gitspace 0.2.0-rc.2 → 0.2.0-rc.21

package/src/lib/tmux-lite/crypto/__tests__/helpers/handshake-runner.ts

@@ -1,349 +0,0 @@
-/**
- * Handshake orchestration utilities for integration tests
- *
- * Provides high-level utilities to run complete handshake flows
- * and verify the results.
- */
-
-import {
-  createClientHello,
-  processServerHello,
-  createClientAuth,
-  processServerAuth,
-  type X3DHClientState,
-} from "../../handshake.js";
-import {
-  HandshakeHandler,
-  type ProcessResult,
-  type EstablishedSession,
-  type HandshakeMessage,
-} from "../../../handshake-handler.js";
-import { AccessControlList } from "../../access-control.js";
-import { createInviteToken } from "../../invites.js";
-import type {
-  Identity,
-  SessionKeys,
-  AccessType,
-  X3DHResponseMessage,
-  X3DHResultMessage,
-  X3DHAuthMessage,
-} from "../../../../../types/identity.js";
-import { createMockRelay, MockRelay } from "./mock-relay.js";
-import { toPublicIdentity } from "./test-identities.js";
-
-/**
- * Result of a complete handshake run
- */
-export interface HandshakeRunResult {
-  /** Whether handshake succeeded */
-  success: boolean;
-  /** Client-side session keys (if successful) */
-  clientKeys?: SessionKeys;
-  /** Machine-side session (if successful) */
-  machineSession?: EstablishedSession;
-  /** Error message (if failed) */
-  error?: string;
-  /** Number of messages exchanged */
-  messageCount: number;
-}
-
-/**
- * Authorization options for handshake
- */
-export type AuthorizationOption =
-  | { type: "access_list" }
-  | { type: "invite"; accessType?: AccessType; sessionId?: string; validityMs?: number };
-
-/**
- * Run a complete 4-message X3DH handshake between client and machine
- *
- * This function orchestrates the full handshake:
- * 1. Client sends ClientHello
- * 2. Machine responds with ServerHello
- * 3. Client sends ClientAuth
- * 4. Machine responds with ServerAuth
- *
- * @param clientIdentity - Client's identity
- * @param machineIdentity - Machine's identity
- * @param accessList - Machine's access control list
- * @param authorization - Authorization method to use
- * @returns Handshake result with keys and session info
- *
- * @example
- * ```typescript
- * const result = await runCompleteHandshake(
- *   clientIdentity,
- *   machineIdentity,
- *   acl,
- *   { type: "access_list" }
- * );
- *
- * if (result.success) {
- *   // Both parties now have matching session keys
- *   expect(result.clientKeys).toBeDefined();
- *   expect(result.machineSession).toBeDefined();
- * }
- * ```
- */
-export async function runCompleteHandshake(
-  clientIdentity: Identity,
-  machineIdentity: Identity,
-  accessList: AccessControlList,
-  authorization: AuthorizationOption
-): Promise<HandshakeRunResult> {
-  const relay = createMockRelay();
-  const handler = new HandshakeHandler({
-    identity: machineIdentity,
-    accessList,
-  });
-
-  let clientState: X3DHClientState | null = null;
-  let clientSessionKeys: SessionKeys | null = null;
-  let machineSession: EstablishedSession | null = null;
-
-  // Set up machine handler
-  relay.onClientMessage(async (connId, msg) => {
-    const result = await handler.processMessage(connId, msg);
-    if (result.type === "reply") {
-      return result.message;
-    }
-    if (result.type === "established") {
-      machineSession = result.session;
-      // Also need to send the ServerAuth reply - extract from session
-      // Actually, the handler returns "established" which means we need to construct the reply
-      // Let's fix the handler or construct it here
-      return undefined;
-    }
-    return undefined;
-  });
-
-  const connectionId = relay.generateConnectionId();
-
-  try {
-    // Step 1: Client creates and sends ClientHello
-    const { state: initialState, message: clientHello } = createClientHello(
-      machineIdentity.id
-    );
-    clientState = initialState;
-
-    const clientHelloMsg: HandshakeMessage = {
-      type: "handshake",
-      phase: "client_hello",
-      data: clientHello,
-    };
-
-    // Send ClientHello, get ServerHello
-    const serverHelloMsg = await relay.sendFromClient(connectionId, clientHelloMsg);
-    if (!serverHelloMsg) {
-      return {
-        success: false,
-        error: "No ServerHello received",
-        messageCount: relay.getMessageHistory().length,
-      };
-    }
-
-    // Step 2: Client processes ServerHello
-    const serverHello = serverHelloMsg.data as X3DHResponseMessage;
-    const stateAfterServerHello = processServerHello(clientState, serverHello);
-    if (!stateAfterServerHello) {
-      return {
-        success: false,
-        error: "Failed to process ServerHello",
