@svrnsec/pulse 0.3.0 → 0.4.0

package/src/collector/bio.js

@@ -0,0 +1,287 @@
+/**
+ * @sovereign/pulse — Bio-Binding Layer
+ *
+ * Captures mouse-movement micro-stutters and keystroke-cadence dynamics
+ * WHILE the hardware entropy probe is running.  Computes the
+ * "Interference Coefficient": how much human input jitters hardware timing.
+ *
+ * PRIVACY NOTE: Only timing deltas are retained.  No key labels, no raw
+ * (x, y) coordinates, no content of any kind is stored or transmitted.
+ */
+
+// ---------------------------------------------------------------------------
+// Internal state
+// ---------------------------------------------------------------------------
+const MAX_EVENTS = 500; // rolling buffer cap
+
+// ---------------------------------------------------------------------------
+// BioCollector class
+// ---------------------------------------------------------------------------
+export class BioCollector {
+  constructor() {
+    this._mouseEvents  = []; // { t: DOMHighResTimeStamp, dx, dy }
+    this._keyEvents    = []; // { t, type: 'down'|'up', dwell: ms|null }
+    this._lastKey      = {}; // keyCode → { downAt: t }
+    this._lastMouse    = null; // { t, x, y }
+    this._startTime    = null;
+    this._active       = false;
+
+    // Bound handlers (needed for removeEventListener)
+    this._onMouseMove  = this._onMouseMove.bind(this);
+    this._onKeyDown    = this._onKeyDown.bind(this);
+    this._onKeyUp      = this._onKeyUp.bind(this);
+  }
+
+  // ── Lifecycle ────────────────────────────────────────────────────────────
+
+  start() {
+    if (this._active) return;
+    this._active    = true;
+    this._startTime = performance.now();
+
+    if (typeof window !== 'undefined') {
+      window.addEventListener('pointermove', this._onMouseMove, { passive: true });
+      window.addEventListener('keydown',     this._onKeyDown,   { passive: true });
+      window.addEventListener('keyup',       this._onKeyUp,     { passive: true });
+    }
+  }
+
+  stop() {
+    if (!this._active) return;
+    this._active = false;
+
+    if (typeof window !== 'undefined') {
+      window.removeEventListener('pointermove', this._onMouseMove);
+      window.removeEventListener('keydown',     this._onKeyDown);
+      window.removeEventListener('keyup',       this._onKeyUp);
+    }
+  }
+
+  // ── Event handlers ────────────────────────────────────────────────────────
+
+  _onMouseMove(e) {
+    if (!this._active) return;
+    const t   = e.timeStamp ?? performance.now();
+    const cur = { t, x: e.clientX, y: e.clientY };
+
+    if (this._lastMouse) {
+      const dt = t - this._lastMouse.t;
+      const dx = cur.x - this._lastMouse.x;
+      const dy = cur.y - this._lastMouse.y;
+      // Only store the delta, not absolute position (privacy)
+      if (this._mouseEvents.length < MAX_EVENTS) {
+        this._mouseEvents.push({ t, dt, dx, dy,
+          pressure: e.pressure ?? 0,
+          pointerType: e.pointerType ?? 'mouse' });
+      }
+    }
+    this._lastMouse = cur;
+  }
+
+  _onKeyDown(e) {
+    if (!this._active) return;
+    const t = e.timeStamp ?? performance.now();
+    // Store timestamp keyed by code (NOT key label)
+    this._lastKey[e.code] = { downAt: t };
+  }
+
+  _onKeyUp(e) {
+    if (!this._active) return;
+    const t   = e.timeStamp ?? performance.now();
+    const rec = this._lastKey[e.code];
+    const dwell = rec ? (t - rec.downAt) : null;
+    delete this._lastKey[e.code];
+
+    if (this._keyEvents.length < MAX_EVENTS) {
+      // Only dwell time; key identity NOT stored.
+      this._keyEvents.push({ t, dwell });
+    }
+  }
+
+  // ── snapshot ─────────────────────────────────────────────────────────────
+
+  /**
+   * Returns a privacy-preserving statistical snapshot of collected bio signals.
+   * Raw events are summarised; nothing identifiable is included in the output.
