stegdoc 1.0.0

package/src/index.js

@@ -0,0 +1,87 @@
+#!/usr/bin/env node
+
+const { program } = require('commander');
+const chalk = require('chalk');
+const encodeCommand = require('./commands/encode');
+const decodeCommand = require('./commands/decode');
+const infoCommand = require('./commands/info');
+const verifyCommand = require('./commands/verify');
+
+// CLI Configuration
+program
+  .name('stegdoc')
+  .description('Hide files inside Office documents with AES-256 encryption and steganography')
+  .version('1.0.0');
+
+// Encode command
+program
+  .command('encode <file>')
+  .description('Encode a file into XLSX/DOCX format with compression and optional encryption')
+  .option('-o, --output-dir <dir>', 'Output directory for files', process.cwd())
+  .option('-s, --chunk-size <size>', 'Maximum size per output file (e.g., "5MB", "25MB")', '5MB')
+  .option('-f, --format <format>', 'Output format: xlsx (default) or docx', 'xlsx')
+  .option('-p, --password <password>', 'Encryption password (optional, but recommended)')
+  .option('--force', 'Overwrite existing files without asking')
+  .option('-q, --quiet', 'Minimal output (for scripting)')
+  .option('-y, --yes', 'Skip interactive prompts, use defaults')
+  .action(async (file, options) => {
+    try {
+      await encodeCommand(file, options);
+    } catch (error) {
+      console.error(chalk.red(`Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+// Decode command
+program
+  .command('decode <file>')
+  .description('Decode and decrypt an XLSX/DOCX file back to original format')
+  .option('-o, --output <path>', 'Output file path (defaults to original filename)')
+  .option('-p, --password <password>', 'Decryption password (required for encrypted files)')
+  .option('--force', 'Overwrite existing files without asking')
+  .option('-q, --quiet', 'Minimal output (for scripting)')
+  .option('-y, --yes', 'Skip interactive prompts, fail if password needed')
+  .action(async (file, options) => {
+    try {
+      await decodeCommand(file, options);
+    } catch (error) {
+      console.error(chalk.red(`Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+// Info command
+program
+  .command('info <file>')
+  .description('Show information about an encoded file without decoding')
+  .action(async (file, options) => {
+    try {
+      await infoCommand(file, options);
+    } catch (error) {
+      console.error(chalk.red(`Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+// Verify command
+program
+  .command('verify <file>')
+  .description('Verify that a file can be decoded without actually decoding')
+  .option('-p, --password <password>', 'Password to verify (optional)')
+  .action(async (file, options) => {
+    try {
+      await verifyCommand(file, options);
+    } catch (error) {
+      console.error(chalk.red(`Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+// Show help by default if no command is provided
+if (!process.argv.slice(2).length) {
+  program.outputHelp();
+}
+
+// Parse arguments
+program.parse(process.argv);

package/src/lib/compression.js

@@ -0,0 +1,97 @@
+const zlib = require('zlib');
+
+/**
+ * MIME types that are already compressed - no benefit from additional compression
+ */
+const COMPRESSED_MIMES = new Set([
+  // Archives
+  'application/zip',
+  'application/x-7z-compressed',
+  'application/x-rar-compressed',
+  'application/gzip',
+  'application/x-gzip',
+  'application/x-bzip2',
+  'application/x-xz',
+  'application/x-tar',
+  'application/x-lzip',
+  'application/x-lzma',
+  'application/zstd',
+
+  // Images (lossy compressed)
+  'image/jpeg',
+  'image/png',
+  'image/gif',
+  'image/webp',
+  'image/avif',
+  'image/heic',
+  'image/heif',
+  'image/jxl',
+
+  // Audio
+  'audio/mpeg', // mp3
+  'audio/ogg',
+  'audio/flac',
+  'audio/aac',
+  'audio/mp4',
+  'audio/x-m4a',
+  'audio/opus',
+
+  // Video
+  'video/mp4',
+  'video/webm',
+  'video/x-matroska', // mkv
+  'video/quicktime', // mov
+  'video/x-msvideo', // avi
+  'video/mpeg',
+
+  // Documents (OOXML are zip-based)
+  'application/vnd.openxmlformats-officedocument.wordprocessingml.document', // docx
+  'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', // xlsx
+  'application/vnd.openxmlformats-officedocument.presentationml.presentation', // pptx
+  'application/pdf',
+  'application/epub+zip',
+]);
+
+/**
+ * Check if a file type is already compressed
+ * @param {string|null} mime - MIME type from file-type detection
+ * @returns {boolean}
+ */
+function isCompressedMime(mime) {
+  return mime ? COMPRESSED_MIMES.has(mime) : false;
+}
+
+/**
+ * Compress data using gzip
+ * @param {Buffer} buffer - Data to compress
+ * @returns {Promise<Buffer>} Compressed data
+ */
+function compress(buffer) {
+  return new Promise((resolve, reject) => {
+    zlib.gzip(buffer, { level: 9 }, (err, result) => {
+      if (err) reject(err);
+      else resolve(result);
+    });
+  });
+}
+
+/**
+ * Decompress gzip data
+ * @param {Buffer} buffer - Compressed data
+ * @returns {Promise<Buffer>} Decompressed data
+ */
+function decompress(buffer) {
+  return new Promise((resolve, reject) => {
+    zlib.gunzip(buffer, (err, result) => {
+      if (err) reject(err);
+      else resolve(result);
+    });
+  });
+}
+
+module.exports = {
+  isCompressedMime,
+  compress,
+  decompress,
+  COMPRESSED_MIMES,
+};

