SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
a4161bc47e472896f428c1a963594f25ba822f0d
securebit-chat/doc/CONTRIBUTING.md

6126 lines
183 KiB
Markdown
Raw Normal View History

feat: rebrand to SecureBit.chat due to name conflict BREAKING CHANGE: Project renamed from LockBit.chat to SecureBit.chat - Changed project name to avoid confusion with LockBit ransomware group - Updated all documentation, branding, and references - Maintained all existing functionality and security features - Domain migration planned to securebit.chat Reason: The LockBit name became associated with a notorious ransomware group, causing conflicts on platforms and potential confusion for users. SecureBit better reflects our mission of providing secure P2P messaging while avoiding negative associations. This change affects: - README.md and all documentation - Package.json name field - Brand assets and logos - Website references - Social media handles Core functionality remains unchanged: ✅ 12-layer military-grade security ✅ Lightning Network integration ✅ P2P WebRTC architecture ✅ Open source MIT license
2025-08-14 15:54:11 -04:00
# Contributing to SecureBit.chat
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
feat: rebrand to SecureBit.chat due to name conflict BREAKING CHANGE: Project renamed from LockBit.chat to SecureBit.chat - Changed project name to avoid confusion with LockBit ransomware group - Updated all documentation, branding, and references - Maintained all existing functionality and security features - Domain migration planned to securebit.chat Reason: The LockBit name became associated with a notorious ransomware group, causing conflicts on platforms and potential confusion for users. SecureBit better reflects our mission of providing secure P2P messaging while avoiding negative associations. This change affects: - README.md and all documentation - Package.json name field - Brand assets and logos - Website references - Social media handles Core functionality remains unchanged: ✅ 12-layer military-grade security ✅ Lightning Network integration ✅ P2P WebRTC architecture ✅ Open source MIT license
2025-08-14 15:54:11 -04:00
🎉 **Thank you for your interest in contributing to SecureBit.chat!**
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
We're building the most secure P2P messenger with Lightning Network integration, and we need your help to make it even better. **Version 4.02.442 introduces complete ASN.1 validation for enhanced key security.**
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
## 🌟 Ways to Contribute
### 🐛 Bug Reports
Found a bug? Help us squash it!
### 💡 Feature Requests
Have an idea for improvement? We'd love to hear it!
### 🔒 Security Research
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
Help audit our cryptographic implementation and ASN.1 validation framework
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
### 📖 Documentation
Improve guides, tutorials, and technical docs
### 🌍 Translations
feat: rebrand to SecureBit.chat due to name conflict BREAKING CHANGE: Project renamed from LockBit.chat to SecureBit.chat - Changed project name to avoid confusion with LockBit ransomware group - Updated all documentation, branding, and references - Maintained all existing functionality and security features - Domain migration planned to securebit.chat Reason: The LockBit name became associated with a notorious ransomware group, causing conflicts on platforms and potential confusion for users. SecureBit better reflects our mission of providing secure P2P messaging while avoiding negative associations. This change affects: - README.md and all documentation - Package.json name field - Brand assets and logos - Website references - Social media handles Core functionality remains unchanged: ✅ 12-layer military-grade security ✅ Lightning Network integration ✅ P2P WebRTC architecture ✅ Open source MIT license
2025-08-14 15:54:11 -04:00
Help make SecureBit.chat accessible worldwide
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
### 💻 Code Contributions
Submit pull requests for bug fixes and features
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
```bash
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
# 1. Fork the repository on GitHub
# 2. Clone your fork
feat: rebrand to SecureBit.chat due to name conflict BREAKING CHANGE: Project renamed from LockBit.chat to SecureBit.chat - Changed project name to avoid confusion with LockBit ransomware group - Updated all documentation, branding, and references - Maintained all existing functionality and security features - Domain migration planned to securebit.chat Reason: The LockBit name became associated with a notorious ransomware group, causing conflicts on platforms and potential confusion for users. SecureBit better reflects our mission of providing secure P2P messaging while avoiding negative associations. This change affects: - README.md and all documentation - Package.json name field - Brand assets and logos - Website references - Social media handles Core functionality remains unchanged: ✅ 12-layer military-grade security ✅ Lightning Network integration ✅ P2P WebRTC architecture ✅ Open source MIT license
2025-08-14 15:54:11 -04:00
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
```
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
## 📋 Contribution Guidelines
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
```
#### Naming Conventions
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### 📖 Documentation
## 🔒 Security Considerations
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### Critical Areas
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
These areas require extra careful review:
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### Security Checklist
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
## 🔐 ASN.1 Validation Framework (NEW)
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### Key Components
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### Testing ASN.1 Validation
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
});
});
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
});
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
constructor() {
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
};
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
}
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
}
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
};
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
}
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
};
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
constructor() {
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
};
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
}
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
}
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
}
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
return true;
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
}
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
```
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
}
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
}
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
## 📋 Contribution Guidelines
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### 🔍 Before You Start
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### 💻 Code Standards
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
#### Naming Conventions
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
### 📖 Documentation
Create CONTRIBUTING.md
2025-08-09 13:23:20 -04:00
Updated application documentation and website homepage to include ASN.1 Validation
2025-08-27 13:25:26 -04:00
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this.checkCustomCondition(parsed)) {
throw new Error('Custom validation failed');
}
return true;
}
// Integrate with main validation
validateKeyStructure(keyData) {
const parsed = this.parseDER(keyData);
// Existing validations...