+   *
+   * @param {number[]} computationTimings  - entropy probe timing array
+   * @returns {BioSnapshot}
+   */
+  snapshot(computationTimings = []) {
+    const now = performance.now();
+    const durationMs = this._startTime != null ? (now - this._startTime) : 0;
+
+    // ── Mouse statistics ────────────────────────────────────────────────
+    const iei         = this._mouseEvents.map(e => e.dt);
+    const velocities  = this._mouseEvents.map(e =>
+      e.dt > 0 ? Math.hypot(e.dx, e.dy) / e.dt : 0
+    );
+    const pressure    = this._mouseEvents.map(e => e.pressure);
+    const angJerk     = _computeAngularJerk(this._mouseEvents);
+
+    const mouseStats = {
+      sampleCount:      iei.length,
+      ieiMean:          _mean(iei),
+      ieiCV:            _cv(iei),
+      velocityP50:      _percentile(velocities, 50),
+      velocityP95:      _percentile(velocities, 95),
+      angularJerkMean:  _mean(angJerk),
+      pressureVariance: _variance(pressure),
+    };
+
+    // ── Keyboard statistics ───────────────────────────────────────────────
+    const dwellTimes = this._keyEvents.filter(e => e.dwell != null).map(e => e.dwell);
+    const iki = [];
+    for (let i = 1; i < this._keyEvents.length; i++) {
+      iki.push(this._keyEvents[i].t - this._keyEvents[i - 1].t);
+    }
+
+    const keyStats = {
+      sampleCount:   dwellTimes.length,
+      dwellMean:     _mean(dwellTimes),
+      dwellCV:       _cv(dwellTimes),
+      ikiMean:       _mean(iki),
+      ikiCV:         _cv(iki),
+    };
+
+    // ── Interference Coefficient ──────────────────────────────────────────
+    // Cross-correlate input event density with computation timing deviations.
+    // A real human on real hardware creates measurable CPU-scheduling pressure
+    // that perturbs the entropy probe's timing.
+    const interferenceCoefficient = _computeInterference(
+      this._mouseEvents,
+      this._keyEvents,
+      computationTimings,
+    );
+
+    return {
+      mouse:                   mouseStats,
+      keyboard:                keyStats,
+      interferenceCoefficient,
+      durationMs,
+      hasActivity:             iei.length > 5 || dwellTimes.length > 2,
+    };
+  }
+}
+
+/**
+ * @typedef {object} BioSnapshot
+ * @property {object}  mouse
+ * @property {object}  keyboard
+ * @property {number}  interferenceCoefficient  – [−1, 1]; higher = more human
+ * @property {number}  durationMs
+ * @property {boolean} hasActivity
+ */
+
+// ---------------------------------------------------------------------------
+// Statistical helpers (private)
+// ---------------------------------------------------------------------------
+
+function _mean(arr) {
+  if (!arr.length) return 0;
+  return arr.reduce((a, b) => a + b, 0) / arr.length;
+}
+
+function _variance(arr) {
+  if (arr.length < 2) return 0;
+  const m = _mean(arr);
+  return arr.reduce((s, v) => s + (v - m) ** 2, 0) / (arr.length - 1);
+}
+
+function _cv(arr) {
+  if (!arr.length) return 0;
+  const m = _mean(arr);
+  if (m === 0) return 0;
+  return Math.sqrt(_variance(arr)) / Math.abs(m);
+}
+
+function _percentile(sorted, p) {
+  const arr = [...sorted].sort((a, b) => a - b);
+  if (!arr.length) return 0;
+  const idx = (p / 100) * (arr.length - 1);
+  const lo  = Math.floor(idx);
+  const hi  = Math.ceil(idx);
+  return arr[lo] + (arr[hi] - arr[lo]) * (idx - lo);
+}
+
+/** Angular jerk: second derivative of movement direction (radians / s²) */
+function _computeAngularJerk(events) {
+  if (events.length < 3) return [];
+  const angles = [];
+  for (let i = 0; i < events.length; i++) {
+    const { dx, dy } = events[i];
+    angles.push(Math.atan2(dy, dx));
+  }
+  const d1 = [];
+  for (let i = 1; i < angles.length; i++) {
+    const dt = events[i].dt || 1;
+    d1.push((angles[i] - angles[i - 1]) / dt);
+  }
+  const d2 = [];
+  for (let i = 1; i < d1.length; i++) {
+    const dt = events[i].dt || 1;
+    d2.push(Math.abs((d1[i] - d1[i - 1]) / dt));
+  }
+  return d2;
+}
+
+/**
+ * Interference Coefficient
+ *
+ * For each computation sample, check whether an input event occurred within
+ * ±16 ms (one animation frame).  Build two parallel series:
+ *   X[i] = 1 if input near sample i, else 0
+ *   Y[i] = deviation of timing[i] from mean timing
+ * Return the Pearson correlation between X and Y.
