laantungir/nostr_core_lib
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed bug in nip44.c, was an error in ecdh_shared_secret. Added comments

Browse Source
This commit is contained in:
Laan Tungir
2025-08-17 11:29:07 -04:00
parent d8b342ca3f
commit 3ebfdc06c0
14 changed files with 15 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
nostr_core/nip004.c
View File

@@ -107,18 +107,13 @@ int nostr_nip04_encrypt(const unsigned char* sender_private_key,
const char* plaintext,
char* output,
size_t output_size) {
printf("[DEBUG] nostr_nip04_encrypt: Starting encryption\n");
if (!sender_private_key || !recipient_public_key || !plaintext || !output) {
printf("[DEBUG] nostr_nip04_encrypt: Invalid input - null pointer detected\n");
return NOSTR_ERROR_INVALID_INPUT;
}
size_t plaintext_len = strlen(plaintext);
printf("[DEBUG] nostr_nip04_encrypt: Plaintext length = %zu\n", plaintext_len);
if (plaintext_len > NOSTR_NIP04_MAX_PLAINTEXT_SIZE) {
printf("[DEBUG] nostr_nip04_encrypt: Plaintext too large (%zu > %d)\n", plaintext_len, NOSTR_NIP04_MAX_PLAINTEXT_SIZE);
return NOSTR_ERROR_NIP04_BUFFER_TOO_SMALL;
}
@@ -130,64 +125,46 @@ int nostr_nip04_encrypt(const unsigned char* sender_private_key,
size_t iv_b64_max = ((16 + 2) / 3) * 4 + 1; // Always 25 bytes
size_t estimated_result_len = ciphertext_b64_max + 4 + iv_b64_max; // +4 for "?iv="
printf("[DEBUG] nostr_nip04_encrypt: Size calculations - padded_len=%zu, ciphertext_b64_max=%zu, estimated_result_len=%zu, output_size=%zu\n",
padded_len, ciphertext_b64_max, estimated_result_len, output_size);
// FIX: Check output buffer size BEFORE doing any work
if (estimated_result_len > output_size) {
printf("[DEBUG] nostr_nip04_encrypt: Output buffer too small (%zu > %zu)\n", estimated_result_len, output_size);
return NOSTR_ERROR_NIP04_BUFFER_TOO_SMALL;
}
// Step 1: Compute ECDH shared secret
printf("[DEBUG] nostr_nip04_encrypt: Computing ECDH shared secret\n");
unsigned char shared_secret[32];
if (ecdh_shared_secret(sender_private_key, recipient_public_key, shared_secret) != 0) {
printf("[DEBUG] nostr_nip04_encrypt: ECDH shared secret computation failed\n");
return NOSTR_ERROR_CRYPTO_FAILED;
}
printf("[DEBUG] nostr_nip04_encrypt: ECDH shared secret computed successfully\n");
// Step 2: Generate random IV (16 bytes)
printf("[DEBUG] nostr_nip04_encrypt: Generating random IV\n");
unsigned char iv[16];
if (nostr_secp256k1_get_random_bytes(iv, 16) != 1) {
printf("[DEBUG] nostr_nip04_encrypt: Failed to generate random IV\n");
return NOSTR_ERROR_CRYPTO_FAILED;
}
printf("[DEBUG] nostr_nip04_encrypt: IV generated successfully\n");
// Step 3: Pad plaintext using PKCS#7
printf("[DEBUG] nostr_nip04_encrypt: Padding plaintext with PKCS#7\n");
unsigned char* padded_data = malloc(padded_len);
if (!padded_data) {
printf("[DEBUG] nostr_nip04_encrypt: Failed to allocate memory for padded data\n");
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(padded_data, plaintext, plaintext_len);
size_t actual_padded_len = pkcs7_pad(padded_data, plaintext_len, 16);
