laantungir/nostr_core_lib
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: laantungir:711a7cc15cbb0b7094e923987cb7e16695b2fc7f
Branches Tags
laantungir:master
laantungir:v0.4.8
...
compare: laantungir:master
Branches Tags
laantungir:master
laantungir:v0.4.8

25 Commits
711a7cc15c ... master

Author SHA1 Message Date
Laan Tungir
f3068f82f3 Rollback of nip44 changes, and added ability to modify timestamps in giftwraps. 2025-10-27 13:16:06 -04:00
Your Name
a8dc2ed046 Add configurable timestamp randomization for NIP-59 gift wraps 2025-10-27 12:57:25 -04:00
Laan Tungir
9a3965243c Revert NIP-44 to spec compliance (65535 bytes), keep NIP-04 at 1MB 2025-10-27 12:51:50 -04:00
Laan Tungir
23c2a58c2b Upgrade nip4 and nip44 to be able to handle 1MB payloads. 2025-10-24 18:56:30 -04:00
Laan Tungir
45fb6d061d Adding async publish to relay pool 2025-10-09 09:19:11 -04:00
Laan Tungir
c0784fc890 added nip 17 2025-10-04 18:32:28 -04:00
Laan Tungir
499accf440 Implement NIP-21: nostr: URI scheme with full support for note, nprofile, nevent, and naddr URIs including TLV encoding/decoding and comprehensive test suite 2025-10-03 06:10:56 -04:00
Laan Tungir
6b95ad37c5 nip 17, and 59 2025-10-03 04:25:10 -04:00
Laan Tungir
54a6044083 Add enhanced subscription functionality with EOSE result modes 2025-10-02 15:00:50 -04:00
Laan Tungir
0f897ab1b3 Getting the relay pool up to speed 2025-10-02 11:51:41 -04:00
Laan Tungir
0d910ca181 Updated synchronous relay queries to handle nip42. 2025-09-30 12:16:23 -04:00
Laan Tungir
9a63550863 Merge branch 'master' of ssh://git.laantungir.net:222/laantungir/nostr_core_lib 
Working on Ginxsom auth and NIP 42 on a different computer at the same
time. My bad.
 2025-09-07 13:07:02 -04:00
Laan Tungir
eb7a9e6098 Add NIP-42 implementation and local updates 
- Added NIP-42 authentication implementation (nip042.c, nip042.h)
- Added NIP-42 test suite (nip42_test.c, nip42_test)
- Updated common core files for NIP-42 support
- Updated build script
- Rebuilt test binaries
 2025-09-07 13:04:53 -04:00
Your Name
8585e7649c Add unified request validation system with authentication rules 
- Add request_validator.h/c with comprehensive authentication system
- Implement pluggable database backend interface (SQLite default)
- Add priority-based rule evaluation engine with caching
- Support pubkey whitelist/blacklist, hash blacklist, MIME restrictions
- Add new authentication error codes to nostr_common.h
- Include request_validator.h in nostr_core.h
- Update build.sh to compile request_validator.c
- Designed for shared use between ginxsom and c-relay projects
 2025-09-07 09:44:38 -04:00
Laan Tungir
55e2a9c68e nip13 validation added 2025-09-05 13:42:03 -04:00
Laan Tungir
445ab7a8f4 readme.md 2025-09-03 15:16:08 -04:00
Laan Tungir
33129d82fd remove exposed .h crypto headers 2025-09-02 12:36:52 -04:00
Laan Tungir
c0d095e57b Streaming sha256 2025-08-19 11:24:48 -04:00
Laan Tungir
e40f3037d3 version 2025-08-19 07:02:42 -04:00
Laan Tungir
77d92dbcf9 Nostr note validation added to nip01 2025-08-19 06:59:04 -04:00
Laan Tungir
1da4f6751e clean up 2025-08-17 14:14:52 -04:00
Laan Tungir
3ebfdc06c0 Fixed bug in nip44.c, was an error in ecdh_shared_secret. Added comments 2025-08-17 11:29:07 -04:00
Laan Tungir
d8b342ca3f Fixed error in nip04 implementation. Now working 2025-08-17 10:42:38 -04:00
Laan Tungir
df23fd618a comparison test for debugging 2025-08-16 17:48:02 -04:00
Laan Tungir
19452f45c2 remove secp256 from project 2025-08-16 14:09:26 -04:00
292 changed files with 14624 additions and 88199 deletions
Expand all files Collapse all files

2
.clinerules/workspace_rules.md
View File

@@ -1,6 +1,6 @@
This library is fully staticly linked. There should be no external dependencies.
When building, use build.sh, not make.
When building, use build.sh, not make. When building for tests use build.sh -t
When making TUI menus, try to use the first leter of the command and the key to press to execute that command. For example, if the command is "Open file" try to use a keypress of "o" upper or lower case to signal to open the file. Use this instead of number keyed menus when possible. In the command, the letter should be underlined that signifies the command.

4
.gitignore vendored
View File

@@ -7,8 +7,8 @@ nips/
node_modules/
nostr-tools/
tiny-AES-c/
blossom/
ndk/
Trash/debug_tests/
node_modules/

223
AUTOMATIC_VERSIONING.md
View File

@@ -1,223 +0,0 @@
# NOSTR Core Library - Automatic Versioning System
## Overview
The NOSTR Core Library now features an automatic version increment system that automatically increments the patch version (e.g., v0.2.0 → v0.2.1) with each build. This ensures consistent versioning and traceability across builds.
## How It Works
### Version Format
The library uses semantic versioning with the format: `vMAJOR.MINOR.PATCH`
- **MAJOR**: Incremented for breaking changes (manual)
- **MINOR**: Incremented for new features (manual)
- **PATCH**: Incremented automatically with each build
### Automatic Increment Process
1. **Version Detection**: The build system scans all git tags matching `v*.*.*` pattern
2. **Highest Version**: Uses `sort -V` to find the numerically highest version (not chronologically latest)
3. **Patch Increment**: Increments the patch number by 1
4. **Git Tag Creation**: Creates a new git tag for the incremented version
5. **File Generation**: Generates `nostr_core/version.h` and `nostr_core/version.c` with build metadata
### Generated Files
The system automatically generates two files during each build:
#### `nostr_core/version.h`
```c
#define VERSION_MAJOR 0
#define VERSION_MINOR 2
#define VERSION_PATCH 1
#define VERSION_STRING "0.2.1"
#define VERSION_TAG "v0.2.1"
#define BUILD_DATE "2025-08-09"
#define BUILD_TIME "10:42:45"
#define BUILD_TIMESTAMP "2025-08-09 10:42:45"
#define GIT_HASH "ca6b475"
#define GIT_BRANCH "master"
// API functions
const char* nostr_core_get_version(void);
const char* nostr_core_get_version_full(void);
const char* nostr_core_get_build_info(void);
```
#### `nostr_core/version.c`
Contains the implementation of the version API functions.
## Usage
### Building with Auto-Versioning
All major build targets automatically increment the version:
```bash
# Build static library (increments version)
./build.sh lib
# Build shared library (increments version)
./build.sh shared
# Build all libraries (increments version)
./build.sh all
# Build examples (increments version)
./build.sh examples
# Install to system (increments version)
./build.sh install
```
### Non-Versioned Builds
Some targets do not increment versions:
```bash
# Clean build artifacts (no version increment)
./build.sh clean
# Run tests (no version increment)
./build.sh test
```
### Using Version Information in Code
```c
#include "version.h"
// Get version string
printf("Version: %s\n", nostr_core_get_version());
// Get full version with timestamp and commit
printf("Full: %s\n", nostr_core_get_version_full());
// Get detailed build information
printf("Build: %s\n", nostr_core_get_build_info());
// Use version macros
#if VERSION_MAJOR >= 1
// Use new API
#else
// Use legacy API
#endif
```
### Testing Version System
A version test example is provided:
```bash
# Build and run version test
gcc -I. -Inostr_core examples/version_test.c -o examples/version_test ./libnostr_core.a ./secp256k1/.libs/libsecp256k1.a -lm
./examples/version_test
```
## Version History Tracking
### View All Versions
```bash
# List all version tags
git tag --list
# View version history
git log --oneline --decorate --graph
```
### Current Version
```bash
# Check current version
cat VERSION
# Or check the latest git tag
git describe --tags --abbrev=0
```
## Manual Version Management
### Major/Minor Version Bumps
For major or minor version changes, manually create the appropriate tag:
```bash
# For a minor version bump (new features)
git tag v0.3.0
# For a major version bump (breaking changes)
git tag v1.0.0
```
The next build will automatically increment from the new base version.
### Resetting Version
To reset or fix version numbering:
```bash
# Delete incorrect tags (if needed)
git tag -d v0.2.1
git push origin --delete v0.2.1
# Create correct base version
git tag v0.2.0
# Next build will create v0.2.1
```
## Integration Notes
### Makefile Integration
- The `version.c` file is automatically included in `LIB_SOURCES`
- Version files are compiled and linked with the library
- Clean targets remove generated version object files
### Git Integration
- Version files (`version.h`, `version.c`) are excluded from git via `.gitignore`
- Only version tags and the `VERSION` file are tracked
- Build system works in any git repository with version tags
### Build System Integration
- Version increment is integrated directly into `build.sh`
- No separate scripts or external dependencies required
- Self-contained and portable across systems
## Example Output
When building, you'll see output like:
```
[INFO] Incrementing version...
[INFO] Current version: v0.2.0
[INFO] New version: v0.2.1
[SUCCESS] Created new version tag: v0.2.1
[SUCCESS] Generated version.h and version.c
[SUCCESS] Updated VERSION file to 0.2.1
```
## Troubleshooting
### Version Not Incrementing
- Ensure you're in a git repository
- Check that git tags exist with `git tag --list`
- Verify tag format matches `v*.*.*` pattern
### Tag Already Exists
If a tag already exists, the build will continue with the existing version:
```
[WARNING] Tag v0.2.1 already exists - using existing version
```
### Missing Git Information
If git is not available, version files will show "unknown" for git hash and branch.
## Benefits
1. **Automatic Traceability**: Every build has a unique version
2. **Build Metadata**: Includes timestamp, git commit, and branch information
3. **API Integration**: Version information accessible via C API
4. **Zero Maintenance**: No manual version file editing required
5. **Git Integration**: Automatic git tag creation for version history