+ * A real human on real hardware produces positive correlation (input events
+ * cause measurable CPU scheduling perturbations).
+ */
+function _computeInterference(mouseEvents, keyEvents, timings) {
+  if (!timings.length) return 0;
+
+  const allInputTimes = [
+    ...mouseEvents.map(e => e.t),
+    ...keyEvents.map(e => e.t),
+  ].sort((a, b) => a - b);
+
+  if (!allInputTimes.length) return 0;
+
+  const WINDOW_MS = 16;
+  const meanTiming = _mean(timings);
+
+  // We need absolute timestamps for the probe samples.
+  // We don't have them directly – use relative index spacing as a proxy.
+  // The entropy probe runs for ~(mean * n) ms starting at collectedAt.
+  // This is a statistical approximation; the exact alignment improves
+  // when callers pass `collectedAt` from the entropy result.
+  // For now we distribute samples evenly across the collection window.
+  const first = allInputTimes[0];
+  const last  = allInputTimes[allInputTimes.length - 1];
+  const span  = Math.max(last - first, 1);
+
+  const X = timings.map((_, i) => {
+    const tSample = first + (i / timings.length) * span;
+    return allInputTimes.some(t => Math.abs(t - tSample) < WINDOW_MS) ? 1 : 0;
+  });
+
+  const Y = timings.map(t => t - meanTiming);
+
+  return _pearson(X, Y);
+}
+
+function _pearson(X, Y) {
+  const n   = X.length;
+  if (n < 2) return 0;
+  const mx  = _mean(X);
+  const my  = _mean(Y);
+  let num = 0, da = 0, db = 0;
+  for (let i = 0; i < n; i++) {
+    const a = X[i] - mx;
+    const b = Y[i] - my;
+    num += a * b;
+    da  += a * a;
+    db  += b * b;
+  }
+  const denom = Math.sqrt(da * db);
+  return denom < 1e-14 ? 0 : num / denom;
+}

package/src/collector/canvas.js

@@ -0,0 +1,239 @@
+/**
+ * @sovereign/pulse — GPU Canvas Fingerprint
+ *
+ * Collects device-class signals from WebGL and 2D Canvas rendering.
+ * The exact pixel values of GPU-rendered scenes are vendor/driver-specific
+ * due to floating-point rounding in shader execution.  Virtual machines
+ * expose software renderers (LLVMpipe, SwiftShader, Microsoft Basic Render
+ * Driver) whose strings and output pixels are well-known and enumerable.
+ *
+ * NO persistent identifier is generated – only a content hash is retained.
+ */
+
+import { blake3Hex } from '../proof/fingerprint.js';
+
+// ---------------------------------------------------------------------------
+// Known software-renderer substrings (VM / headless environment indicators)
+// ---------------------------------------------------------------------------
+const SOFTWARE_RENDERER_PATTERNS = [
+  'llvmpipe', 'swiftshader', 'softpipe', 'mesa offscreen',
+  'microsoft basic render', 'vmware svga', 'virtualbox',
+  'parallels', 'angle (', 'google swiftshader',
+];
+
+// ---------------------------------------------------------------------------
+// collectCanvasFingerprint
+// ---------------------------------------------------------------------------
+
+/**
+ * @returns {Promise<CanvasFingerprint>}
+ */
+export async function collectCanvasFingerprint() {
+  const result = {
+    webglRenderer:      null,
+    webglVendor:        null,
+    webglVersion:       null,
+    webglPixelHash:     null,
+    canvas2dHash:       null,
+    extensionCount:     0,
+    extensions:         [],
+    isSoftwareRenderer: false,
+    available:          false,
+  };
+
+  if (typeof document === 'undefined' && typeof OffscreenCanvas === 'undefined') {
+    // Node.js / server-side with no DOM – skip gracefully.