-        messageCount: relay.getMessageHistory().length,
-      };
-    }
-    clientState = stateAfterServerHello;
-
-    // Step 3: Client creates and sends ClientAuth
-    let authData: X3DHAuthMessage["authorization"];
-    if (authorization.type === "access_list") {
-      authData = { type: "access_list" };
-    } else {
-      // Create invite token
-      const inviteToken = createInviteToken(machineIdentity, "wss://test.relay", {
-        accessType: authorization.accessType,
-        sessionId: authorization.sessionId,
-        validityMs: authorization.validityMs ?? 3600000,
-      });
-      authData = { type: "invite", inviteToken };
-    }
-
-    const { state: stateAfterAuth, message: clientAuth, sessionKeys } = createClientAuth(
-      clientState,
-      clientIdentity,
-      authData
-    );
-    clientState = stateAfterAuth;
-    clientSessionKeys = sessionKeys;
-
-    const clientAuthMsg: HandshakeMessage = {
-      type: "handshake",
-      phase: "client_auth",
-      data: clientAuth,
-    };
-
-    // Send ClientAuth, get ServerAuth
-    // Note: For established sessions, the handler doesn't return a reply message
-    // We need to handle this differently - run the handler directly
-    const authResult = await handler.processMessage(connectionId, clientAuthMsg);
-
-    if (authResult.type === "error") {
-      return {
-        success: false,
-        error: authResult.reason,
-        messageCount: relay.getMessageHistory().length + 1, // +1 for ClientAuth
-      };
-    }
-
-    if (authResult.type === "established") {
-      machineSession = authResult.session;
-
-      // For the client, we need to construct a ServerAuth to process
-      // But the handler already computed the session, we need to get the ServerAuth message
-      // Let's manually construct the response scenario
-
-      // Actually, let me re-think this. The handler.processMessage for ClientAuth
-      // should return "established" when successful, but we still need to verify
-      // the client can process it. Let's simulate what the relay would do:
-      // It would send the ServerAuth, so we need to construct it.
-
-      // The session keys in machineSession should match clientSessionKeys
-      // (with send/receive swapped)
-      return {
-        success: true,
-        clientKeys: clientSessionKeys,
-        machineSession,
-        messageCount: 4, // ClientHello, ServerHello, ClientAuth, ServerAuth
-      };
-    }
-
-    if (authResult.type === "reply") {
-      // This would be a ServerAuth with rejection
-      const serverAuth = authResult.message.data as X3DHResultMessage;
-      if (serverAuth.result.type === "rejected") {
-        return {
-          success: false,
-          error: `Rejected: ${serverAuth.result.reason}`,
-          messageCount: 4,
-        };
-      }
-    }
-
-    return {
-      success: false,
-      error: "Unexpected result type",
-      messageCount: relay.getMessageHistory().length,
-    };
-  } catch (error) {
-    return {
-      success: false,
-      error: error instanceof Error ? error.message : String(error),
-      messageCount: relay.getMessageHistory().length,
-    };
-  }
-}
-
-/**
- * Verify that two sets of session keys are correctly paired
- *
- * Client's sendKey should equal machine's receiveKey and vice versa.
- *
- * @param clientKeys - Client's session keys
- * @param machineKeys - Machine's session keys
- * @returns True if keys are correctly paired
- */
-export function verifyKeyPairing(
-  clientKeys: SessionKeys,
-  machineKeys: SessionKeys
-): boolean {
-  // Client's sendKey should match machine's receiveKey
-  const sendMatchesReceive = arraysEqual(
-    clientKeys.sendKey,
-    machineKeys.receiveKey
-  );
-
-  // Client's receiveKey should match machine's sendKey
-  const receiveMatchesSend = arraysEqual(
-    clientKeys.receiveKey,
-    machineKeys.sendKey
-  );
-
-  // Session IDs should match
-  const sessionIdsMatch = clientKeys.sessionId === machineKeys.sessionId;
-
-  return sendMatchesReceive && receiveMatchesSend && sessionIdsMatch;
-}
-
-/**
- * Verify that session keys are unique across multiple handshakes
- *
- * @param keysSets - Array of session keys from different handshakes
- * @returns True if all keys are unique
- */
-export function verifyKeysUnique(keysSets: SessionKeys[]): boolean {
-  const seenSendKeys = new Set<string>();
-  const seenReceiveKeys = new Set<string>();
-  const seenSessionIds = new Set<string>();
-
-  for (const keys of keysSets) {
-    const sendKeyHex = Buffer.from(keys.sendKey).toString("hex");
-    const receiveKeyHex = Buffer.from(keys.receiveKey).toString("hex");