309
EXPORTABLE_DESIGN.md
View File

@@ -1,309 +0,0 @@
# Exportable C NOSTR Library Design Guide
This document outlines the design principles and structure for making the C NOSTR library easily exportable and reusable across multiple projects.
## Overview
The C NOSTR library is designed as a modular, self-contained implementation that can be easily integrated into other projects while maintaining compatibility with the broader NOSTR ecosystem.
## Design Principles
### 1. Modular Architecture
- **Core Layer**: Essential NOSTR functionality (`nostr_core.c/h`)
- **Crypto Layer**: Self-contained cryptographic primitives (`nostr_crypto.c/h`)
- **WebSocket Layer**: Optional networking functionality (`nostr_websocket/`)
- **Dependencies**: Minimal external dependencies (only cJSON and mbedTLS)
### 2. Clean API Surface
- Consistent function naming with `nostr_` prefix
- Clear return codes using `NOSTR_SUCCESS`/`NOSTR_ERROR_*` constants
- Well-documented function signatures
- No global state where possible
### 3. Self-Contained Crypto
- Custom implementations of SHA-256, HMAC, secp256k1
- BIP39 wordlist embedded in code
- No external crypto library dependencies for core functionality
- Optional mbedTLS integration for enhanced security
### 4. Cross-Platform Compatibility
- Standard C99 code
- Platform-specific code isolated in separate modules
- ARM64 and x86_64 tested builds
- Static library compilation support
## Library Structure
```
c_nostr/
├── nostr_core.h # High-level API
├── nostr_core.c # Implementation
├── nostr_crypto.h # Crypto primitives API
├── nostr_crypto.c # Self-contained crypto
├── libnostr_core.a # Static library (x86_64)
├── libnostr_core.so # Shared library (x86_64)
├── cjson/ # JSON parsing (vendored)
├── mbedtls/ # Optional crypto backend
├── examples/ # Usage examples
├── tests/ # Test suites
└── nostr_websocket/ # Optional WebSocket layer
```
## Integration Methods
### Method 1: Static Library Linking
**Best for**: Applications that want a single binary with all NOSTR functionality embedded.
```bash
# Build the library
make lib
# In your project Makefile:
CFLAGS += -I/path/to/c_nostr
LDFLAGS += -L/path/to/c_nostr -lnostr_core -lm -static
```
**Usage:**
```c
#include "nostr_core.h"
int main() {
if (nostr_init() != NOSTR_SUCCESS) {
return 1;
}
unsigned char private_key[32], public_key[32];
nostr_generate_keypair(private_key, public_key);
cJSON* event = nostr_create_text_event("Hello NOSTR!", private_key);
// ... use event
nostr_cleanup();
return 0;
}
```
### Method 2: Source Code Integration
**Best for**: Applications that want to customize the crypto backend or minimize dependencies.
```bash
# Copy essential files to your project:
cp nostr_core.{c,h} your_project/src/
cp nostr_crypto.{c,h} your_project/src/
cp -r cjson/ your_project/src/
```
**Compile with your project:**
```c
// In your source
#include "nostr_core.h"
// Use NOSTR functions directly
```
### Method 3: Git Submodule
**Best for**: Projects that want to track upstream changes and contribute back.
```bash
# In your project root:
git submodule add https://github.com/yourorg/c_nostr.git deps/c_nostr
git submodule update --init --recursive
# In your Makefile:
CFLAGS += -Ideps/c_nostr
LDFLAGS += -Ldeps/c_nostr -lnostr_core
```
### Method 4: Shared Library
**Best for**: System-wide installation or multiple applications sharing the same NOSTR implementation.
```bash
# Install system-wide
sudo make install
# In your project:
CFLAGS += $(pkg-config --cflags nostr_core)
LDFLAGS += $(pkg-config --libs nostr_core)
```
## API Design for Exportability
### Consistent Error Handling
```c
typedef enum {
NOSTR_SUCCESS = 0,
NOSTR_ERROR_INVALID_INPUT = -1,
NOSTR_ERROR_CRYPTO_FAILED = -2,
NOSTR_ERROR_MEMORY_ALLOCATION = -3,
NOSTR_ERROR_JSON_PARSE = -4,
NOSTR_ERROR_NETWORK = -5
} nostr_error_t;
const char* nostr_strerror(int error_code);
```
### Clean Resource Management
```c
// Always provide cleanup functions
int nostr_init(void);
void nostr_cleanup(void);
// JSON objects returned should be freed by caller
cJSON* nostr_create_text_event(const char* content, const unsigned char* private_key);
// Caller must call cJSON_Delete(event) when done
```
### Optional Features
```c
// Compile-time feature toggles
#ifndef NOSTR_DISABLE_WEBSOCKETS
int nostr_connect_relay(const char* url);
#endif
#ifndef NOSTR_DISABLE_IDENTITY_PERSISTENCE
int nostr_save_identity(const unsigned char* private_key, const char* password, int account);
#endif
```
## Configuration System
### Build-Time Configuration
```c
// nostr_config.h (generated during build)
#define NOSTR_VERSION "1.0.0"
#define NOSTR_HAS_MBEDTLS 1
#define NOSTR_HAS_WEBSOCKETS 1
#define NOSTR_STATIC_BUILD 1
```
### Runtime Configuration
```c
typedef struct {
int log_level;
char* identity_file_path;
int default_account;
int enable_networking;
} nostr_config_t;
int nostr_set_config(const nostr_config_t* config);
const nostr_config_t* nostr_get_config(void);
```
## Testing and Validation
### Ecosystem Compatibility Testing
The library includes comprehensive test suites that validate compatibility with reference implementations like `nak`:
```bash
# Run all tests
cd tests && make test
# Test specific functionality
make test-crypto # Cryptographic primitives
make test-core # High-level NOSTR functions
```
### Test Vectors
Real-world test vectors are generated using `nak` to ensure ecosystem compatibility:
- Key generation and derivation (BIP39/BIP32)
- Event creation and signing
- Bech32 encoding/decoding
- Message serialization
## Documentation for Exporters
### Essential Files Checklist
For projects integrating this library, you need:
**Core Files (Required):**
- `nostr_core.h` - Main API
- `nostr_core.c` - Implementation
- `nostr_crypto.h` - Crypto API
- `nostr_crypto.c` - Self-contained crypto
- `cjson/` directory - JSON parsing
**Optional Files:**
- `nostr_websocket/` - WebSocket relay support
- `mbedtls/` - Enhanced crypto backend
- `examples/` - Usage examples
- `tests/` - Validation tests
### Minimal Integration Example
```c
// minimal_nostr.c - Smallest possible integration
#include "nostr_core.h"
int main() {
// Initialize library
nostr_init();
// Generate keypair
unsigned char priv[32], pub[32];
nostr_generate_keypair(priv, pub);
// Create and sign event
cJSON* event = nostr_create_text_event("Hello from my app!", priv);
char* json_string = cJSON_Print(event);
printf("Event: %s\n", json_string);
// Cleanup
free(json_string);
cJSON_Delete(event);
nostr_cleanup();
return 0;
}
```
**Compile:**
```bash
gcc -I. minimal_nostr.c nostr_core.c nostr_crypto.c cjson/cJSON.c -lm -o minimal_nostr
```
## Future Considerations
### Language Bindings
The C library is designed to be easily wrapped:
- **Python**: Use ctypes or cffi
- **JavaScript**: Use Node.js FFI or WASM compilation
- **Go**: Use cgo
- **Rust**: Use bindgen for FFI bindings
### WebAssembly Support
The library can be compiled to WebAssembly for browser usage:
```bash
emcc -O3 -s WASM=1 -s EXPORTED_FUNCTIONS='["_nostr_init", "_nostr_generate_keypair"]' \
nostr_core.c nostr_crypto.c cjson/cJSON.c -o nostr.wasm
```
### Package Manager Support
Future versions may include:
- pkgconfig files for system installation
- CMake integration for easier builds
- vcpkg/Conan package definitions
## Contributing Back
Projects using this library are encouraged to:
1. Report compatibility issues
2. Submit test vectors from their use cases
3. Contribute performance improvements
4. Add support for additional NIPs
## Version Compatibility
The library follows semantic versioning:
- **Major**: Breaking API changes
- **Minor**: New features, backward compatible
- **Patch**: Bug fixes
API stability guarantees:
- All functions prefixed with `nostr_` are part of the stable API
- Internal functions (static or prefixed with `_`) may change
- Configuration structures may be extended but not modified
---
This design ensures the C NOSTR library can be easily adopted by other projects while maintaining high compatibility with the NOSTR ecosystem standards.

29
EXPORT_GUIDE.md
View File

@@ -1,29 +0,0 @@
# c-nostr Export and Implementation Guide
## Overview
This guide provides essential information for developers using the `c-nostr` library, particularly regarding the capabilities and limitations of its self-contained modules, such as the HTTP client.
## HTTP Client (`http_client.c`)
The `http_client` module is a lightweight, self-contained HTTP/HTTPS client designed for simple and direct web requests. It is ideal for tasks like fetching NIP-11 information from Nostr relays or interacting with standard, permissive web APIs.
### Key Features
* **Self-Contained**: It is built with `mbedTLS` and has no external dependencies beyond standard C libraries, making it highly portable.
* **Simplicity**: It provides a straightforward `http_get()` function for making web requests.
* **TLS Support**: It supports HTTPS and basic TLS 1.3/1.2 features, including SNI (Server Name Indication) and ALPN (Application-Layer Protocol Negotiation).
### Limitations
The `http_client` is intentionally simple and is **not a full-featured web browser**. Due to its minimalist design, it will likely be blocked by websites that employ advanced anti-bot protection systems.
* **Incompatibility with Advanced Bot Protection**: Sites like Google, Cloudflare, and others use sophisticated fingerprinting techniques to distinguish between real browsers and automated clients. They analyze the exact combination of TLS cipher suites, TLS extensions, and HTTP headers. Our client's fingerprint does not match a standard browser, so these sites will preemptively drop the connection, typically resulting in a `HTTP_ERROR_NETWORK` error.
* **Intended Use Case**: This client is best suited for interacting with known, friendly APIs and Nostr relays. It is **not** designed for general web scraping or for accessing services that are heavily guarded against automated traffic.
### Best Practices
* **Use for APIs and Relays**: Rely on this client for fetching data from well-defined, public endpoints that do not have aggressive bot-detection measures in place.
* **Avoid Protected Sites**: Do not attempt to use this client to access services like Google Search, as such attempts will fail. For those use cases, a full-featured library like `libcurl` or a dedicated web-scraping framework is required.
* **Check the Test Suite**: The `tests/http_client_test.c` file contains test cases that demonstrate both the successful use cases (e.g., `httpbin.org`) and the expected failures (e.g., `google.com`), providing a clear reference for the client's capabilities.