+    return result;
+  }
+
+  // ── WebGL fingerprint ────────────────────────────────────────────────────
+  try {
+    const canvas = _createCanvas(512, 512);
+    let   gl     = canvas.getContext('webgl2') || canvas.getContext('webgl');
+
+    if (gl) {
+      result.webglVersion = gl instanceof WebGL2RenderingContext ? 2 : 1;
+      result.available    = true;
+
+      // Renderer info
+      const dbgInfo = gl.getExtension('WEBGL_debug_renderer_info');
+      if (dbgInfo) {
+        result.webglRenderer = gl.getParameter(dbgInfo.UNMASKED_RENDERER_WEBGL);
+        result.webglVendor   = gl.getParameter(dbgInfo.UNMASKED_VENDOR_WEBGL);
+      }
+
+      // Extension list (fingerprints driver capabilities)
+      const exts = gl.getSupportedExtensions() ?? [];
+      result.extensions    = exts;
+      result.extensionCount = exts.length;
+
+      // Software-renderer detection
+      const rendererLc = (result.webglRenderer ?? '').toLowerCase();
+      result.isSoftwareRenderer = SOFTWARE_RENDERER_PATTERNS.some(p =>
+        rendererLc.includes(p)
+      );
+
+      // ── Render a Mandelbrot fragment scene ───────────────────────────────
+      // Floating-point precision differences in the GPU's shader ALU cause
+      // per-pixel rounding variations that are stable per device but differ
+      // across GPU vendors, driver versions, and software renderers.
+      const pixels = _renderMandelbrot(gl, canvas);
+      result.webglPixelHash = pixels ? blake3Hex(pixels) : null;
+
+      gl.getExtension('WEBGL_lose_context')?.loseContext();
+    }
+  } catch (_) {
+    // WebGL blocked (privacy settings, etc.) – continue with 2D canvas.
+  }
+
+  // ── 2D Canvas fingerprint ────────────────────────────────────────────────
+  try {
+    const c2   = _createCanvas(200, 50);
+    const ctx2 = c2.getContext('2d');
+
+    if (ctx2) {
+      // Text rendering differences: font hinting, subpixel AA, emoji rasterisation
+      ctx2.textBaseline = 'top';
+      ctx2.font         = '14px Arial, sans-serif';
+      ctx2.fillStyle    = 'rgba(102,204,0,0.7)';
+      ctx2.fillText('Cwm fjordbank glyphs vext quiz 🎯', 2, 5);
+
+      // Shadow compositing (driver-specific blur kernel)
+      ctx2.shadowBlur   = 10;
+      ctx2.shadowColor  = 'blue';
+      ctx2.fillStyle    = 'rgba(255,0,255,0.5)';
+      ctx2.fillRect(100, 25, 80, 20);
+
+      // Bezier curve (Bézier precision varies per 2D canvas implementation)
+      ctx2.beginPath();
+      ctx2.moveTo(10, 40);
+      ctx2.bezierCurveTo(30, 0, 70, 80, 160, 30);
+      ctx2.strokeStyle = 'rgba(0,0,255,0.8)';
+      ctx2.lineWidth   = 1.5;
+      ctx2.stroke();
+
+      const dataUrl = c2.toDataURL('image/png');
+      // Hash the data URL (not storing raw image data)
+      const enc = new TextEncoder().encode(dataUrl);
+      result.canvas2dHash = blake3Hex(enc);
+
+      result.available = true;
+    }
+  } catch (_) {
+    // 2D canvas blocked.
