tlc-claude-code 1.4.8 → 1.4.9

package/server/lib/security/crypto-utils.js

@@ -0,0 +1,253 @@
+/**
+ * Crypto Utilities Module
+ *
+ * Secure cryptographic primitives.
+ * Addresses OWASP A02: Cryptographic Failures
+ */
+
+import crypto from 'crypto';
+
+/**
+ * Custom error for deprecated algorithm usage
+ */
+export class DeprecatedAlgorithmError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = 'DeprecatedAlgorithmError';
+  }
+}
+
+/**
+ * Deprecated algorithms that should not be used for security
+ */
+const DEPRECATED_ALGORITHMS = ['md5', 'sha1', 'md4', 'ripemd160'];
+
+/**
+ * Generate cryptographically secure random bytes
+ * @param {number} length - Number of bytes to generate
+ * @returns {Buffer} Random bytes
+ */
+export function randomBytes(length) {
+  if (length <= 0) {
+    throw new Error('Length must be positive');
+  }
+  return crypto.randomBytes(length);
+}
+
+/**
+ * Generate a random string in specified encoding
+ * @param {number} bytes - Number of bytes of randomness
+ * @param {string} encoding - Output encoding (hex, base64, base64url, alphanumeric)
+ * @returns {string} Random string
+ */
+export function randomString(bytes, encoding = 'hex') {
+  const buffer = randomBytes(bytes);
+
+  switch (encoding) {
+    case 'hex':
+      return buffer.toString('hex');
+    case 'base64':
+      return buffer.toString('base64');
+    case 'base64url':
+      return buffer.toString('base64url');
+    case 'alphanumeric': {
+      const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+      let result = '';
+      for (let i = 0; i < bytes; i++) {
+        result += chars[buffer[i] % chars.length];
+      }
+      return result;
+    }
+    default:
+      return buffer.toString('hex');
+  }
+}
+
+/**
+ * Encrypt data using AES-256-GCM
+ * @param {string|Buffer} plaintext - Data to encrypt
+ * @param {Buffer} key - 32-byte encryption key
+ * @param {Object} options - Encryption options
+ * @returns {string} Base64-encoded ciphertext with IV and auth tag
+ */
+export function encrypt(plaintext, key, options = {}) {
+  const { aad } = options;
+
+  if (key.length !== 32) {
+    throw new Error('Key must be 32 bytes for AES-256');
+  }
+
+  // Generate random 12-byte IV
+  const iv = crypto.randomBytes(12);
+
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+
+  if (aad) {
+    cipher.setAAD(Buffer.from(aad));
+  }
+
+  const plaintextBuffer = Buffer.isBuffer(plaintext) ? plaintext : Buffer.from(plaintext);
+  const encrypted = Buffer.concat([cipher.update(plaintextBuffer), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+
+  // Format: IV (12 bytes) + ciphertext + authTag (16 bytes)
+  const combined = Buffer.concat([iv, encrypted, authTag]);
+  return combined.toString('base64');
+}
+
+/**
+ * Decrypt data encrypted with AES-256-GCM
+ * @param {string} ciphertext - Base64-encoded ciphertext
+ * @param {Buffer} key - 32-byte decryption key
+ * @param {Object} options - Decryption options
+ * @returns {string|Buffer} Decrypted data
+ */
+export function decrypt(ciphertext, key, options = {}) {
+  const { aad, encoding = 'utf8' } = options;
+
+  if (key.length !== 32) {
+    throw new Error('Key must be 32 bytes for AES-256');
+  }
+
+  const combined = Buffer.from(ciphertext, 'base64');
+
+  // Extract IV (first 12 bytes), ciphertext, and authTag (last 16 bytes)
+  const iv = combined.subarray(0, 12);
+  const authTag = combined.subarray(combined.length - 16);
+  const encrypted = combined.subarray(12, combined.length - 16);
+
+  const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+  decipher.setAuthTag(authTag);
+
+  if (aad) {
+    decipher.setAAD(Buffer.from(aad));
+  }
+
+  const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+
+  return encoding === 'buffer' ? decrypted : decrypted.toString(encoding);
+}
+
+/**
+ * Sign data with HMAC
+ * @param {string|Buffer} data - Data to sign
+ * @param {Buffer} key - Signing key
+ * @param {Object} options - HMAC options