361
GENERIC_AUTOMATIC_VERSIONING_GUIDE.md
View File

@@ -1,361 +0,0 @@
# Generic Automatic Version Increment System for Any Repository
Here's a generalized implementation guide for adding automatic versioning to any project:
## Core Concept
**Automatic patch version increment with each build** - Every build automatically increments the patch version: v0.1.0 → v0.1.1 → v0.1.2, etc.
## Implementation Steps
### 1. Add Version Increment Function to Build Script
Add this function to your build script (bash example):
```bash
# Function to automatically increment version
increment_version() {
echo "[INFO] Incrementing version..."
# Check if we're in a git repository
if ! git rev-parse --git-dir > /dev/null 2>&1; then
echo "[WARNING] Not in a git repository - skipping version increment"
return 0
fi
# Get the highest version tag (not chronologically latest)
LATEST_TAG=$(git tag -l 'v*.*.*' | sort -V | tail -n 1 || echo "v0.1.0")
if [[ -z "$LATEST_TAG" ]]; then
LATEST_TAG="v0.1.0"
fi
# Extract version components (remove 'v' prefix)
VERSION=${LATEST_TAG#v}
# Parse major.minor.patch using regex
if [[ $VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
MAJOR=${BASH_REMATCH[1]}
MINOR=${BASH_REMATCH[2]}
PATCH=${BASH_REMATCH[3]}
else
echo "[ERROR] Invalid version format in tag: $LATEST_TAG"
echo "[ERROR] Expected format: v0.1.0"
return 1
fi
# Increment patch version
NEW_PATCH=$((PATCH + 1))
NEW_VERSION="v${MAJOR}.${MINOR}.${NEW_PATCH}"
echo "[INFO] Current version: $LATEST_TAG"
echo "[INFO] New version: $NEW_VERSION"
# Create new git tag
if git tag "$NEW_VERSION" 2>/dev/null; then
echo "[SUCCESS] Created new version tag: $NEW_VERSION"
else
echo "[WARNING] Tag $NEW_VERSION already exists - using existing version"
NEW_VERSION=$LATEST_TAG
fi
# Update VERSION file for compatibility
echo "${NEW_VERSION#v}" > VERSION
echo "[SUCCESS] Updated VERSION file to ${NEW_VERSION#v}"
}
```
### 2. Generate Version Header Files (For C/C++ Projects)
Add this to the increment_version function:
```bash
# Generate version.h header file (adjust path as needed)
cat > src/version.h << EOF
/*
* Auto-Generated Version Header
* DO NOT EDIT THIS FILE MANUALLY - Generated by build script
*/
#ifndef VERSION_H
#define VERSION_H
#define VERSION_MAJOR ${MAJOR}
#define VERSION_MINOR ${MINOR}
#define VERSION_PATCH ${NEW_PATCH}
#define VERSION_STRING "${MAJOR}.${MINOR}.${NEW_PATCH}"
#define VERSION_TAG "${NEW_VERSION}"
/* Build information */
#define BUILD_DATE "$(date +%Y-%m-%d)"
#define BUILD_TIME "$(date +%H:%M:%S)"
#define BUILD_TIMESTAMP "$(date '+%Y-%m-%d %H:%M:%S')"
/* Git information */
#define GIT_HASH "$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')"
#define GIT_BRANCH "$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo 'unknown')"
/* Display versions */
#define VERSION_DISPLAY "${NEW_VERSION}"
#define VERSION_FULL_DISPLAY "${NEW_VERSION} ($(date '+%Y-%m-%d %H:%M:%S'), $(git rev-parse --short HEAD 2>/dev/null || echo 'unknown'))"
/* Version API functions */
const char* get_version(void);
const char* get_version_full(void);
const char* get_build_info(void);
#endif /* VERSION_H */
EOF
# Generate version.c implementation file
cat > src/version.c << EOF
/*
* Auto-Generated Version Implementation
* DO NOT EDIT THIS FILE MANUALLY - Generated by build script
*/
#include "version.h"
const char* get_version(void) {
return VERSION_TAG;
}
const char* get_version_full(void) {
return VERSION_FULL_DISPLAY;
}
const char* get_build_info(void) {
return "Built on " BUILD_DATE " at " BUILD_TIME " from commit " GIT_HASH " on branch " GIT_BRANCH;
}
EOF
```
### 3. Generate Version File for Other Languages
**Python (`src/__version__.py`):**
```bash
cat > src/__version__.py << EOF
"""Auto-generated version file"""
__version__ = "${MAJOR}.${MINOR}.${NEW_PATCH}"
__version_tag__ = "${NEW_VERSION}"
__build_date__ = "$(date +%Y-%m-%d)"
__build_time__ = "$(date +%H:%M:%S)"
__git_hash__ = "$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')"
__git_branch__ = "$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo 'unknown')"
EOF
```
**JavaScript/Node.js (update `package.json`):**
```bash
# Update package.json version field
if [ -f package.json ]; then
sed -i "s/\"version\": \".*\"/\"version\": \"${MAJOR}.${MINOR}.${NEW_PATCH}\"/" package.json
fi
```
**Rust (update `Cargo.toml`):**
```bash
if [ -f Cargo.toml ]; then
sed -i "s/^version = \".*\"/version = \"${MAJOR}.${MINOR}.${NEW_PATCH}\"/" Cargo.toml
fi
```
**Go (generate `version.go`):**
```bash
cat > version.go << EOF
// Auto-generated version file
package main
const (
VersionMajor = ${MAJOR}
VersionMinor = ${MINOR}
VersionPatch = ${NEW_PATCH}
VersionString = "${MAJOR}.${MINOR}.${NEW_PATCH}"
VersionTag = "${NEW_VERSION}"
BuildDate = "$(date +%Y-%m-%d)"
BuildTime = "$(date +%H:%M:%S)"
GitHash = "$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')"
GitBranch = "$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo 'unknown')"
)
EOF
```
**Java (generate `Version.java`):**
```bash
cat > src/main/java/Version.java << EOF
// Auto-generated version class
public class Version {
public static final int VERSION_MAJOR = ${MAJOR};
public static final int VERSION_MINOR = ${MINOR};
public static final int VERSION_PATCH = ${NEW_PATCH};
public static final String VERSION_STRING = "${MAJOR}.${MINOR}.${NEW_PATCH}";
public static final String VERSION_TAG = "${NEW_VERSION}";
public static final String BUILD_DATE = "$(date +%Y-%m-%d)";
public static final String BUILD_TIME = "$(date +%H:%M:%S)";
public static final String GIT_HASH = "$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')";
public static final String GIT_BRANCH = "$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo 'unknown')";
}
EOF
```
### 4. Integrate into Build Targets
Call `increment_version` before your main build commands:
```bash
build_library() {
increment_version
echo "[INFO] Building library..."
# Your actual build commands here
make clean && make
}
build_release() {
increment_version
echo "[INFO] Building release..."
# Your release build commands
}
build_package() {
increment_version
echo "[INFO] Building package..."
# Your packaging commands
}
```
### 5. Update .gitignore
Add generated version files to `.gitignore`:
```gitignore
# Auto-generated version files
src/version.h
src/version.c
src/__version__.py
version.go
src/main/java/Version.java
VERSION
```
### 6. Update Build System Files
**For Makefile projects:**
```makefile
# Add version.c to your source files
SOURCES = main.c utils.c version.c
```
**For CMake projects:**
```cmake
# Add version files to your target
target_sources(your_target PRIVATE src/version.c)
```
**For Node.js projects:**
```json
{
"scripts": {
"build": "node build.js && increment_version",
"version": "node -e \"console.log(require('./package.json').version)\""
}
}
```
### 7. Create Initial Version Tag
```bash
# Start with initial version
git tag v0.1.0
```
## Usage Pattern
```bash
./build.sh # v0.1.0 → v0.1.1
./build.sh release # v0.1.1 → v0.1.2
./build.sh package # v0.1.2 → v0.1.3
```
## Manual Version Control
### Major/Minor Version Bumps
```bash
# For feature releases (minor bump)
git tag v0.2.0 # Next build: v0.2.1
# For breaking changes (major bump)
git tag v1.0.0 # Next build: v1.0.1
```
### Version Reset
```bash
# Delete incorrect tags (if needed)
git tag -d v0.2.1
git push origin --delete v0.2.1 # If pushed to remote
# Create correct base version
git tag v0.2.0
# Next build will create v0.2.1
```
## Example Build Script Template
```bash
#!/bin/bash
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
print_status() { echo -e "${BLUE}[INFO]${NC} $1"; }
print_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
print_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
print_error() { echo -e "${RED}[ERROR]${NC} $1"; }
# Insert increment_version function here
case "${1:-build}" in
build)
increment_version
print_status "Building project..."
# Your build commands
;;
clean)
print_status "Cleaning build artifacts..."
# Your clean commands
;;
test)
print_status "Running tests..."
# Your test commands (no version increment)
;;
release)
increment_version
print_status "Building release..."
# Your release commands
;;
*)
echo "Usage: $0 {build|clean|test|release}"
exit 1
;;
esac
```
## Benefits
1. **Zero maintenance** - No manual version editing
2. **Build traceability** - Every build has unique version + metadata
3. **Git integration** - Automatic version tags
4. **Language agnostic** - Adapt generation for any language
5. **CI/CD friendly** - Works in automated environments
6. **Rollback friendly** - Easy to revert to previous versions
## Troubleshooting
### Version Not Incrementing
- Ensure you're in a git repository
- Check that git tags exist: `git tag --list`
- Verify tag format matches `v*.*.*` pattern
### Tag Already Exists
If a tag already exists, the build continues with existing version:
```
[WARNING] Tag v0.2.1 already exists - using existing version
```
### Missing Git Information
If git is unavailable, version files show "unknown" for git hash and branch.