package/src/lib/crypto.js

@@ -0,0 +1,118 @@
+const crypto = require('crypto');
+
+// AES-256-GCM Configuration
+const ALGORITHM = 'aes-256-gcm';
+const KEY_LENGTH = 32; // 256 bits
+const IV_LENGTH = 12; // 96 bits (recommended for GCM)
+const SALT_LENGTH = 16; // 128 bits
+const AUTH_TAG_LENGTH = 16; // 128 bits
+const PBKDF2_ITERATIONS = 100000;
+
+/**
+ * Derive a key from password using PBKDF2
+ * @param {string} password - User password
+ * @param {Buffer} salt - Salt for key derivation
+ * @returns {Buffer} Derived key
+ */
+function deriveKey(password, salt) {
+  return crypto.pbkdf2Sync(password, salt, PBKDF2_ITERATIONS, KEY_LENGTH, 'sha256');
+}
+
+/**
+ * Encrypt plaintext using AES-256-GCM
+ * @param {string} plaintext - Data to encrypt
+ * @param {string} password - User password
+ * @returns {object} { ciphertext, iv, salt, authTag } - all as base64 strings
+ */
+function encrypt(plaintext, password) {
+  // Generate random salt and IV
+  const salt = crypto.randomBytes(SALT_LENGTH);
+  const iv = crypto.randomBytes(IV_LENGTH);
+
+  // Derive key from password
+  const key = deriveKey(password, salt);
+
+  // Create cipher and encrypt
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+
+  let ciphertext = cipher.update(plaintext, 'utf8', 'base64');
+  ciphertext += cipher.final('base64');
+
+  // Get authentication tag
+  const authTag = cipher.getAuthTag();
+
+  return {
+    ciphertext,
+    iv: iv.toString('base64'),
+    salt: salt.toString('base64'),
+    authTag: authTag.toString('base64'),
+  };
+}
+
+/**
+ * Decrypt ciphertext using AES-256-GCM
+ * @param {string} ciphertext - Encrypted data (base64)
+ * @param {string} password - User password
+ * @param {string} ivBase64 - Initialization vector (base64)
+ * @param {string} saltBase64 - Salt used for key derivation (base64)
+ * @param {string} authTagBase64 - Authentication tag (base64)
+ * @returns {string} Decrypted plaintext
+ * @throws {Error} If decryption fails (wrong password or tampered data)
+ */
+function decrypt(ciphertext, password, ivBase64, saltBase64, authTagBase64) {
+  // Convert from base64
+  const iv = Buffer.from(ivBase64, 'base64');
+  const salt = Buffer.from(saltBase64, 'base64');
+  const authTag = Buffer.from(authTagBase64, 'base64');
+
+  // Derive key from password
+  const key = deriveKey(password, salt);
+
+  // Create decipher
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+
+  // Set auth tag for verification
+  decipher.setAuthTag(authTag);
+
+  try {
+    let plaintext = decipher.update(ciphertext, 'base64', 'utf8');
+    plaintext += decipher.final('utf8');
+    return plaintext;
+  } catch (error) {
+    throw new Error('Decryption failed: Invalid password or corrupted data');
+  }
+}
+
+/**
+ * Pack encryption metadata into a single string for storage
+ * @param {object} encryptionData - { iv, salt, authTag }
+ * @returns {string} Packed string (iv:salt:authTag in base64)
+ */
+function packEncryptionMeta(encryptionData) {
+  return `${encryptionData.iv}:${encryptionData.salt}:${encryptionData.authTag}`;
+}
+
+/**
+ * Unpack encryption metadata from storage string
+ * @param {string} packed - Packed string (iv:salt:authTag)
+ * @returns {object} { iv, salt, authTag }
+ */
+function unpackEncryptionMeta(packed) {
+  const [iv, salt, authTag] = packed.split(':');
+  if (!iv || !salt || !authTag) {
+    throw new Error('Invalid encryption metadata format');
+  }
+  return { iv, salt, authTag };
+}
+
+module.exports = {
+  encrypt,
+  decrypt,
+  deriveKey,
+  packEncryptionMeta,
+  unpackEncryptionMeta,
+};