+ * @returns {string} Hex-encoded signature
+ */
+export function hmacSign(data, key, options = {}) {
+  const { algorithm = 'sha256', purpose = 'security' } = options;
+
+  // Check for deprecated algorithms
+  if (DEPRECATED_ALGORITHMS.includes(algorithm.toLowerCase()) && purpose !== 'checksum') {
+    throw new DeprecatedAlgorithmError(`Algorithm ${algorithm} is deprecated for security purposes`);
+  }
+
+  const hmac = crypto.createHmac(algorithm, key);
+  hmac.update(data);
+  return hmac.digest('hex');
+}
+
+/**
+ * Verify HMAC signature
+ * @param {string|Buffer} data - Original data
+ * @param {string} signature - Signature to verify
+ * @param {Buffer} key - Signing key
+ * @param {Object} options - HMAC options
+ * @returns {boolean} True if signature is valid
+ */
+export function hmacVerify(data, signature, key, options = {}) {
+  const { algorithm = 'sha256' } = options;
+
+  const expected = hmacSign(data, key, { ...options, purpose: 'security' });
+  return constantTimeCompare(Buffer.from(expected), Buffer.from(signature));
+}
+
+/**
+ * Derive a key from password or input key material
+ * @param {string|Buffer} input - Password or key material
+ * @param {Buffer} salt - Salt for derivation
+ * @param {Object} options - Derivation options
+ * @returns {Buffer} Derived key
+ */
+export function deriveKey(input, salt, options = {}) {
+  const {
+    algorithm = 'pbkdf2',
+    keyLength = 32,
+    iterations = 100000, // OWASP minimum
+    info = '',
+  } = options;
+
+  const inputBuffer = Buffer.isBuffer(input) ? input : Buffer.from(input);
+
+  if (algorithm === 'pbkdf2') {
+    return crypto.pbkdf2Sync(inputBuffer, salt, iterations, keyLength, 'sha256');
+  }
+
+  if (algorithm === 'hkdf') {
+    const derived = crypto.hkdfSync('sha256', inputBuffer, salt, Buffer.from(info), keyLength);
+    return Buffer.from(derived);
+  }
+
+  throw new Error(`Unknown algorithm: ${algorithm}`);
+}
+
+/**
+ * Constant-time buffer comparison
+ * @param {Buffer} a - First buffer
+ * @param {Buffer} b - Second buffer
+ * @returns {boolean} True if buffers are equal
+ */
+export function constantTimeCompare(a, b) {
+  if (!Buffer.isBuffer(a)) a = Buffer.from(a);
+  if (!Buffer.isBuffer(b)) b = Buffer.from(b);
+
+  if (a.length !== b.length) {
+    // Do dummy comparison to maintain constant time
+    crypto.timingSafeEqual(a, a);
+    return false;
+  }
+
+  return crypto.timingSafeEqual(a, b);
+}
+
+/**
+ * Generate an asymmetric key pair
+ * @param {string} type - Key type (rsa, ec)
+ * @param {Object} options - Key generation options
+ * @returns {Promise<{publicKey: string, privateKey: string}>} Key pair
+ */
+export async function generateKeyPair(type, options = {}) {
+  return new Promise((resolve, reject) => {
+    if (type === 'rsa') {
+      const { modulusLength = 2048 } = options;
+
+      if (modulusLength < 2048) {
+        reject(new Error('RSA key size must be at least 2048 bits'));
+        return;
+      }
+
+      crypto.generateKeyPair('rsa', {
+        modulusLength,
+        publicKeyEncoding: { type: 'spki', format: 'pem' },
+        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+      }, (err, publicKey, privateKey) => {
+        if (err) reject(err);
+        else resolve({ publicKey, privateKey });
+      });
+    } else if (type === 'ec') {
+      const { namedCurve = 'P-256' } = options;
+
+      crypto.generateKeyPair('ec', {
+        namedCurve,
+        publicKeyEncoding: { type: 'spki', format: 'pem' },
+        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+      }, (err, publicKey, privateKey) => {
+        if (err) reject(err);
+        else resolve({ publicKey, privateKey });
+      });
+    } else {
+      reject(new Error(`Unknown key type: ${type}`));
+    }
+  });
+}

package/server/lib/security/crypto-utils.test.js

@@ -0,0 +1,409 @@
+/**
+ * Crypto Utilities Tests
+ *
+ * Tests for secure cryptographic primitives.