319
LIBRARY_USAGE.md
View File

@@ -1,319 +0,0 @@
# NOSTR Core Library - Usage Guide
## Overview
The NOSTR Core Library (`libnostr_core`) is a self-contained, exportable C library for NOSTR protocol implementation. It requires **no external cryptographic dependencies** (no OpenSSL, no libwally) and can be easily integrated into other projects.
## Key Features
- **Self-Contained Crypto**: All cryptographic operations implemented from scratch
- **Zero External Dependencies**: Only requires standard C library, cJSON, and libwebsockets
- **Cross-Platform**: Builds on Linux, macOS, Windows (with appropriate toolchain)
- **NIP-06 Compliant**: Proper BIP39/BIP32 implementation for key derivation
- **Thread-Safe**: Core cryptographic functions are stateless and thread-safe
- **Easy Integration**: Simple C API with clear error handling
## File Structure for Export
### Core Library Files (Required)
```
libnostr_core/
├── nostr_core.h # Main public API header
├── nostr_core.c # Core implementation
├── nostr_crypto.h # Crypto implementation header
├── nostr_crypto.c # Self-contained crypto implementation
├── Makefile # Build configuration
└── cjson/ # JSON library (can be replaced with system cJSON)
├── cJSON.h
└── cJSON.c
```
### Optional Files
```
├── examples/ # Usage examples (helpful for integration)
├── LIBRARY_USAGE.md # This usage guide
├── SELF_CONTAINED_CRYPTO.md # Crypto implementation details
└── CROSS_PLATFORM_GUIDE.md # Platform-specific build notes
```
## Integration Methods
### Method 1: Static Library Integration
1. **Copy Required Files**:
```bash
cp nostr_core.h nostr_core.c nostr_crypto.h nostr_crypto.c /path/to/your/project/
cp -r cjson/ /path/to/your/project/
```
2. **Build Static Library**:
```bash
gcc -c -fPIC nostr_core.c nostr_crypto.c cjson/cJSON.c
ar rcs libnostr_core.a nostr_core.o nostr_crypto.o cJSON.o
```
3. **Link in Your Project**:
```bash
gcc your_project.c -L. -lnostr_core -lm -o your_project
```
### Method 2: Direct Source Integration
Simply include the source files directly in your project:
```c
// In your project
#include "nostr_core.h"
// Compile with:
// gcc your_project.c nostr_core.c nostr_crypto.c cjson/cJSON.c -lm
```
### Method 3: Shared Library Integration
1. **Build Shared Library**:
```bash
make libnostr_core.so
```
2. **Install System-Wide** (optional):
```bash
sudo cp libnostr_core.so /usr/local/lib/
sudo cp nostr_core.h /usr/local/include/
sudo ldconfig
```
3. **Use in Projects**:
```bash
gcc your_project.c -lnostr_core -lm
```
## Building the Library
### Using the Provided Build Script
The library includes an automated build script that handles all dependencies and creates a self-contained static library.
**IMPORTANT**: The build script must be run from within the `nostr_core_lib` directory:
```bash
# Correct usage:
cd nostr_core_lib
./build.sh
# If you need to use it from your project directory:
cd nostr_core_lib
./build.sh
cd ..
gcc your_app.c nostr_core_lib/libnostr_core_x64.a -lz -ldl -lpthread -lm -o your_app
```
**Common Error**: Running `./nostr_core_lib/build.sh` from outside the library directory will fail with:
```
[ERROR] Build script must be run from the nostr_core_lib directory
```
### Build Script Options
```bash
# Auto-detect NIPs from your source code
./build.sh
# Force specific NIPs
./build.sh --nips=1,6,19
# Build all available NIPs
./build.sh --nips=all
# Build for specific architecture
./build.sh arm64
# Build with tests
./build.sh --tests
# Get help
./build.sh --help
```
The build script automatically:
- Scans your `.c` files for `#include "nip*.h"` statements
- Compiles only the needed NIPs
- Creates a self-contained static library (`libnostr_core_x64.a`)
- Includes all dependencies (OpenSSL, curl, secp256k1, cJSON)
## Basic Usage Example
```c
#include "nostr_core.h"
#include <stdio.h>
#include <stdlib.h>
int main() {
// Initialize the library
if (nostr_init() != NOSTR_SUCCESS) {
fprintf(stderr, "Failed to initialize NOSTR library\n");
return 1;
}
// Generate a keypair
unsigned char private_key[32];
unsigned char public_key[32];
if (nostr_generate_keypair(private_key, public_key) != NOSTR_SUCCESS) {
fprintf(stderr, "Failed to generate keypair\n");
nostr_cleanup();
return 1;
}
// Convert to hex and bech32
char private_hex[65], public_hex[65];
char nsec[100], npub[100];
nostr_bytes_to_hex(private_key, 32, private_hex);
nostr_bytes_to_hex(public_key, 32, public_hex);
nostr_key_to_bech32(private_key, "nsec", nsec);
nostr_key_to_bech32(public_key, "npub", npub);
printf("Private Key: %s\n", private_hex);
printf("Public Key: %s\n", public_hex);
printf("nsec: %s\n", nsec);
printf("npub: %s\n", npub);
// Create and sign an event
cJSON* event = nostr_create_text_event("Hello NOSTR!", private_key);
if (event) {
char* event_json = cJSON_Print(event);
printf("Signed Event: %s\n", event_json);
free(event_json);
cJSON_Delete(event);
}
// Cleanup
nostr_cleanup();
return 0;
}
```
## Dependency Management
### Required Dependencies
- **Standard C Library**: malloc, string functions, file I/O
- **Math Library**: `-lm` (for cryptographic calculations)
- **cJSON**: JSON parsing (included, or use system version)
### Optional Dependencies
- **libwebsockets**: Only needed for relay communication functions
- **System cJSON**: Can replace bundled version
### Minimal Integration (Crypto Only)
If you only need key generation and signing:
```bash
# Build with minimal dependencies
gcc -DNOSTR_CRYPTO_ONLY your_project.c nostr_crypto.c -lm
```
## Cross-Platform Considerations
### Linux
- Works out of the box with GCC
- Install build-essential: `sudo apt install build-essential`
### macOS
- Works with Xcode command line tools
- May need: `xcode-select --install`
### Windows
- Use MinGW-w64 or MSYS2
- Or integrate with Visual Studio project
### Embedded Systems
- Library is designed to work on resource-constrained systems
- No heap allocations in core crypto functions
- Stack usage is predictable and bounded
## API Reference
### Initialization
```c
int nostr_init(void); // Initialize library
void nostr_cleanup(void); // Cleanup resources
const char* nostr_strerror(int error); // Get error string
```
### Key Generation
```c
int nostr_generate_keypair(unsigned char* private_key, unsigned char* public_key);
int nostr_generate_mnemonic_and_keys(char* mnemonic, size_t mnemonic_size,
int account, unsigned char* private_key,
unsigned char* public_key);
int nostr_derive_keys_from_mnemonic(const char* mnemonic, int account,
unsigned char* private_key, unsigned char* public_key);
```
### Event Creation
```c
cJSON* nostr_create_text_event(const char* content, const unsigned char* private_key);
cJSON* nostr_create_profile_event(const char* name, const char* about,
const unsigned char* private_key);
int nostr_sign_event(cJSON* event, const unsigned char* private_key);
```
### Utilities
```c
void nostr_bytes_to_hex(const unsigned char* bytes, size_t len, char* hex);
int nostr_hex_to_bytes(const char* hex, unsigned char* bytes, size_t len);
int nostr_key_to_bech32(const unsigned char* key, const char* hrp, char* output);
nostr_input_type_t nostr_detect_input_type(const char* input);
```
## Error Handling
All functions return standardized error codes:
- `NOSTR_SUCCESS` (0): Operation successful
- `NOSTR_ERROR_INVALID_INPUT` (-1): Invalid parameters
- `NOSTR_ERROR_CRYPTO_FAILED` (-2): Cryptographic operation failed
- `NOSTR_ERROR_MEMORY_FAILED` (-3): Memory allocation failed
- `NOSTR_ERROR_IO_FAILED` (-4): File I/O operation failed
- `NOSTR_ERROR_NETWORK_FAILED` (-5): Network operation failed
## Security Considerations
1. **Private Key Handling**: Always clear private keys from memory when done
2. **Random Number Generation**: Uses `/dev/urandom` on Unix systems
3. **Memory Safety**: All buffers are bounds-checked
4. **Constant-Time Operations**: Critical crypto operations are timing-attack resistant
## Testing Your Integration
Use the provided examples to verify your integration:
```bash
# Test key generation
./examples/simple_keygen
# Test mnemonic functionality
./examples/mnemonic_generation
# Test event creation
./examples/text_event
# Test all functionality
./examples/utility_functions
```
## Support and Documentation
- See `examples/` directory for comprehensive usage examples
- Check `SELF_CONTAINED_CRYPTO.md` for cryptographic implementation details
- Review `CROSS_PLATFORM_GUIDE.md` for platform-specific notes
- All functions are documented in `nostr_core.h`
## License
This library is designed to be freely integrable into other projects. Check the individual file headers for specific licensing information.
---
**Quick Start**: Copy `nostr_core.h`, `nostr_core.c`, `nostr_crypto.h`, `nostr_crypto.c`, and the `cjson/` folder to your project, then compile with `-lm`. That's it!