printf("[DEBUG] nostr_nip04_encrypt: PKCS#7 padding completed - actual_padded_len=%zu\n", actual_padded_len);
// Step 4: Encrypt using AES-256-CBC
printf("[DEBUG] nostr_nip04_encrypt: Encrypting with AES-256-CBC\n");
unsigned char* ciphertext = malloc(padded_len);
if (!ciphertext) {
printf("[DEBUG] nostr_nip04_encrypt: Failed to allocate memory for ciphertext\n");
free(padded_data);
return NOSTR_ERROR_MEMORY_FAILED;
}
if (aes_cbc_encrypt(shared_secret, iv, padded_data, actual_padded_len, ciphertext) != 0) {
printf("[DEBUG] nostr_nip04_encrypt: AES-256-CBC encryption failed\n");
free(padded_data);
free(ciphertext);
return NOSTR_ERROR_CRYPTO_FAILED;
}
printf("[DEBUG] nostr_nip04_encrypt: AES-256-CBC encryption completed successfully\n");
// Step 5: Base64 encode ciphertext and IV
printf("[DEBUG] nostr_nip04_encrypt: Base64 encoding ciphertext and IV\n");
size_t ciphertext_b64_len = ((actual_padded_len + 2) / 3) * 4 + 1;
size_t iv_b64_len = ((16 + 2) / 3) * 4 + 1;
@@ -195,7 +172,6 @@ int nostr_nip04_encrypt(const unsigned char* sender_private_key,
char* iv_b64 = malloc(iv_b64_len);
if (!ciphertext_b64 || !iv_b64) {
printf("[DEBUG] nostr_nip04_encrypt: Failed to allocate memory for base64 buffers\n");
free(padded_data);
free(ciphertext);
free(ciphertext_b64);
@@ -207,11 +183,8 @@ int nostr_nip04_encrypt(const unsigned char* sender_private_key,
size_t ct_b64_len = base64_encode(ciphertext, actual_padded_len, ciphertext_b64, ciphertext_b64_len);
size_t iv_b64_len_actual = base64_encode(iv, 16, iv_b64, iv_b64_len);
printf("[DEBUG] nostr_nip04_encrypt: Base64 encoding results - ct_b64_len=%zu, iv_b64_len_actual=%zu\n", ct_b64_len, iv_b64_len_actual);
// FIX: Check if encoding succeeded
if (ct_b64_len == 0 || iv_b64_len_actual == 0) {
printf("[DEBUG] nostr_nip04_encrypt: Base64 encoding failed\n");
free(padded_data);
free(ciphertext);
free(ciphertext_b64);
@@ -219,16 +192,11 @@ int nostr_nip04_encrypt(const unsigned char* sender_private_key,
memory_clear(shared_secret, 32);
return NOSTR_ERROR_CRYPTO_FAILED;
}
printf("[DEBUG] nostr_nip04_encrypt: Base64 encoding completed successfully\n");
// Step 6: Format as "ciphertext?iv=iv_base64" - size check moved earlier, now guaranteed to fit
printf("[DEBUG] nostr_nip04_encrypt: Formatting final output string\n");
size_t result_len = ct_b64_len + 4 + iv_b64_len_actual + 1; // +4 for "?iv=", +1 for null
printf("[DEBUG] nostr_nip04_encrypt: Final size check - result_len=%zu, output_size=%zu\n", result_len, output_size);
if (result_len > output_size) {
printf("[DEBUG] nostr_nip04_encrypt: Final output buffer too small (%zu > %zu)\n", result_len, output_size);
free(padded_data);
free(ciphertext);
free(ciphertext_b64);
@@ -238,8 +206,6 @@ int nostr_nip04_encrypt(const unsigned char* sender_private_key,
}
snprintf(output, output_size, "%s?iv=%s", ciphertext_b64, iv_b64);
printf("[DEBUG] nostr_nip04_encrypt: Formatted output successfully\n");
printf("[DEBUG] nostr_nip04_encrypt: Encryption completed successfully - returning NOSTR_SUCCESS\n");
// Cleanup
memory_clear(shared_secret, 32);