+ */
+
+import { describe, it, expect } from 'vitest';
+import {
+  randomBytes,
+  randomString,
+  encrypt,
+  decrypt,
+  hmacSign,
+  hmacVerify,
+  deriveKey,
+  constantTimeCompare,
+  generateKeyPair,
+  DeprecatedAlgorithmError,
+} from './crypto-utils.js';
+
+describe('crypto-utils', () => {
+  describe('randomBytes', () => {
+    it('generates specified number of bytes', () => {
+      const bytes = randomBytes(32);
+
+      expect(bytes).toBeInstanceOf(Buffer);
+      expect(bytes.length).toBe(32);
+    });
+
+    it('generates different bytes each call', () => {
+      const bytes1 = randomBytes(32);
+      const bytes2 = randomBytes(32);
+
+      expect(bytes1.equals(bytes2)).toBe(false);
+    });
+
+    it('generates cryptographically random bytes', () => {
+      // Statistical test: bytes should have reasonable entropy
+      const bytes = randomBytes(1000);
+      const counts = new Array(256).fill(0);
+
+      for (const byte of bytes) {
+        counts[byte]++;
+      }
+
+      // Each byte value should appear roughly 1000/256 ≈ 4 times
+      // With random data, standard deviation is about sqrt(1000 * (1/256) * (255/256)) ≈ 2
+      // So values should be within roughly 4 ± 6 most of the time
+      const avg = 1000 / 256;
+      const inRange = counts.filter(c => c >= 0 && c <= avg * 3).length;
+
+      expect(inRange).toBeGreaterThan(200); // Most values in reasonable range
+    });
+
+    it('rejects zero or negative length', () => {
+      expect(() => randomBytes(0)).toThrow();
+      expect(() => randomBytes(-1)).toThrow();
+    });
+  });
+
+  describe('randomString', () => {
+    it('generates hex string of correct length', () => {
+      const str = randomString(16, 'hex');
+
+      expect(str).toMatch(/^[a-f0-9]{32}$/); // 16 bytes = 32 hex chars
+    });
+
+    it('generates base64 string', () => {
+      const str = randomString(16, 'base64');
+
+      expect(str).toMatch(/^[A-Za-z0-9+/]+=*$/);
+    });
+
+    it('generates base64url string', () => {
+      const str = randomString(16, 'base64url');
+
+      expect(str).toMatch(/^[A-Za-z0-9_-]+$/);
+    });
+
+    it('generates alphanumeric string', () => {
+      const str = randomString(32, 'alphanumeric');
+
+      expect(str).toMatch(/^[A-Za-z0-9]{32}$/);
+    });
+
+    it('generates unique strings', () => {
+      const strings = new Set();
+      for (let i = 0; i < 100; i++) {
+        strings.add(randomString(16, 'hex'));
+      }
+
+      expect(strings.size).toBe(100);
+    });
+  });
+
+  describe('encrypt / decrypt (AES-256-GCM)', () => {
+    it('roundtrips encryption correctly', () => {
+      const key = randomBytes(32);
+      const plaintext = 'Hello, World!';
+
+      const encrypted = encrypt(plaintext, key);
+      const decrypted = decrypt(encrypted, key);
+
+      expect(decrypted).toBe(plaintext);
+    });
+
+    it('handles binary data', () => {
+      const key = randomBytes(32);
+      const plaintext = Buffer.from([0x00, 0x01, 0x02, 0xff, 0xfe, 0xfd]);
+
+      const encrypted = encrypt(plaintext, key);
+      const decrypted = decrypt(encrypted, key, { encoding: 'buffer' });
+
+      expect(decrypted.equals(plaintext)).toBe(true);
+    });
+
+    it('produces different ciphertext for same plaintext', () => {
+      const key = randomBytes(32);
+      const plaintext = 'Same message';
+
+      const encrypted1 = encrypt(plaintext, key);
+      const encrypted2 = encrypt(plaintext, key);
+
+      expect(encrypted1).not.toBe(encrypted2);
+    });
+
+    it('fails decryption with wrong key', () => {
+      const key1 = randomBytes(32);
+      const key2 = randomBytes(32);
+      const plaintext = 'Secret message';
+
+      const encrypted = encrypt(plaintext, key1);
+
+      expect(() => decrypt(encrypted, key2)).toThrow();
+    });
+
+    it('fails decryption with tampered ciphertext', () => {
+      const key = randomBytes(32);
+      const plaintext = 'Secret message';
+
+      const encrypted = encrypt(plaintext, key);
+
+      // Tamper with the ciphertext