755
POOL_API.md Normal file
View File

@@ -0,0 +1,755 @@
# Relay Pool API Reference
This document describes the public API for the Nostr Relay Pool implementation in [`core_relay_pool.c`](nostr_core/core_relay_pool.c).
## Function Summary
| Function | Description |
|----------|-------------|
| [`nostr_relay_pool_create()`](nostr_core/core_relay_pool.c:219) | Create and initialize a new relay pool |
| [`nostr_relay_pool_destroy()`](nostr_core/core_relay_pool.c:304) | Destroy pool and cleanup all resources |
| [`nostr_relay_pool_add_relay()`](nostr_core/core_relay_pool.c:229) | Add a relay URL to the pool |
| [`nostr_relay_pool_remove_relay()`](nostr_core/core_relay_pool.c:273) | Remove a relay URL from the pool |
| [`nostr_relay_pool_subscribe()`](nostr_core/core_relay_pool.c:399) | Create async subscription with callbacks |
| [`nostr_pool_subscription_close()`](nostr_core/core_relay_pool.c:491) | Close subscription and free resources |
| [`nostr_relay_pool_run()`](nostr_core/core_relay_pool.c:1192) | Run event loop for specified timeout |
| [`nostr_relay_pool_poll()`](nostr_core/core_relay_pool.c:1232) | Single iteration poll and dispatch |
| [`nostr_relay_pool_query_sync()`](nostr_core/core_relay_pool.c:695) | Synchronous query returning event array |
| [`nostr_relay_pool_get_event()`](nostr_core/core_relay_pool.c:825) | Get single most recent event |
| [`nostr_relay_pool_publish_async()`](nostr_core/core_relay_pool.c:866) | Publish event with async callbacks |
| [`nostr_relay_pool_get_relay_status()`](nostr_core/core_relay_pool.c:944) | Get connection status for a relay |
| [`nostr_relay_pool_list_relays()`](nostr_core/core_relay_pool.c:960) | List all relays and their statuses |
| [`nostr_relay_pool_get_relay_stats()`](nostr_core/core_relay_pool.c:992) | Get detailed statistics for a relay |
| [`nostr_relay_pool_reset_relay_stats()`](nostr_core/core_relay_pool.c:1008) | Reset statistics for a relay |
| [`nostr_relay_pool_get_relay_query_latency()`](nostr_core/core_relay_pool.c:1045) | Get average query latency for a relay |
## Pool Lifecycle
### Create Pool
**Function:** [`nostr_relay_pool_create()`](nostr_core/core_relay_pool.c:219)
```c
nostr_relay_pool_t* nostr_relay_pool_create(void);
```
**Example:**
```c
#include "nostr_core.h"
int main() {
// Create a new relay pool
nostr_relay_pool_t* pool = nostr_relay_pool_create();
if (!pool) {
fprintf(stderr, "Failed to create relay pool\n");
return -1;
}
// Use the pool...
// Clean up
nostr_relay_pool_destroy(pool);
return 0;
}
```
### Destroy Pool
**Function:** [`nostr_relay_pool_destroy()`](nostr_core/core_relay_pool.c:304)
```c
void nostr_relay_pool_destroy(nostr_relay_pool_t* pool);
```
**Example:**
```c
// Properly cleanup a relay pool
void cleanup_pool(nostr_relay_pool_t* pool) {
if (pool) {
// This will close all active subscriptions and relay connections
nostr_relay_pool_destroy(pool);
pool = NULL;
}
}
```
## Relay Management
### Add Relay
**Function:** [`nostr_relay_pool_add_relay()`](nostr_core/core_relay_pool.c:229)
```c
int nostr_relay_pool_add_relay(nostr_relay_pool_t* pool, const char* relay_url);
```
**Example:**
```c
int setup_relays(nostr_relay_pool_t* pool) {
const char* relays[] = {
"wss://relay.damus.io",
"wss://nos.lol",
"wss://relay.nostr.band"
};
for (int i = 0; i < 3; i++) {
int result = nostr_relay_pool_add_relay(pool, relays[i]);
if (result != NOSTR_SUCCESS) {
fprintf(stderr, "Failed to add relay %s: %d\n", relays[i], result);
return -1;
}
printf("Added relay: %s\n", relays[i]);
}
return 0;
}
```
### Remove Relay
**Function:** [`nostr_relay_pool_remove_relay()`](nostr_core/core_relay_pool.c:273)
```c
int nostr_relay_pool_remove_relay(nostr_relay_pool_t* pool, const char* relay_url);
```
**Example:**
```c
int remove_slow_relay(nostr_relay_pool_t* pool) {
const char* slow_relay = "wss://slow-relay.example.com";
int result = nostr_relay_pool_remove_relay(pool, slow_relay);
if (result == NOSTR_SUCCESS) {
printf("Successfully removed relay: %s\n", slow_relay);
} else {
printf("Failed to remove relay %s (may not exist)\n", slow_relay);
}
return result;
}
```
## Subscriptions (Asynchronous)
### Subscribe to Events
**Function:** [`nostr_relay_pool_subscribe()`](nostr_core/core_relay_pool.c:399)
```c
nostr_pool_subscription_t* nostr_relay_pool_subscribe(
nostr_relay_pool_t* pool,
const char** relay_urls,
int relay_count,
cJSON* filter,
void (*on_event)(cJSON* event, const char* relay_url, void* user_data),
void (*on_eose)(void* user_data),
void* user_data);
```
**Example:**
```c
#include "cjson/cJSON.h"
// Event callback - called for each received event
void handle_event(cJSON* event, const char* relay_url, void* user_data) {
cJSON* content = cJSON_GetObjectItem(event, "content");
cJSON* pubkey = cJSON_GetObjectItem(event, "pubkey");
if (content && pubkey) {
printf("Event from %s: %s (by %s)\n",
relay_url,
cJSON_GetStringValue(content),
cJSON_GetStringValue(pubkey));
}
}
// EOSE callback - called when all relays finish sending stored events
void handle_eose(void* user_data) {
printf("All relays finished sending stored events\n");
}
int subscribe_to_notes(nostr_relay_pool_t* pool) {
// Create filter for kind 1 (text notes) from last hour
cJSON* filter = cJSON_CreateObject();
cJSON* kinds = cJSON_CreateArray();
cJSON_AddItemToArray(kinds, cJSON_CreateNumber(1));
cJSON_AddItemToObject(filter, "kinds", kinds);
time_t since = time(NULL) - 3600; // Last hour
cJSON_AddItemToObject(filter, "since", cJSON_CreateNumber(since));
cJSON_AddItemToObject(filter, "limit", cJSON_CreateNumber(50));
// Subscribe to specific relays
const char* relay_urls[] = {
"wss://relay.damus.io",
"wss://nos.lol"
};
nostr_pool_subscription_t* sub = nostr_relay_pool_subscribe(
pool,
relay_urls,
2,
filter,
handle_event,
handle_eose,
NULL // user_data
);
cJSON_Delete(filter); // Pool makes its own copy
if (!sub) {
fprintf(stderr, "Failed to create subscription\n");
return -1;
}
// Drive the event loop to receive events
printf("Listening for events for 30 seconds...\n");
nostr_relay_pool_run(pool, 30000); // 30 seconds
// Close subscription
nostr_pool_subscription_close(sub);
return 0;
}
```
### Close Subscription
**Function:** [`nostr_pool_subscription_close()`](nostr_core/core_relay_pool.c:491)
```c
int nostr_pool_subscription_close(nostr_pool_subscription_t* subscription);
```
**Example:**
```c
// Subscription management with cleanup
typedef struct {
nostr_pool_subscription_t* subscription;
int event_count;
int should_stop;
} subscription_context_t;
void event_counter(cJSON* event, const char* relay_url, void* user_data) {
subscription_context_t* ctx = (subscription_context_t*)user_data;
ctx->event_count++;
printf("Received event #%d from %s\n", ctx->event_count, relay_url);
// Stop after 10 events
if (ctx->event_count >= 10) {
ctx->should_stop = 1;
}
}
int limited_subscription(nostr_relay_pool_t* pool) {
subscription_context_t ctx = {0};
// Create filter
cJSON* filter = cJSON_CreateObject();
cJSON* kinds = cJSON_CreateArray();
cJSON_AddItemToArray(kinds, cJSON_CreateNumber(1));
cJSON_AddItemToObject(filter, "kinds", kinds);
const char* relay_urls[] = {"wss://relay.damus.io"};
ctx.subscription = nostr_relay_pool_subscribe(
pool, relay_urls, 1, filter, event_counter, NULL, &ctx);
cJSON_Delete(filter);
if (!ctx.subscription) {
return -1;
}
// Poll until we should stop
while (!ctx.should_stop) {
int events = nostr_relay_pool_poll(pool, 100);
if (events < 0) break;
}
// Clean up
int result = nostr_pool_subscription_close(ctx.subscription);
printf("Subscription closed with result: %d\n", result);
return 0;
}
```
## Event Loop
### Run Timed Loop
**Function:** [`nostr_relay_pool_run()`](nostr_core/core_relay_pool.c:1192)
```c
int nostr_relay_pool_run(nostr_relay_pool_t* pool, int timeout_ms);
```
**Example:**
```c
int run_event_loop(nostr_relay_pool_t* pool) {
printf("Starting event loop for 60 seconds...\n");
// Run for 60 seconds, processing all incoming events
int total_events = nostr_relay_pool_run(pool, 60000);
if (total_events < 0) {
fprintf(stderr, "Event loop error\n");
return -1;
}
printf("Processed %d events total\n", total_events);
return 0;
}
```
### Single Poll Iteration
**Function:** [`nostr_relay_pool_poll()`](nostr_core/core_relay_pool.c:1232)
```c
int nostr_relay_pool_poll(nostr_relay_pool_t* pool, int timeout_ms);
```
**Example:**
```c
// Integration with custom main loop
int custom_main_loop(nostr_relay_pool_t* pool) {
int running = 1;
int total_events = 0;
while (running) {
// Poll for Nostr events (non-blocking with 50ms timeout)
int events = nostr_relay_pool_poll(pool, 50);
if (events > 0) {
total_events += events;
printf("Processed %d events this iteration\n", events);
}
// Do other work in your application
// handle_ui_events();
// process_background_tasks();
// Check exit condition
// running = !should_exit();
// Simple exit after 100 events for demo
if (total_events >= 100) {
running = 0;
}
}
printf("Main loop finished, processed %d total events\n", total_events);
return 0;
}
```
## Synchronous Operations
### Query Multiple Events
**Function:** [`nostr_relay_pool_query_sync()`](nostr_core/core_relay_pool.c:695)
```c
cJSON** nostr_relay_pool_query_sync(
nostr_relay_pool_t* pool,
const char** relay_urls,
int relay_count,
cJSON* filter,
int* event_count,
int timeout_ms);
```
**Example:**
```c
int query_recent_notes(nostr_relay_pool_t* pool) {
// Create filter for recent text notes
cJSON* filter = cJSON_CreateObject();
cJSON* kinds = cJSON_CreateArray();
cJSON_AddItemToArray(kinds, cJSON_CreateNumber(1));
cJSON_AddItemToObject(filter, "kinds", kinds);
cJSON_AddItemToObject(filter, "limit", cJSON_CreateNumber(20));
const char* relay_urls[] = {
"wss://relay.damus.io",
"wss://nos.lol"
};
int event_count = 0;
cJSON** events = nostr_relay_pool_query_sync(
pool, relay_urls, 2, filter, &event_count, 10000); // 10 second timeout
cJSON_Delete(filter);
if (!events) {
printf("No events received or query failed\n");
return -1;
}
printf("Received %d events:\n", event_count);
for (int i = 0; i < event_count; i++) {
cJSON* content = cJSON_GetObjectItem(events[i], "content");