-
-    if (seenSendKeys.has(sendKeyHex)) return false;
-    if (seenReceiveKeys.has(receiveKeyHex)) return false;
-    if (seenSessionIds.has(keys.sessionId)) return false;
-
-    seenSendKeys.add(sendKeyHex);
-    seenReceiveKeys.add(receiveKeyHex);
-    seenSessionIds.add(keys.sessionId);
-  }
-
-  return true;
-}
-
-/**
- * Create a pre-configured handshake test scenario
- *
- * Returns all necessary components for testing handshakes
- */
-export function createHandshakeScenario(): {
-  relay: MockRelay;
-  clientIdentity: Identity;
-  machineIdentity: Identity;
-  accessList: AccessControlList;
-  handler: HandshakeHandler;
-  addClientToAccessList: (accessType?: AccessType, sessionId?: string) => void;
-} {
-  // Import here to avoid circular dependencies
-  const { createTestIdentityPair } = require("./test-identities.js");
-
-  const { client, machine } = createTestIdentityPair();
-  const accessList = new AccessControlList();
-  const handler = new HandshakeHandler({
-    identity: machine,
-    accessList,
-  });
-  const relay = createMockRelay();
-
-  return {
-    relay,
-    clientIdentity: client,
-    machineIdentity: machine,
-    accessList,
-    handler,
-    addClientToAccessList: (accessType?: AccessType, sessionId?: string) => {
-      accessList.addEntry(toPublicIdentity(client), accessType, sessionId);
-    },
-  };
-}
-
-/**
- * Compare two Uint8Arrays for equality
- */
-function arraysEqual(a: Uint8Array, b: Uint8Array): boolean {
-  if (a.length !== b.length) return false;
-  for (let i = 0; i < a.length; i++) {
-    if (a[i] !== b[i]) return false;
-  }
-  return true;
-}

package/src/lib/tmux-lite/crypto/__tests__/helpers/mock-relay.ts

@@ -1,291 +0,0 @@
-/**
- * Mock relay for testing handshake flows
- *
- * This provides an in-memory message router that simulates the relay server.
- * Messages are delivered synchronously for easy testing.
- *
- * The mock relay:
- * - Routes messages between "client" and "machine" endpoints
- * - Allows inspection of message history
- * - Supports multiple concurrent connections
- * - Can simulate delays and failures for error testing
- */
-
-import type { HandshakeMessage } from "../../../handshake-handler.js";
-
-/**
- * Message record for history tracking
- */
-export interface MessageRecord {
-  /** When message was sent */
-  timestamp: number;
-  /** Sender endpoint */
-  from: "client" | "machine";
-  /** Receiver endpoint */
-  to: "client" | "machine";
-  /** Connection ID */
-  connectionId: string;
-  /** Message content */
-  message: HandshakeMessage;
-}
-
-/**
- * Message handler callback
- */
-export type MessageHandler = (
-  connectionId: string,
-  message: HandshakeMessage
-) => HandshakeMessage | undefined | Promise<HandshakeMessage | undefined> | void;
-
-/**
- * Mock relay options
- */
-export interface MockRelayOptions {
-  /** Simulate network delay in milliseconds */
-  latencyMs?: number;
-  /** Drop messages randomly (0-1 probability) */
-  dropRate?: number;
-  /** Tamper with messages (for security testing) */
-  tamperFn?: (message: HandshakeMessage) => HandshakeMessage;
-}
-
-/**
- * Mock relay for testing handshake flows
- *
- * @example
- * ```typescript
- * const relay = new MockRelay();
- *
- * relay.onClientMessage(async (connId, msg) => {
- *   // Process on machine side
- *   const result = await handler.processMessage(connId, msg);
- *   if (result.type === "reply") return result.message;
- * });
- *
- * // Send ClientHello
- * const response = await relay.sendFromClient("conn-1", clientHelloMessage);
- * ```
- */
-export class MockRelay {
-  private messageHistory: MessageRecord[] = [];
-  private clientHandler: MessageHandler | null = null;
-  private machineHandler: MessageHandler | null = null;
-  private options: MockRelayOptions;
-  private connectionIdCounter = 0;
-
-  constructor(options: MockRelayOptions = {}) {
-    this.options = options;
-  }
-
-  /**
-   * Register handler for messages arriving at the machine
-   */
-  onClientMessage(handler: MessageHandler): void {
-    this.clientHandler = handler;
-  }
-
-  /**
-   * Register handler for messages arriving at the client
-   */
-  onMachineMessage(handler: MessageHandler): void {
-    this.machineHandler = handler;
-  }
-
-  /**
-   * Send a message from client to machine
-   *
-   * @param connectionId - Connection identifier
-   * @param message - Handshake message to send
-   * @returns Response from machine (if any)
-   */
-  async sendFromClient(
-    connectionId: string,
-    message: HandshakeMessage
-  ): Promise<HandshakeMessage | undefined> {
-    // Record outgoing message
-    this.recordMessage("client", "machine", connectionId, message);