+      const tampered = Buffer.from(encrypted, 'base64');
+      tampered[20] ^= 0xff;
+      const tamperedStr = tampered.toString('base64');
+
+      expect(() => decrypt(tamperedStr, key)).toThrow();
+    });
+
+    it('fails decryption with tampered auth tag', () => {
+      const key = randomBytes(32);
+      const plaintext = 'Secret message';
+
+      const encrypted = encrypt(plaintext, key);
+
+      // Tamper with the auth tag (last 16 bytes)
+      const tampered = Buffer.from(encrypted, 'base64');
+      tampered[tampered.length - 1] ^= 0xff;
+      const tamperedStr = tampered.toString('base64');
+
+      expect(() => decrypt(tamperedStr, key)).toThrow();
+    });
+
+    it('rejects key of wrong length', () => {
+      const shortKey = randomBytes(16); // Should be 32 for AES-256
+      const plaintext = 'Message';
+
+      expect(() => encrypt(plaintext, shortKey)).toThrow();
+    });
+
+    it('supports additional authenticated data', () => {
+      const key = randomBytes(32);
+      const plaintext = 'Secret';
+      const aad = 'context-data';
+
+      const encrypted = encrypt(plaintext, key, { aad });
+      const decrypted = decrypt(encrypted, key, { aad });
+
+      expect(decrypted).toBe(plaintext);
+    });
+
+    it('fails with wrong additional authenticated data', () => {
+      const key = randomBytes(32);
+      const plaintext = 'Secret';
+
+      const encrypted = encrypt(plaintext, key, { aad: 'correct' });
+
+      expect(() => decrypt(encrypted, key, { aad: 'wrong' })).toThrow();
+    });
+  });
+
+  describe('hmacSign / hmacVerify', () => {
+    it('signs data with HMAC-SHA256', () => {
+      const key = randomBytes(32);
+      const data = 'Message to sign';
+
+      const signature = hmacSign(data, key);
+
+      expect(signature).toMatch(/^[a-f0-9]{64}$/); // SHA256 = 64 hex chars
+    });
+
+    it('verifies valid signature', () => {
+      const key = randomBytes(32);
+      const data = 'Message to sign';
+
+      const signature = hmacSign(data, key);
+      const isValid = hmacVerify(data, signature, key);
+
+      expect(isValid).toBe(true);
+    });
+
+    it('rejects invalid signature', () => {
+      const key = randomBytes(32);
+      const data = 'Message to sign';
+
+      const signature = hmacSign(data, key);
+      const isValid = hmacVerify(data, signature + 'x', key);
+
+      expect(isValid).toBe(false);
+    });
+
+    it('rejects signature with wrong key', () => {
+      const key1 = randomBytes(32);
+      const key2 = randomBytes(32);
+      const data = 'Message to sign';
+
+      const signature = hmacSign(data, key1);
+      const isValid = hmacVerify(data, signature, key2);
+
+      expect(isValid).toBe(false);
+    });
+
+    it('rejects modified data', () => {
+      const key = randomBytes(32);
+
+      const signature = hmacSign('Original message', key);
+      const isValid = hmacVerify('Modified message', signature, key);
+
+      expect(isValid).toBe(false);
+    });
+
+    it('supports SHA-512', () => {
+      const key = randomBytes(32);
+      const data = 'Message';
+
+      const signature = hmacSign(data, key, { algorithm: 'sha512' });
+
+      expect(signature).toMatch(/^[a-f0-9]{128}$/); // SHA512 = 128 hex chars
+    });
+  });
+
+  describe('deriveKey', () => {
+    it('derives key with PBKDF2', () => {
+      const password = 'user-password';
+      const salt = randomBytes(16);
+
+      const key = deriveKey(password, salt, { algorithm: 'pbkdf2' });
+
+      expect(key).toBeInstanceOf(Buffer);
+      expect(key.length).toBe(32);
+    });
+
+    it('produces consistent keys', () => {
+      const password = 'user-password';
+      const salt = randomBytes(16);
+
+      const key1 = deriveKey(password, salt);
+      const key2 = deriveKey(password, salt);
+
+      expect(key1.equals(key2)).toBe(true);
+    });
+
+    it('produces different keys with different salts', () => {
+      const password = 'user-password';
+
+      const key1 = deriveKey(password, randomBytes(16));
+      const key2 = deriveKey(password, randomBytes(16));
