithms for different security levels
+ */
+
+const crypto = require('crypto');
+const nacl = require('tweetnacl');
+
+// Encryption algorithms
+const ALGORITHMS = {
+  CHACHA20_POLY1305: 'chacha20-poly1305',
+  AES_256_GCM: 'aes-256-gcm',
+  DOUBLE: 'double'
+};
+
+class Encryption {
+  constructor(securityLevel = 'medium', options = {}) {
+    this.securityLevel = securityLevel;
+    this.customConfig = options.customConfig || null;
+    
+    // Handle custom security level
+    if (securityLevel === 'custom' && this.customConfig) {
+      this.algorithm = this.customConfig.encryption || 'aes-256-gcm';
+      this.keyRotationInterval = this.customConfig.keyRotationInterval || null;
+    } else {
+      this.algorithm = this._selectAlgorithm(securityLevel);
+      this.keyRotationInterval = options.keyRotationInterval || (securityLevel === 'high' ? 1000 : null);
+    }
+    
+    this.packetCount = 0;
+    this.keys = null;
+  }
+
+  /**
+   * Select encryption algorithm based on security level
+   */
+  _selectAlgorithm(level) {
+    switch (level) {
+      case 'low':
+        return ALGORITHMS.CHACHA20_POLY1305;
+      case 'medium':
+        return ALGORITHMS.AES_256_GCM;
+      case 'high':
+        return ALGORITHMS.DOUBLE;
+      case 'custom':
+        // For custom, return medium default (can be overridden)
+        return ALGORITHMS.AES_256_GCM;
+      default:
+        return ALGORITHMS.AES_256_GCM;
+    }
+  }
+
+  /**
+   * Generate encryption keys
+   */
+  generateKeys() {
+    const keys = {
+      primary: crypto.randomBytes(32), // 256-bit key
+      secondary: null,
+      publicKey: null,
+      privateKey: null
+    };
+
+    // For high security, generate key pair for ECDH
+    if (this.securityLevel === 'high' || this.securityLevel === 'medium') {
+      const keyPair = nacl.box.keyPair();
+      keys.publicKey = Buffer.from(keyPair.publicKey);
+      keys.privateKey = Buffer.from(keyPair.secretKey);
+    }
+
+    // For double encryption, generate secondary key
+    if (this.algorithm === ALGORITHMS.DOUBLE) {
+      keys.secondary = crypto.randomBytes(32);
+    }
+
+    this.keys = keys;
+    return keys;
+  }
+
+  /**
+   * Perform key exchange using X25519 (Curve25519)
+   */
+  keyExchange(theirPublicKey) {
+    if (!this.keys || !this.keys.privateKey) {
+      throw new Error('Keys not generated. Call generateKeys() first.');
+    }
+
+    // Compute shared secret using X25519
+    const sharedSecret = nacl.box.before(
+      Uint8Array.from(theirPublicKey),
+      Uint8Array.from(this.keys.privateKey)
+    );
+
+    // Derive encryption key from shared secret using HKDF
+    const salt = crypto.randomBytes(32);
+    const info = Buffer.from('yaksha-v1');
+    const derivedKey = crypto.hkdfSync('sha256', Buffer.from(sharedSecret), salt, info, 32);
+
+    this.keys.primary = derivedKey;
+    return { sharedKey: derivedKey, salt };
+  }
+
+  /**
+   * Set pre-shared key (for low security mode)
+   */
+  setPreSharedKey(key) {
+    if (key.length !== 32) {
+      throw new Error('Key must be 32 bytes (256 bits)');
+    }
+    this.keys = { primary: key };
+  }
+
+  /**
+   * Encrypt data using ChaCha20-Poly1305
+   */
+  _encryptChaCha20(data, key) {
+    const nonce = crypto.randomBytes(12); // 96-bit nonce
+    const cipher = crypto.createCipheriv('chacha20-poly1305', key, nonce, {
+      authTagLength: 16
+    });
+
+    const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+
+    return {
+      encrypted,
+      nonce,
+      authTag
+    };
+  }
+
+  /**
+   * Decrypt data using ChaCha20-Poly1305
+   */
+  _decryptChaCha20(encrypted, key, nonce, authTag) {
+    const decipher = crypto.createDecipheriv('chacha20-poly1305', key, nonce, {
+      authTagLength: 16
+    });
+    decipher.setAuthTag(authTag);
+
+    return Buffer.concat([decipher.update(encrypted), decipher.final()]);
+  }
+
+  /**
+   * Encrypt data using AES-256-GCM
+   */
+  _encryptAES(data, key) {