+  }
+
+  return result;
+}
+
+/**
+ * @typedef {object} CanvasFingerprint
+ * @property {string|null}  webglRenderer
+ * @property {string|null}  webglVendor
+ * @property {1|2|null}     webglVersion
+ * @property {string|null}  webglPixelHash
+ * @property {string|null}  canvas2dHash
+ * @property {number}       extensionCount
+ * @property {string[]}     extensions
+ * @property {boolean}      isSoftwareRenderer
+ * @property {boolean}      available
+ */
+
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+
+function _createCanvas(w, h) {
+  if (typeof OffscreenCanvas !== 'undefined') {
+    return new OffscreenCanvas(w, h);
+  }
+  const c = document.createElement('canvas');
+  c.width  = w;
+  c.height = h;
+  return c;
+}
+
+/**
+ * Render a Mandelbrot set fragment using WebGL and read back pixels.
+ * The number of iterations is fixed (100) so that rounding differences in
+ * the smooth-colouring formula are the primary source of per-GPU variation.
+ *
+ * @param {WebGLRenderingContext} gl
+ * @param {HTMLCanvasElement|OffscreenCanvas} canvas
+ * @returns {Uint8Array|null}
+ */
+function _renderMandelbrot(gl, canvas) {
+  const W = canvas.width;
+  const H = canvas.height;
+
+  // Vertex shader – full-screen quad
+  const vsSource = `
+    attribute vec4 a_pos;
+    void main() { gl_Position = a_pos; }
+  `;
+
+  // Fragment shader – Mandelbrot with smooth colouring
+  // Floating-point precision in the escape-radius and log() calls differs
+  // between GPU vendors / drivers, producing per-device pixel signatures.
+  const fsSource = `
+    precision highp float;
+    uniform vec2 u_res;
+    void main() {
+      vec2 uv  = (gl_FragCoord.xy / u_res - 0.5) * 3.5;
+      uv.x    -= 0.5;
+      vec2 c   = uv;
+      vec2 z   = vec2(0.0);
+      float n  = 0.0;
+      for (int i = 0; i < 100; i++) {
+        if (dot(z, z) > 4.0) break;
+        z = vec2(z.x*z.x - z.y*z.y, 2.0*z.x*z.y) + c;
+        n += 1.0;
+      }
+      float smooth_n = n - log2(log2(dot(z,z))) + 4.0;
+      float t = smooth_n / 100.0;
+      gl_FragColor = vec4(0.5 + 0.5*cos(6.28318*t + vec3(0.0, 0.4, 0.7)), 1.0);
+    }
+  `;
+
+  const vs = _compileShader(gl, gl.VERTEX_SHADER,   vsSource);
+  const fs = _compileShader(gl, gl.FRAGMENT_SHADER, fsSource);
+  if (!vs || !fs) return null;
+
+  const prog = gl.createProgram();
+  gl.attachShader(prog, vs);
+  gl.attachShader(prog, fs);
+  gl.linkProgram(prog);
+  if (!gl.getProgramParameter(prog, gl.LINK_STATUS)) return null;
+
+  gl.useProgram(prog);
+
+  // Full-screen quad
+  const buf = gl.createBuffer();
+  gl.bindBuffer(gl.ARRAY_BUFFER, buf);
+  gl.bufferData(gl.ARRAY_BUFFER,
+    new Float32Array([-1,-1, 1,-1, -1,1, 1,1]), gl.STATIC_DRAW);
+  const loc = gl.getAttribLocation(prog, 'a_pos');
+  gl.enableVertexAttribArray(loc);
+  gl.vertexAttribPointer(loc, 2, gl.FLOAT, false, 0, 0);
+
+  const resLoc = gl.getUniformLocation(prog, 'u_res');
+  gl.uniform2f(resLoc, W, H);
+
+  gl.viewport(0, 0, W, H);
+  gl.drawArrays(gl.TRIANGLE_STRIP, 0, 4);
+
+  // Read back a 64×64 centre crop (reduces data without losing discriminating power)
+  const x0 = Math.floor((W - 64) / 2);
+  const y0 = Math.floor((H - 64) / 2);
+  const pixels = new Uint8Array(64 * 64 * 4);
+  gl.readPixels(x0, y0, 64, 64, gl.RGBA, gl.UNSIGNED_BYTE, pixels);
+
+  return pixels;
+}
+
+function _compileShader(gl, type, source) {
+  const s = gl.createShader(type);
+  gl.shaderSource(s, source);
+  gl.compileShader(s);
+  return gl.getShaderParameter(s, gl.COMPILE_STATUS) ? s : null;
+}