+
+      expect(key1.equals(key2)).toBe(false);
+    });
+
+    it('supports HKDF', () => {
+      const inputKey = randomBytes(32);
+      const salt = randomBytes(16);
+      const info = 'context';
+
+      const derivedKey = deriveKey(inputKey, salt, {
+        algorithm: 'hkdf',
+        info,
+      });
+
+      expect(derivedKey).toBeInstanceOf(Buffer);
+      expect(derivedKey.length).toBe(32);
+    });
+
+    it('uses sufficient iterations for PBKDF2', () => {
+      const password = 'password';
+      const salt = randomBytes(16);
+
+      // Should use at least 100,000 iterations (OWASP recommendation)
+      const key = deriveKey(password, salt, { algorithm: 'pbkdf2' });
+
+      // We can't directly check iterations, but we can check it takes time
+      expect(key).toBeDefined();
+    });
+  });
+
+  describe('constantTimeCompare', () => {
+    it('returns true for equal buffers', () => {
+      const a = Buffer.from('same-value');
+      const b = Buffer.from('same-value');
+
+      expect(constantTimeCompare(a, b)).toBe(true);
+    });
+
+    it('returns false for different buffers', () => {
+      const a = Buffer.from('value-a');
+      const b = Buffer.from('value-b');
+
+      expect(constantTimeCompare(a, b)).toBe(false);
+    });
+
+    it('returns false for different length buffers', () => {
+      const a = Buffer.from('short');
+      const b = Buffer.from('much-longer');
+
+      expect(constantTimeCompare(a, b)).toBe(false);
+    });
+
+    it('has constant time regardless of difference position', () => {
+      const base = Buffer.from('abcdefghijklmnopqrstuvwxyz');
+      const diffStart = Buffer.from('Xbcdefghijklmnopqrstuvwxyz');
+      const diffEnd = Buffer.from('abcdefghijklmnopqrstuvwxyZ');
+
+      const times1 = [];
+      const times2 = [];
+
+      for (let i = 0; i < 1000; i++) {
+        const start1 = process.hrtime.bigint();
+        constantTimeCompare(base, diffStart);
+        const end1 = process.hrtime.bigint();
+        times1.push(Number(end1 - start1));
+
+        const start2 = process.hrtime.bigint();
+        constantTimeCompare(base, diffEnd);
+        const end2 = process.hrtime.bigint();
+        times2.push(Number(end2 - start2));
+      }
+
+      const avg1 = times1.reduce((a, b) => a + b) / times1.length;
+      const avg2 = times2.reduce((a, b) => a + b) / times2.length;
+      const ratio = Math.max(avg1, avg2) / Math.min(avg1, avg2);
+
+      // Times should be very similar (within 50%)
+      expect(ratio).toBeLessThan(1.5);
+    });
+  });
+
+  describe('deprecated algorithm rejection', () => {
+    it('rejects MD5 for security purposes', () => {
+      expect(() => {
+        hmacSign('data', randomBytes(16), { algorithm: 'md5' });
+      }).toThrow(DeprecatedAlgorithmError);
+    });
+
+    it('rejects SHA1 for security purposes', () => {
+      expect(() => {
+        hmacSign('data', randomBytes(16), { algorithm: 'sha1' });
+      }).toThrow(DeprecatedAlgorithmError);
+    });
+
+    it('allows MD5 when explicitly marked as non-security', () => {
+      // For checksums, not security
+      const result = hmacSign('data', randomBytes(16), {
+        algorithm: 'md5',
+        purpose: 'checksum',
+      });
+
+      expect(result).toBeDefined();
+    });
+  });
+
+  describe('generateKeyPair', () => {
+    it('generates RSA key pair', async () => {
+      const { publicKey, privateKey } = await generateKeyPair('rsa', {
+        modulusLength: 2048,
+      });
+
+      expect(publicKey).toContain('BEGIN PUBLIC KEY');
+      expect(privateKey).toContain('BEGIN PRIVATE KEY');
+    });
+
+    it('generates EC key pair', async () => {
+      const { publicKey, privateKey } = await generateKeyPair('ec', {
+        namedCurve: 'P-256',
+      });
+
+      expect(publicKey).toBeDefined();
+      expect(privateKey).toBeDefined();
+    });
+
+    it('rejects weak RSA key sizes', async () => {
+      await expect(
+        generateKeyPair('rsa', { modulusLength: 1024 })
+      ).rejects.toThrow();
+    });
+  });
+});