-
-    // Apply tampering if configured
-    const finalMessage = this.options.tamperFn
-      ? this.options.tamperFn(message)
-      : message;
-
-    // Simulate latency
-    if (this.options.latencyMs) {
-      await this.delay(this.options.latencyMs);
-    }
-
-    // Check for drop
-    if (this.options.dropRate && Math.random() < this.options.dropRate) {
-      return undefined;
-    }
-
-    // Deliver to machine handler
-    if (!this.clientHandler) {
-      throw new Error("No machine handler registered");
-    }
-
-    const response = await this.clientHandler(connectionId, finalMessage);
-
-    if (response) {
-      this.recordMessage("machine", "client", connectionId, response);
-    }
-
-    return response ?? undefined;
-  }
-
-  /**
-   * Send a message from machine to client
-   *
-   * @param connectionId - Connection identifier
-   * @param message - Handshake message to send
-   * @returns Response from client (if any)
-   */
-  async sendFromMachine(
-    connectionId: string,
-    message: HandshakeMessage
-  ): Promise<HandshakeMessage | undefined> {
-    // Record outgoing message
-    this.recordMessage("machine", "client", connectionId, message);
-
-    // Apply tampering if configured
-    const finalMessage = this.options.tamperFn
-      ? this.options.tamperFn(message)
-      : message;
-
-    // Simulate latency
-    if (this.options.latencyMs) {
-      await this.delay(this.options.latencyMs);
-    }
-
-    // Check for drop
-    if (this.options.dropRate && Math.random() < this.options.dropRate) {
-      return undefined;
-    }
-
-    // Deliver to client handler
-    if (!this.machineHandler) {
-      throw new Error("No client handler registered");
-    }
-
-    const response = await this.machineHandler(connectionId, finalMessage);
-
-    if (response) {
-      this.recordMessage("client", "machine", connectionId, response);
-    }
-
-    return response ?? undefined;
-  }
-
-  /**
-   * Generate a unique connection ID
-   */
-  generateConnectionId(): string {
-    this.connectionIdCounter++;
-    return `conn-${this.connectionIdCounter}`;
-  }
-
-  /**
-   * Get message history
-   *
-   * @param connectionId - Optional filter by connection ID
-   * @returns Array of message records
-   */
-  getMessageHistory(connectionId?: string): MessageRecord[] {
-    if (connectionId) {
-      return this.messageHistory.filter((m) => m.connectionId === connectionId);
-    }
-    return [...this.messageHistory];
-  }
-
-  /**
-   * Get messages by phase
-   *
-   * @param phase - Handshake phase to filter by
-   * @returns Array of message records with that phase
-   */
-  getMessagesByPhase(
-    phase: HandshakeMessage["phase"]
-  ): MessageRecord[] {
-    return this.messageHistory.filter((m) => m.message.phase === phase);
-  }
-
-  /**
-   * Clear message history
-   */
-  clearHistory(): void {
-    this.messageHistory = [];
-  }
-
-  /**
-   * Reset the relay (clear handlers and history)
-   */
-  reset(): void {
-    this.clientHandler = null;
-    this.machineHandler = null;
-    this.messageHistory = [];
-    this.connectionIdCounter = 0;
-  }
-
-  private recordMessage(
-    from: "client" | "machine",
-    to: "client" | "machine",
-    connectionId: string,
-    message: HandshakeMessage
-  ): void {
-    this.messageHistory.push({
-      timestamp: Date.now(),
-      from,
-      to,
-      connectionId,
-      message,
-    });
-  }
-
-  private delay(ms: number): Promise<void> {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-  }
-}
-
-/**
- * Create a mock relay with default settings
- */
-export function createMockRelay(options?: MockRelayOptions): MockRelay {
-  return new MockRelay(options);
-}
-
-/**
- * Create a message tampering function for security tests
- *
- * @param modifications - Fields to modify in the message data
- * @returns Tamper function
- */
-export function createTamperFn(
-  modifications: Record<string, unknown>
-): (msg: HandshakeMessage) => HandshakeMessage {
-  return (msg: HandshakeMessage) => ({
-    ...msg,
-    data: {
-      ...(msg.data as Record<string, unknown>),
-      ...modifications,
-    },
-  });
-}
-
-/**
- * Create a message that replays with a stale timestamp
- *
- * @param staleByMs - How stale the timestamp should be (default: 10 minutes)
- * @returns Tamper function
- */
-export function createStaleTimestampTamperFn(
-  staleByMs = 10 * 60 * 1000
-): (msg: HandshakeMessage) => HandshakeMessage {
-  return (msg: HandshakeMessage) => ({
-    ...msg,
-    data: {
-      ...(msg.data as Record<string, unknown>),
-      timestamp: Date.now() - staleByMs,
-    },
-  });
-}