if (!this.validateSPKI(parsed)) return false;
if (!this.validateOID(parsed)) return false;
if (!this.validateECPoint(parsed)) return false;
// New custom validation
if (!this.validateCustomRule(parsed)) return false;
return true;
}
```
### Testing ASN.1 Validation
#### **Unit Tests**
```javascript
describe('ASN.1 Validation Framework', () => {
test('Validates correct P-384 key structure', () => {
const validKey = generateValidP384Key();
expect(asn1Validator.validateKeyStructure(validKey)).toBe(true);
});
test('Rejects modified key with valid header', () => {
const modifiedKey = modifyKeyData(validKey);
expect(asn1Validator.validateKeyStructure(modifiedKey)).toBe(false);
});
test('Rejects unsupported curve OID', () => {
const invalidOIDKey = generateKeyWithInvalidOID();
expect(asn1Validator.validateKeyStructure(invalidOIDKey)).toBe(false);
});
});
```
#### **Performance Tests**
```javascript
describe('ASN.1 Validation Performance', () => {
test('Validation completes within 10ms', () => {
const start = performance.now();
asn1Validator.validateKeyStructure(validKey);
const duration = performance.now() - start;
expect(duration).toBeLessThan(10);
});
});
```
### Security Guidelines for ASN.1 Contributions
#### **Critical Requirements**
1. **Never bypass validation** - All keys must pass complete ASN.1 validation
2. **Maintain strict OID checking** - Only support verified, secure algorithms
3. **Preserve size limits** - Key size limits prevent DoS attacks
4. **Validate all structural elements** - Complete verification is mandatory
#### **Common Pitfalls to Avoid**
```javascript
// ❌ DON'T: Skip validation for performance
const fastImport = (keyData) => {
// Bypassing validation for speed
return crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
// ✅ DO: Always validate before processing
const secureImport = async (keyData) => {
if (!asn1Validator.validateKeyStructure(keyData)) {
throw new Error('Key validation failed');
}
return await crypto.subtle.importKey('spki', keyData, algorithm, false, ['verify']);
};
```
#### **Validation Order**
1. **Parse DER** - Complete ASN.1 structure parsing
2. **Validate SPKI** - SubjectPublicKeyInfo structure
3. **Validate OID** - Algorithm and curve verification
4. **Validate EC Point** - Format and structure verification
5. **Apply custom rules** - Any additional validation requirements
### Breaking Changes and Compatibility
#### **Version 4.02.442 Changes**
- **Enhanced key validation** now performs complete ASN.1 parsing
- **Stricter key acceptance** criteria for improved security
- **Fallback support** from P-384 to P-256 maintained
- **Backward compatibility** for valid key structures
#### **Migration Considerations**
- **Existing keys** are validated on next use
- **New keys** must pass complete validation
- **Invalid keys** are rejected with clear error messages
- **Performance impact** is minimal (< 10ms per validation)
### Documentation Requirements
#### **Code Documentation**
```javascript
/**
* Validates cryptographic key structure using complete ASN.1 DER parsing
*
* @param {ArrayBuffer} keyData - Raw key data to validate
* @returns {boolean} - True if validation passes, false otherwise
* @throws {Error} - Detailed error message for validation failures
*
* @example
* const isValid = asn1Validator.validateKeyStructure(keyData);
* if (!isValid) {
* console.error('Key validation failed');
* }
*/
validateKeyStructure(keyData) {
// Implementation...