package/src/lib/decoy-generator.js

@@ -0,0 +1,306 @@
+/**
+ * Decoy Data Generator - Server Metrics Report
+ * Generates realistic-looking server monitoring/metrics data
+ */
+
+// Fixed list of servers (small dev team setup - ~10 servers total)
+const SERVERS = [
+  'app-prod-01',
+  'app-prod-02',
+  'api-prod-01',
+  'db-prod-01',
+  'redis-prod-01',
+  'nginx-prod-01',
+  'app-dev-01',
+  'db-dev-01',
+  'jenkins-01',
+  'gitlab-01',
+];
+
+const STATUS_VALUES = [
+  { status: 'healthy', weight: 85 },
+  { status: 'warning', weight: 10 },
+  { status: 'critical', weight: 3 },
+  { status: 'maintenance', weight: 2 },
+];
+
+/**
+ * Generate a random float between min and max with specified decimal places
+ */
+function randomFloat(min, max, decimals = 1) {
+  const val = Math.random() * (max - min) + min;
+  return parseFloat(val.toFixed(decimals));
+}
+
+/**
+ * Generate a random integer between min and max (inclusive)
+ */
+function randomInt(min, max) {
+  return Math.floor(Math.random() * (max - min + 1)) + min;
+}
+
+/**
+ * Generate a random element from an array
+ */
+function randomElement(arr) {
+  return arr[Math.floor(Math.random() * arr.length)];
+}
+
+/**
+ * Generate a weighted random status
+ */
+function generateStatus() {
+  const totalWeight = STATUS_VALUES.reduce((sum, s) => sum + s.weight, 0);
+  let random = Math.random() * totalWeight;
+
+  for (const item of STATUS_VALUES) {
+    random -= item.weight;
+    if (random <= 0) {
+      return item.status;
+    }
+  }
+  return 'healthy';
+}
+
+/**
+ * Pick a server from the fixed list
+ */
+function generateServerId() {
+  return randomElement(SERVERS);
+}
+
+// Time window configuration (last 4 hours of data)
+const HOURS_WINDOW = 4;
+
+// Shared time window for multi-part consistency
+let sharedTimeWindow = null;
+
+/**
+ * Initialize or get the shared time window
+ * This ensures multi-part files have continuous timestamps
+ */
+function getTimeWindow() {
+  if (!sharedTimeWindow) {
+    const now = new Date();
+    sharedTimeWindow = {
+      end: now.getTime(),
+      start: now.getTime() - (HOURS_WINDOW * 60 * 60 * 1000),
+    };
+  }
+  return sharedTimeWindow;
+}
+
+/**
+ * Reset the time window (called between separate encode sessions)
+ */
+function resetTimeWindow() {
+  sharedTimeWindow = null;
+}
+
+/**
+ * Generate a realistic timestamp within the configured time window
+ */
+function generateTimestamp() {
+  const window = getTimeWindow();
+  const timestamp = new Date(window.start + Math.random() * (window.end - window.start));
+
+  // Format: YYYY-MM-DD HH:MM:SS
+  const year = timestamp.getFullYear();
+  const month = (timestamp.getMonth() + 1).toString().padStart(2, '0');
+  const day = timestamp.getDate().toString().padStart(2, '0');
+  const hours = timestamp.getHours().toString().padStart(2, '0');
+  const minutes = timestamp.getMinutes().toString().padStart(2, '0');
+  const seconds = timestamp.getSeconds().toString().padStart(2, '0');
+
+  return `${year}-${month}-${day} ${hours}:${minutes}:${seconds}`;
+}
+
+/**
+ * Generate CPU usage based on status
+ */
+function generateCpuUsage(status) {
+  switch (status) {
+    case 'critical':
+      return randomFloat(90, 99);
+    case 'warning':
+      return randomFloat(70, 89);
+    case 'maintenance':
+      return randomFloat(0, 10);
+    default:
+      return randomFloat(15, 69);
+  }
+}
+
+/**
+ * Generate memory usage based on status
+ */
+function generateMemoryUsage(status) {
+  switch (status) {
+    case 'critical':
+      return randomFloat(92, 99);
+    case 'warning':
+      return randomFloat(75, 91);
+    case 'maintenance':