+    const nonce = crypto.randomBytes(12); // 96-bit nonce
+    const cipher = crypto.createCipheriv('aes-256-gcm', key, nonce);
+
+    const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+
+    return {
+      encrypted,
+      nonce,
+      authTag
+    };
+  }
+
+  /**
+   * Decrypt data using AES-256-GCM
+   */
+  _decryptAES(encrypted, key, nonce, authTag) {
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, nonce);
+    decipher.setAuthTag(authTag);
+
+    return Buffer.concat([decipher.update(encrypted), decipher.final()]);
+  }
+
+  /**
+   * Encrypt data
+   */
+  encrypt(data) {
+    if (!this.keys || !this.keys.primary) {
+      throw new Error('Encryption keys not set');
+    }
+
+    this.packetCount++;
+
+    // Check if key rotation is needed
+    if (this.keyRotationInterval && this.packetCount % this.keyRotationInterval === 0) {
+      // In production, trigger key rotation event
+      // For now, just reset counter
+      this.packetCount = 0;
+    }
+
+    let result;
+
+    switch (this.algorithm) {
+      case ALGORITHMS.CHACHA20_POLY1305:
+        result = this._encryptChaCha20(data, this.keys.primary);
+        break;
+
+      case ALGORITHMS.AES_256_GCM:
+        result = this._encryptAES(data, this.keys.primary);
+        break;
+
+      case ALGORITHMS.DOUBLE:
+        // First layer: AES-256-GCM
+        const firstLayer = this._encryptAES(data, this.keys.primary);
+        const firstLayerData = Buffer.concat([
+          firstLayer.nonce,
+          firstLayer.authTag,
+          firstLayer.encrypted
+        ]);
+
+        // Second layer: ChaCha20-Poly1305
+        result = this._encryptChaCha20(firstLayerData, this.keys.secondary);
+        break;
+
+      default:
+        throw new Error(`Unknown algorithm: ${this.algorithm}`);
+    }
+
+    // Return encrypted data with metadata
+    return {
+      data: result.encrypted,
+      nonce: result.nonce,
+      authTag: result.authTag,
+      algorithm: this.algorithm
+    };
+  }
+
+  /**
+   * Decrypt data
+   */
+  decrypt(encryptedData, nonce, authTag, algorithm) {
+    if (!this.keys || !this.keys.primary) {
+      throw new Error('Encryption keys not set');
+    }
+
+    algorithm = algorithm || this.algorithm;
+
+    let decrypted;
+
+    switch (algorithm) {
+      case ALGORITHMS.CHACHA20_POLY1305:
+        decrypted = this._decryptChaCha20(encryptedData, this.keys.primary, nonce, authTag);
+        break;
+
+      case ALGORITHMS.AES_256_GCM:
+        decrypted = this._decryptAES(encryptedData, this.keys.primary, nonce, authTag);
+        break;
+
+      case ALGORITHMS.DOUBLE:
+        // First layer: ChaCha20-Poly1305
+        const firstDecrypted = this._decryptChaCha20(encryptedData, this.keys.secondary, nonce, authTag);
+        
+        // Extract metadata from first layer
+        const innerNonce = firstDecrypted.slice(0, 12);
+        const innerAuthTag = firstDecrypted.slice(12, 28);
+        const innerEncrypted = firstDecrypted.slice(28);
+
+        // Second layer: AES-256-GCM
+        decrypted = this._decryptAES(innerEncrypted, this.keys.primary, innerNonce, innerAuthTag);
+        break;
+
+      default:
+        throw new Error(`Unknown algorithm: ${algorithm}`);
+    }
+
+    return decrypted;
+  }
+
+  /**
+   * Generate HMAC for authentication
+   */
+  hmac(data) {
+    if (!this.keys || !this.keys.primary) {
+      throw new Error('Encryption keys not set');
+    }
+
+    const hmac = crypto.createHmac('sha256', this.keys.primary);
+    hmac.update(data);
+    return hmac.digest();
+  }
+
+  /**
+   * Verify HMAC (constant-time comparison)
+   */
+  verifyHmac(data, expectedHmac) {
+    const computedHmac = this.hmac(data);
+    return crypto.timingSafeEqual(computedHmac, expectedHmac);
+  }
+
+  /**
+   * Rotate encryption keys
+   */
+  rotateKeys() {
+    this.generateKeys();
+    this.packetCount = 0;
+  }
+}
+
+module.exports = Encryption;
+module.exports.ALGORITHMS = ALGORITHMS;