if (content) {
printf(" %d: %s\n", i + 1, cJSON_GetStringValue(content));
}
// Free each event
cJSON_Delete(events[i]);
}
// Free the events array
free(events);
return event_count;
}
```
### Get Single Most Recent Event
**Function:** [`nostr_relay_pool_get_event()`](nostr_core/core_relay_pool.c:825)
```c
cJSON* nostr_relay_pool_get_event(
nostr_relay_pool_t* pool,
const char** relay_urls,
int relay_count,
cJSON* filter,
int timeout_ms);
```
**Example:**
```c
int get_latest_note_from_pubkey(nostr_relay_pool_t* pool, const char* pubkey_hex) {
// Create filter for specific author's notes
cJSON* filter = cJSON_CreateObject();
cJSON* kinds = cJSON_CreateArray();
cJSON_AddItemToArray(kinds, cJSON_CreateNumber(1));
cJSON_AddItemToObject(filter, "kinds", kinds);
cJSON* authors = cJSON_CreateArray();
cJSON_AddItemToArray(authors, cJSON_CreateString(pubkey_hex));
cJSON_AddItemToObject(filter, "authors", authors);
cJSON_AddItemToObject(filter, "limit", cJSON_CreateNumber(1));
const char* relay_urls[] = {"wss://relay.damus.io"};
cJSON* event = nostr_relay_pool_get_event(
pool, relay_urls, 1, filter, 5000); // 5 second timeout
cJSON_Delete(filter);
if (!event) {
printf("No recent event found for pubkey %s\n", pubkey_hex);
return -1;
}
cJSON* content = cJSON_GetObjectItem(event, "content");
cJSON* created_at = cJSON_GetObjectItem(event, "created_at");
if (content && created_at) {
printf("Latest note: %s (created at %ld)\n",
cJSON_GetStringValue(content),
(long)cJSON_GetNumberValue(created_at));
}
cJSON_Delete(event);
return 0;
}
```
### Publish Event
**Function:** [`nostr_relay_pool_publish_async()`](nostr_core/core_relay_pool.c:866)
```c
int nostr_relay_pool_publish_async(
nostr_relay_pool_t* pool,
const char** relay_urls,
int relay_count,
cJSON* event);
```
**Example:**
```c
int publish_text_note(nostr_relay_pool_t* pool, const char* content) {
// Create a basic text note event (this is simplified - real implementation
// would need proper signing with private key)
cJSON* event = cJSON_CreateObject();
cJSON_AddItemToObject(event, "kind", cJSON_CreateNumber(1));
cJSON_AddItemToObject(event, "content", cJSON_CreateString(content));
cJSON_AddItemToObject(event, "created_at", cJSON_CreateNumber(time(NULL)));
// In real usage, you'd add pubkey, id, sig fields here
cJSON_AddItemToObject(event, "pubkey", cJSON_CreateString("your_pubkey_hex"));
cJSON_AddItemToObject(event, "id", cJSON_CreateString("event_id_hash"));
cJSON_AddItemToObject(event, "sig", cJSON_CreateString("event_signature"));
cJSON_AddItemToObject(event, "tags", cJSON_CreateArray());
const char* relay_urls[] = {
"wss://relay.damus.io",
"wss://nos.lol",
"wss://relay.nostr.band"
};
printf("Publishing note: %s\n", content);
int success_count = nostr_relay_pool_publish_async(
pool, relay_urls, 3, event, my_callback, user_data);
cJSON_Delete(event);
printf("Successfully published to %d out of 3 relays\n", success_count);
if (success_count == 0) {
fprintf(stderr, "Failed to publish to any relay\n");
return -1;
}
return success_count;
}
```
## Status and Statistics
### Get Relay Status
**Function:** [`nostr_relay_pool_get_relay_status()`](nostr_core/core_relay_pool.c:944)
```c
nostr_pool_relay_status_t nostr_relay_pool_get_relay_status(
nostr_relay_pool_t* pool,
const char* relay_url);
```
**Example:**
```c
void check_relay_status(nostr_relay_pool_t* pool, const char* relay_url) {
nostr_pool_relay_status_t status = nostr_relay_pool_get_relay_status(pool, relay_url);
const char* status_str;
switch (status) {
case NOSTR_POOL_RELAY_DISCONNECTED:
status_str = "DISCONNECTED";
break;
case NOSTR_POOL_RELAY_CONNECTING:
status_str = "CONNECTING";
break;
case NOSTR_POOL_RELAY_CONNECTED:
status_str = "CONNECTED";
break;
case NOSTR_POOL_RELAY_ERROR:
status_str = "ERROR";
break;
default:
status_str = "UNKNOWN";
break;
}
printf("Relay %s status: %s\n", relay_url, status_str);
}
```
### List All Relays
**Function:** [`nostr_relay_pool_list_relays()`](nostr_core/core_relay_pool.c:960)
```c
int nostr_relay_pool_list_relays(
nostr_relay_pool_t* pool,
char*** relay_urls,
nostr_pool_relay_status_t** statuses);
```
**Example:**
```c
void print_all_relays(nostr_relay_pool_t* pool) {
char** relay_urls = NULL;
nostr_pool_relay_status_t* statuses = NULL;
int count = nostr_relay_pool_list_relays(pool, &relay_urls, &statuses);
if (count < 0) {
printf("Failed to list relays\n");
return;
}
if (count == 0) {
printf("No relays configured\n");
return;
}
printf("Configured relays (%d):\n", count);
for (int i = 0; i < count; i++) {
const char* status_str = (statuses[i] == NOSTR_POOL_RELAY_CONNECTED) ?
"CONNECTED" : "DISCONNECTED";
printf(" %s - %s\n", relay_urls[i], status_str);
// Free the duplicated URL string
free(relay_urls[i]);
}
// Free the arrays
free(relay_urls);
free(statuses);
}
```
### Get Relay Statistics
**Function:** [`nostr_relay_pool_get_relay_stats()`](nostr_core/core_relay_pool.c:992)
```c
const nostr_relay_stats_t* nostr_relay_pool_get_relay_stats(
nostr_relay_pool_t* pool,
const char* relay_url);
```
**Example:**
```c
void print_relay_stats(nostr_relay_pool_t* pool, const char* relay_url) {
const nostr_relay_stats_t* stats = nostr_relay_pool_get_relay_stats(pool, relay_url);
if (!stats) {
printf("No stats available for relay %s\n", relay_url);
return;
}
printf("Statistics for %s:\n", relay_url);
printf(" Connection attempts: %d\n", stats->connection_attempts);
printf(" Connection failures: %d\n", stats->connection_failures);
printf(" Events received: %d\n", stats->events_received);
printf(" Events published: %d\n", stats->events_published);
printf(" Events published OK: %d\n", stats->events_published_ok);
printf(" Events published failed: %d\n", stats->events_published_failed);
printf(" Query latency avg: %.2f ms\n", stats->query_latency_avg);
printf(" Query samples: %d\n", stats->query_samples);
printf(" Publish latency avg: %.2f ms\n", stats->publish_latency_avg);
printf(" Publish samples: %d\n", stats->publish_samples);
if (stats->last_event_time > 0) {
printf(" Last event: %ld seconds ago\n",
time(NULL) - stats->last_event_time);
}
}
```
### Reset Relay Statistics
**Function:** [`nostr_relay_pool_reset_relay_stats()`](nostr_core/core_relay_pool.c:1008)
```c
int nostr_relay_pool_reset_relay_stats(
nostr_relay_pool_t* pool,
const char* relay_url);
```
**Example:**
```c
void reset_stats_for_relay(nostr_relay_pool_t* pool, const char* relay_url) {
int result = nostr_relay_pool_reset_relay_stats(pool, relay_url);
if (result == NOSTR_SUCCESS) {
printf("Successfully reset statistics for %s\n", relay_url);
} else {
printf("Failed to reset statistics for %s\n", relay_url);
}
}
```
### Get Query Latency
**Function:** [`nostr_relay_pool_get_relay_query_latency()`](nostr_core/core_relay_pool.c:1045)
```c
double nostr_relay_pool_get_relay_query_latency(
nostr_relay_pool_t* pool,
const char* relay_url);
```
**Example:**
```c
void check_relay_performance(nostr_relay_pool_t* pool) {
const char* relays[] = {
"wss://relay.damus.io",
"wss://nos.lol",
"wss://relay.nostr.band"
};
printf("Relay performance comparison:\n");
for (int i = 0; i < 3; i++) {
double latency = nostr_relay_pool_get_relay_query_latency(pool, relays[i]);
if (latency >= 0) {
printf(" %s: %.2f ms average query latency\n", relays[i], latency);
} else {
printf(" %s: No latency data available\n", relays[i]);
}
}
}
```
## Complete Example Application
```c
#include "nostr_core.h"
#include "cjson/cJSON.h"
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
// Global context for the example
typedef struct {
int event_count;
int max_events;
} app_context_t;
void on_text_note(cJSON* event, const char* relay_url, void* user_data) {
app_context_t* ctx = (app_context_t*)user_data;
cJSON* content = cJSON_GetObjectItem(event, "content");
if (content && cJSON_IsString(content)) {
printf("[%s] Note #%d: %s\n",
relay_url, ++ctx->event_count, cJSON_GetStringValue(content));
}
}
void on_subscription_complete(void* user_data) {
printf("All relays finished sending stored events\n");
}
int main() {
// Initialize pool
nostr_relay_pool_t* pool = nostr_relay_pool_create();
if (!pool) {
fprintf(stderr, "Failed to create relay pool\n");
return 1;
}
// Add relays
const char* relays[] = {
"wss://relay.damus.io",
"wss://nos.lol"
};
for (int i = 0; i < 2; i++) {
if (nostr_relay_pool_add_relay(pool, relays[i]) != NOSTR_SUCCESS) {
fprintf(stderr, "Failed to add relay: %s\n", relays[i]);
}
}
// Create filter for recent text notes
cJSON* filter = cJSON_CreateObject();
cJSON* kinds = cJSON_CreateArray();
cJSON_AddItemToArray(kinds, cJSON_CreateNumber(1));
cJSON_AddItemToObject(filter, "kinds", kinds);
cJSON_AddItemToObject(filter, "limit", cJSON_CreateNumber(10));
// Set up context
app_context_t ctx = {0, 10};
// Subscribe
nostr_pool_subscription_t* sub = nostr_relay_pool_subscribe(
pool, relays, 2, filter, on_text_note, on_subscription_complete, &ctx);
cJSON_Delete(filter);
if (!sub) {
fprintf(stderr, "Failed to create subscription\n");
nostr_relay_pool_destroy(pool);
return 1;
}
// Run event loop for 30 seconds
printf("Listening for events...\n");
nostr_relay_pool_run(pool, 30000);
// Print final stats
for (int i = 0; i < 2; i++) {
print_relay_stats(pool, relays[i]);
}
// Cleanup
nostr_pool_subscription_close(sub);
nostr_relay_pool_destroy(pool);
printf("Application finished. Received %d events total.\n", ctx.event_count);
return 0;
}
```
## Notes
- All functions are **not thread-safe**. Use from a single thread or add external synchronization.
- **Memory ownership**: The pool duplicates filters and URLs internally. Caller owns returned events and must free them.
- **Event deduplication** is applied pool-wide using a circular buffer of 1000 event IDs.
- **Ping functionality** is currently disabled in this build.
- **Reconnection** happens on-demand when sending, but active subscriptions are not automatically re-sent after reconnect.
- **Polling model**: You must drive the event loop via [`nostr_relay_pool_run()`](nostr_core/core_relay_pool.c:1192) or [`nostr_relay_pool_poll()`](nostr_core/core_relay_pool.c:1232) to receive events.