+      return randomFloat(5, 20);
+    default:
+      return randomFloat(30, 74);
+  }
+}
+
+/**
+ * Generate disk usage (generally more stable than CPU/memory)
+ */
+function generateDiskUsage(status) {
+  switch (status) {
+    case 'critical':
+      return randomFloat(95, 99);
+    case 'warning':
+      return randomFloat(80, 94);
+    default:
+      return randomFloat(25, 79);
+  }
+}
+
+/**
+ * Generate network I/O in MB/s
+ */
+function generateNetworkIO() {
+  return randomFloat(0.5, 150, 2);
+}
+
+/**
+ * Generate request count (for web/api servers)
+ */
+function generateRequestCount(serverId) {
+  // Higher for app/api/nginx servers
+  if (serverId.match(/^(app|api|nginx)/)) {
+    return randomInt(500, 15000);
+  }
+  // Low for CI/CD servers
+  if (serverId.match(/^(jenkins|gitlab)/)) {
+    return randomInt(10, 200);
+  }
+  return randomInt(50, 1000);
+}
+
+/**
+ * Generate response time in ms
+ */
+function generateResponseTime(status) {
+  switch (status) {
+    case 'critical':
+      return randomInt(2000, 10000);
+    case 'warning':
+      return randomInt(500, 1999);
+    default:
+      return randomInt(5, 499);
+  }
+}
+
+/**
+ * Generate uptime in hours
+ */
+function generateUptime(status) {
+  if (status === 'maintenance') {
+    return randomFloat(0, 2, 1);
+  }
+  // Servers typically have long uptimes
+  return randomFloat(24, 2160, 1); // Up to 90 days
+}
+
+/**
+ * Generate column headers
+ */
+function generateDecoyHeaders() {
+  return [
+    'Timestamp',
+    'Server ID',
+    'Status',
+    'CPU %',
+    'Memory %',
+    'Disk %',
+    'Network (MB/s)',
+    'Requests',
+    'Resp Time (ms)',
+    'Uptime (hrs)',
+  ];
+}
+
+/**
+ * Generate a single row of server metrics
+ */
+function generateMetricsRow() {
+  const serverId = generateServerId();
+  const status = generateStatus();
+
+  return {
+    timestamp: generateTimestamp(),
+    serverId,
+    status,
+    cpu: generateCpuUsage(status),
+    memory: generateMemoryUsage(status),
+    disk: generateDiskUsage(status),
+    network: generateNetworkIO(),
+    requests: generateRequestCount(serverId),
+    responseTime: generateResponseTime(status),
+    uptime: generateUptime(status),
+  };
+}
+
+/**
+ * Generate decoy data with specified number of rows
+ * @param {number} rowCount - Number of rows to generate (default 100)
+ * @returns {Array<object>} Array of metrics row objects
+ */
+function generateDecoyData(rowCount = 100) {
+  const rows = [];
+  for (let i = 0; i < rowCount; i++) {
+    rows.push(generateMetricsRow());
+  }
+  // Sort by timestamp descending (most recent first)
+  rows.sort((a, b) => b.timestamp.localeCompare(a.timestamp));
+  return rows;
+}
+
+/**
+ * Calculate appropriate row count based on payload size
+ * @param {number} payloadSizeBytes - Size of encrypted payload
+ * @returns {number} Recommended number of decoy rows
+ */
+function calculateDecoyRowCount(payloadSizeBytes) {
+  const estimatedBytesPerRow = 150;
+  const targetDecoyRatio = 0.4;
+
+  const minRows = 50;
+  const maxRows = 10000;
+
+  const calculatedRows = Math.floor((payloadSizeBytes * targetDecoyRatio) / estimatedBytesPerRow);
+
+  return Math.max(minRows, Math.min(maxRows, calculatedRows));
+}
+
+/**
+ * Convert row object to array of values (for Excel)
+ */
+function rowToArray(row) {
+  return [
+    row.timestamp,
+    row.serverId,
+    row.status,
+    row.cpu,
+    row.memory,
+    row.disk,
+    row.network,
+    row.requests,
+    row.responseTime,
+    row.uptime,
+  ];
+}
+
+module.exports = {
+  generateDecoyHeaders,
+  generateDecoyData,
+  calculateDecoyRowCount,
+  rowToArray,
+  resetTimeWindow,
+};