}
```
#### **API Documentation**
- **Function signatures** with parameter types
- **Return values** and error conditions
- **Usage examples** for common scenarios
- **Performance characteristics** and limitations
### Contributing Guidelines Summary
#### **For ASN.1 Framework Contributions**
1. **Understand the security model** - Complete validation is mandatory
2. **Follow validation order** - Parse → SPKI → OID → EC Point → Custom
3. **Maintain performance** - Keep validation time under 10ms
4. **Add comprehensive tests** - Unit, integration, and performance tests
5. **Document thoroughly** - Code comments, API docs, and examples
6. **Consider breaking changes** - Ensure backward compatibility where possible
#### **Security Review Process**
1. **Code review** by cryptographic experts
2. **Security testing** for validation bypass attempts
3. **Performance validation** for timing attacks
4. **Compatibility testing** with existing key formats
5. **Documentation review** for accuracy and completeness
---
## 🚀 Getting Started
### Prerequisites
- **Browser:** Modern browser with WebRTC and WebCrypto support
- **Git:** For version control
- **Text Editor:** VS Code, Vim, or your favorite editor
- **Lightning Wallet:** For testing payment features (optional)
### Development Setup
```bash
# 1. Fork the repository on GitHub
# 2. Clone your fork
git clone https://github.com/yourusername/securebit-chat.git
cd securebit-chat
# 3. Create a development branch
git checkout -b feature/your-feature-name
# 4. Start development server
python -m http.server 8000
# or
npx serve .
# 5. Open http://localhost:8000
# Make your changes
# Test thoroughly
# Commit with descriptive messages
git commit -m "feat: add quantum-resistant key exchange
- Implement CRYSTALS-Kyber for post-quantum security
- Add fallback to classical ECDH
- Update security level calculations
- Add comprehensive test suite
Closes #123"
```
## 📋 Contribution Guidelines
### 🔍 Before You Start
- Check existing issues - avoid duplicate work
- Create an issue - discuss your idea first
- Get feedback - ensure alignment with project goals
- Fork and branch - work on a feature branch
### 💻 Code Standards
#### JavaScript Style
```javascript
// ✅ Good
const encryptionKey = await crypto.subtle.generateKey({
name: 'AES-GCM',
length: 256
}, false, ['encrypt', 'decrypt']);
// ❌ Bad
var key=crypto.subtle.generateKey({name:'AES-GCM',length:256},false,['encrypt','decrypt'])
```
#### Naming Conventions
- **Functions:** camelCase - `generateSecureKey()`
- **Classes:** PascalCase - `EnhancedSecureCryptoUtils`
- **Constants:** UPPER_SNAKE_CASE - `MAX_MESSAGE_LENGTH`
- **Files:** kebab-case - `crypto-utils.js`
### 📖 Documentation
## 🔒 Security Considerations
### Critical Areas
These areas require extra careful review:
- **Cryptographic functions** - All crypto code must be reviewed
- **Key generation** - Entropy and randomness
- **Message handling** - Input validation and sanitization
- **P2P communication** - WebRTC security
- **Lightning integration** - Payment verification
- **ASN.1 validation** - Key structure verification (NEW)
### Security Checklist
## 🔐 ASN.1 Validation Framework (NEW)
### Overview
SecureBit.chat v4.02.442 implements a complete ASN.1 DER parser and validation system. This framework requires special attention when contributing to cryptographic code.
### Key Components
#### **ASN1Validator Class**
```javascript
// Core validation class for cryptographic keys
class ASN1Validator {
constructor() {
this.supportedOIDs = {
'1.2.840.10045.3.1.7': 'P-256', // secp256r1
'1.3.132.0.34': 'P-384' // secp384r1
};
this.maxKeySize = 2000; // bytes
this.minKeySize = 50; // bytes
}
// Complete DER parsing and validation
validateKeyStructure(keyData) {
// Implementation details...
}
}
```
#### **Integration Points**
- **Key import operations** - All keys must pass ASN.1 validation
- **Key export operations** - Exported keys are validated
- **Real-time validation** - Continuous validation during operations
### Contributing to ASN.1 Framework
#### **Adding New Curve Support**
```javascript
// To add support for a new elliptic curve:
const newCurveOID = '1.3.132.0.XX'; // Replace XX with actual OID
const curveName = 'P-XXX'; // Replace XXX with curve name
// Add to supportedOIDs
this.supportedOIDs[newCurveOID] = curveName;
// Update validation logic if needed
// Ensure proper EC point format validation
```
#### **Extending Validation Rules**
```javascript
// To add new validation rules:
validateCustomRule(parsed) {
// Implement your validation logic
if (!this
Reference in New Issue Copy Permalink