175
README.md
View File

@@ -1,46 +1,103 @@
# NOSTR Core Library
A comprehensive, production-ready C library for NOSTR protocol implementation with OpenSSL-based cryptography and extensive protocol support.
A C library for NOSTR protocol implementation. Work in progress.
[![Version](https://img.shields.io/badge/version-0.1.20-blue.svg)](VERSION)
[![Version](https://img.shields.io/badge/version-0.2.1-blue.svg)](VERSION)
[![License](https://img.shields.io/badge/license-MIT-green.svg)](#license)
[![Build Status](https://img.shields.io/badge/build-passing-brightgreen.svg)](#building)
## 🚀 Features
### Core Protocol Support
- **NIP-01**: Basic protocol flow - event creation, signing, and validation
- **NIP-04**: Encrypted direct messages (ECDH + AES-CBC + Base64)
- **NIP-05**: DNS-based internet identifier verification
- **NIP-06**: Key derivation from mnemonic (BIP39/BIP32 compliant)
- **NIP-11**: Relay information documents
- **NIP-13**: Proof of Work for events
- **NIP-44**: Versioned encrypted direct messages (ECDH + ChaCha20 + HMAC)
## 📋 NIP Implementation Status
### Cryptographic Features
- **OpenSSL-Based**: Production-grade cryptography with OpenSSL backend
- **Secp256k1**: Complete elliptic curve implementation bundled
- **BIP39**: Mnemonic phrase generation and validation
- **BIP32**: Hierarchical deterministic key derivation
- **ChaCha20**: Stream cipher for NIP-44 encryption
- **AES-CBC**: Block cipher for NIP-04 encryption
- **Schnorr Signatures**: BIP-340 compliant signing and verification
### Core Protocol NIPs
- [x] [NIP-01](nips/01.md) - Basic protocol flow - event creation, signing, and validation
- [ ] [NIP-02](nips/02.md) - Contact List and Petnames
- [ ] [NIP-03](nips/03.md) - OpenTimestamps Attestations for Events
- [x] [NIP-04](nips/04.md) - Encrypted Direct Messages (legacy)
- [x] [NIP-05](nips/05.md) - Mapping Nostr keys to DNS-based internet identifiers
- [x] [NIP-06](nips/06.md) - Basic key derivation from mnemonic seed phrase
- [ ] [NIP-07](nips/07.md) - `window.nostr` capability for web browsers
- [ ] [NIP-08](nips/08.md) - Handling Mentions
- [ ] [NIP-09](nips/09.md) - Event Deletion
- [ ] [NIP-10](nips/10.md) - Conventions for clients' use of `e` and `p` tags in text events
- [x] [NIP-11](nips/11.md) - Relay Information Document
- [ ] [NIP-12](nips/12.md) - Generic Tag Queries
- [x] [NIP-13](nips/13.md) - Proof of Work
- [ ] [NIP-14](nips/14.md) - Subject tag in text events
- [ ] [NIP-15](nips/15.md) - Nostr Marketplace (for resilient marketplaces)
- [ ] [NIP-16](nips/16.md) - Event Treatment
- [x] [NIP-17](nips/17.md) - Private Direct Messages
- [ ] [NIP-18](nips/18.md) - Reposts
- [x] [NIP-19](nips/19.md) - bech32-encoded entities
- [ ] [NIP-20](nips/20.md) - Command Results
- [x] [NIP-21](nips/21.md) - `nostr:` URI scheme
- [ ] [NIP-22](nips/22.md) - Event `created_at` Limits
- [ ] [NIP-23](nips/23.md) - Long-form Content
- [ ] [NIP-24](nips/24.md) - Extra metadata fields and tags
- [ ] [NIP-25](nips/25.md) - Reactions
- [ ] [NIP-26](nips/26.md) - Delegated Event Signing
- [ ] [NIP-27](nips/27.md) - Text Note References
- [ ] [NIP-28](nips/28.md) - Public Chat
- [ ] [NIP-29](nips/29.md) - Relay-based Groups
- [ ] [NIP-30](nips/30.md) - Custom Emoji
- [ ] [NIP-31](nips/31.md) - Dealing with Unknown Events
- [ ] [NIP-32](nips/32.md) - Labeling
- [ ] [NIP-33](nips/33.md) - Parameterized Replaceable Events
- [ ] [NIP-34](nips/34.md) - `git` stuff
- [ ] [NIP-35](nips/35.md) - Torrents
- [ ] [NIP-36](nips/36.md) - Sensitive Content / Content Warning
- [ ] [NIP-37](nips/37.md) - Draft Events
- [ ] [NIP-38](nips/38.md) - User Statuses
- [ ] [NIP-39](nips/39.md) - External Identities in Profiles
- [ ] [NIP-40](nips/40.md) - Expiration Timestamp
- [x] [NIP-42](nips/42.md) - Authentication of clients to relays
- [x] [NIP-44](nips/44.md) - Versioned Encryption
- [ ] [NIP-45](nips/45.md) - Counting results
- [ ] [NIP-46](nips/46.md) - Nostr Connect
- [ ] [NIP-47](nips/47.md) - Wallet Connect
- [ ] [NIP-48](nips/48.md) - Proxy Tags
- [ ] [NIP-49](nips/49.md) - Private Key Encryption
- [ ] [NIP-50](nips/50.md) - Search Capability
- [ ] [NIP-51](nips/51.md) - Lists
- [ ] [NIP-52](nips/52.md) - Calendar Events
- [ ] [NIP-53](nips/53.md) - Live Activities
- [ ] [NIP-54](nips/54.md) - Wiki
- [ ] [NIP-55](nips/55.md) - Android Signer Application
- [ ] [NIP-56](nips/56.md) - Reporting
- [ ] [NIP-57](nips/57.md) - Lightning Zaps
- [ ] [NIP-58](nips/58.md) - Badges
- [x] [NIP-59](nips/59.md) - Gift Wrap
- [ ] [NIP-60](nips/60.md) - Cashu Wallet
- [ ] [NIP-61](nips/61.md) - Nutzaps
- [ ] [NIP-62](nips/62.md) - Log events
- [ ] [NIP-64](nips/64.md) - Chess (PGN)
- [ ] [NIP-65](nips/65.md) - Relay List Metadata
- [ ] [NIP-66](nips/66.md) - Relay Monitor
- [ ] [NIP-68](nips/68.md) - Web badges
- [ ] [NIP-69](nips/69.md) - Peer-to-peer Order events
- [ ] [NIP-70](nips/70.md) - Protected Events
- [ ] [NIP-71](nips/71.md) - Video Events
- [ ] [NIP-72](nips/72.md) - Moderated Communities
- [ ] [NIP-73](nips/73.md) - External Content IDs
- [ ] [NIP-75](nips/75.md) - Zap Goals
- [ ] [NIP-77](nips/77.md) - Arbitrary custom app data
- [ ] [NIP-78](nips/78.md) - Application-specific data
- [ ] [NIP-84](nips/84.md) - Highlights
- [ ] [NIP-86](nips/86.md) - Relay Management API
- [ ] [NIP-87](nips/87.md) - Relay List Recommendations
- [ ] [NIP-88](nips/88.md) - Stella: A Stellar Relay
- [ ] [NIP-89](nips/89.md) - Recommended Application Handlers
- [ ] [NIP-90](nips/90.md) - Data Vending Machines
- [ ] [NIP-92](nips/92.md) - Media Attachments
- [ ] [NIP-94](nips/94.md) - File Metadata
- [ ] [NIP-96](nips/96.md) - HTTP File Storage Integration
- [ ] [NIP-98](nips/98.md) - HTTP Auth
- [ ] [NIP-99](nips/99.md) - Classified Listings
### Networking & Relay Support
- **Multi-Relay Queries**: Synchronous querying with progress callbacks
- **Relay Pools**: Asynchronous connection management with statistics
- **OpenSSL WebSocket Communication**: Full relay protocol support with TLS
- **NIP-05 Identifier Verification**: DNS-based identity resolution
- **NIP-11 Relay Information**: Automatic relay capability discovery
- **Event Deduplication**: Automatic handling of duplicate events across relays
- **Connection Management**: Automatic reconnection and error handling
**Legend:** ✅ Fully Implemented | ⚠️ Partial Implementation | ❌ Not Implemented
**Implementation Summary:** 12 of 96+ NIPs fully implemented (12.5%)
### Developer Experience
- **System Dependencies**: Uses system-installed OpenSSL, curl, and secp256k1 libraries
- **Thread-Safe**: Core cryptographic functions are stateless
- **Cross-Platform**: Builds on Linux, macOS, Windows
- **Comprehensive Examples**: Ready-to-run demonstration programs
- **Automatic Versioning**: Git-tag based version management
## 📦 Quick Start
@@ -245,20 +302,32 @@ publish_result_t* synchronous_publish_event_with_progress(const char** relay_url
### Relay Pools (Asynchronous)
```c
// Create and manage relay pool
nostr_relay_pool_t* nostr_relay_pool_create(void);
// Create and manage relay pool with reconnection
nostr_pool_reconnect_config_t* config = nostr_pool_reconnect_config_default();
nostr_relay_pool_t* nostr_relay_pool_create(nostr_pool_reconnect_config_t* config);
int nostr_relay_pool_add_relay(nostr_relay_pool_t* pool, const char* relay_url);
void nostr_relay_pool_destroy(nostr_relay_pool_t* pool);
// Subscribe to events
// Subscribe to events (with auto-reconnection)
nostr_pool_subscription_t* nostr_relay_pool_subscribe(
nostr_relay_pool_t* pool, const char** relay_urls, int relay_count, cJSON* filter,
void (*on_event)(cJSON* event, const char* relay_url, void* user_data),
void (*on_eose)(void* user_data), void* user_data);
void (*on_eose)(void* user_data), void* user_data, int close_on_eose);
// Run event loop
// Run event loop (handles reconnection automatically)
int nostr_relay_pool_run(nostr_relay_pool_t* pool, int timeout_ms);
int nostr_relay_pool_poll(nostr_relay_pool_t* pool, int timeout_ms);
// Reconnection configuration
typedef struct {
int enable_auto_reconnect; // Enable automatic reconnection
int max_reconnect_attempts; // Maximum retry attempts
int initial_reconnect_delay_ms; // Initial delay between attempts
int max_reconnect_delay_ms; // Maximum delay cap
int reconnect_backoff_multiplier; // Exponential backoff factor
int ping_interval_seconds; // Health check ping interval
int pong_timeout_seconds; // Pong response timeout
} nostr_pool_reconnect_config_t;
```
### NIP-05 Identifier Verification
@@ -313,6 +382,9 @@ The library includes extensive tests:
# Individual test categories
cd tests && make test
# Interactive relay pool testing
cd tests && ./pool_test
```
**Test Categories:**
@@ -326,6 +398,7 @@ cd tests && make test
- **Relay Communication**: `relay_pool_test`, `sync_test`
- **HTTP/WebSocket**: `http_test`, `wss_test`
- **Proof of Work**: `test_pow_loop`
- **Interactive Pool Testing**: `pool_test` (menu-driven interface with reconnection testing)
## 🏗️ Integration
@@ -434,7 +507,7 @@ make arm64
## 📈 Version History
Current version: **0.1.20**
Current version: **0.2.1**
The library uses automatic semantic versioning based on Git tags. Each build increments the patch version automatically.
@@ -442,13 +515,15 @@ The library uses automatic semantic versioning based on Git tags. Each build inc
- **OpenSSL Migration**: Transitioned from mbedTLS to OpenSSL for improved compatibility
- **NIP-05 Support**: DNS-based internet identifier verification
- **NIP-11 Support**: Relay information document fetching and parsing
- **NIP-19 Support**: Bech32-encoded entities (nsec/npub)
- **Enhanced WebSocket**: OpenSSL-based TLS WebSocket communication
- **Production Ready**: Comprehensive test suite and error handling
- **Comprehensive Testing**: Extensive test suite and error handling
**Version Timeline:**
- `v0.2.x` - Current development releases with enhanced NIP support
- `v0.1.x` - Initial development releases
- Focus on core protocol implementation and OpenSSL-based crypto
- Full NIP-01, NIP-04, NIP-05, NIP-06, NIP-11, NIP-13, NIP-44 support
- Full NIP-01, NIP-04, NIP-05, NIP-06, NIP-11, NIP-13, NIP-17, NIP-19, NIP-42, NIP-44, NIP-59 support
## 🐛 Troubleshooting
@@ -456,16 +531,24 @@ The library uses automatic semantic versioning based on Git tags. Each build inc
**Build fails with secp256k1 errors:**
```bash
# Install secp256k1 with Schnorr support
sudo apt install libsecp256k1-dev # Ubuntu/Debian
# or
sudo yum install libsecp256k1-devel # CentOS/RHEL
# or
brew install secp256k1 # macOS
# If still failing, build from source with Schnorr support:
git clone https://github.com/bitcoin-core/secp256k1.git
cd secp256k1
./autogen.sh
./configure --enable-module-schnorrsig --enable-module-ecdh
make
cd ..
./build.sh lib
sudo make install
```
**Library too large:**
The x64 library is intentionally large (~15MB) because it includes all secp256k1 cryptographic functions and OpenSSL for complete self-containment. The ARM64 library is smaller (~2.4MB) as it links against system OpenSSL.
**Library size:**
The library is small (~500KB) as it links against system libraries (secp256k1, OpenSSL, curl) rather than including them statically. This keeps the binary size manageable while maintaining full functionality.
**Linking errors:**
Make sure to include the math library:
@@ -496,4 +579,4 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
**Built with ❤️ for the decentralized web**
*OpenSSL-based • Minimal dependencies • Production ready*
*OpenSSL-based • Minimal dependencies • Work in progress*

2
VERSION
View File

@@ -1 +1 @@
0.1.33
0.4.8

80
build.sh
View File

@@ -58,6 +58,7 @@ FORCE_NIPS=""
VERBOSE=false
HELP=false
BUILD_TESTS=false
BUILD_EXAMPLES=false
NO_COLOR_FLAG=false
# Parse command line arguments
@@ -83,6 +84,10 @@ while [[ $# -gt 0 ]]; do
BUILD_TESTS=true
shift
;;
--examples|-e)
BUILD_EXAMPLES=true
shift
;;
--no-color)
NO_COLOR_FLAG=true
shift
@@ -119,6 +124,7 @@ if [ "$HELP" = true ]; then
echo " --nips=1,5,6,19 Force specific NIPs (comma-separated)"
echo " --nips=all Include all available NIPs"
echo " --tests, -t Build all test programs in tests/ directory"
echo " --examples, -e Build all example programs in examples/ directory"
echo " --verbose, -v Verbose output"
echo " --no-color Disable colored output"
echo " --help, -h Show this help"
@@ -134,8 +140,12 @@ if [ "$HELP" = true ]; then
echo " 006 - Key derivation from mnemonic"
echo " 011 - Relay information document"
echo " 013 - Proof of Work"
echo " 017 - Private Direct Messages"
echo " 019 - Bech32 encoding (nsec/npub)"
echo " 021 - nostr: URI scheme"
echo " 042 - Authentication of clients to relays"
echo " 044 - Encryption (modern)"
echo " 059 - Gift Wrap"
echo ""
echo "Examples:"
echo " $0 # Auto-detect NIPs, build for current arch"
@@ -166,7 +176,7 @@ if [ "$CURRENT_DIR" != "nostr_core_lib" ]; then
echo " cd nostr_core_lib"
echo " ./build.sh"
echo " cd .."
echo " gcc your_app.c nostr_core_lib/libnostr_core_x64.a -lz -ldl -lpthread -lm -lssl -lcrypto -lcurl -o your_app"
echo " gcc your_app.c nostr_core_lib/libnostr_core_x64.a -lz -ldl -lpthread -lm -lssl -lcrypto -lcurl -lsecp256k1 -o your_app"
echo ""
exit 1
fi
@@ -184,7 +194,7 @@ print_info "Auto-detecting needed NIPs from your source code..."
NEEDED_NIPS=""
if [ -n "$FORCE_NIPS" ]; then
if [ "$FORCE_NIPS" = "all" ]; then
NEEDED_NIPS="001 004 005 006 011 013 019 044"
NEEDED_NIPS="001 004 005 006 011 013 017 019 042 044 059"
print_info "Forced: Building all available NIPs"
else
# Convert comma-separated list to space-separated with 3-digit format
@@ -203,7 +213,7 @@ else
# Check for nostr_core.h (includes everything)
if grep -q '#include[[:space:]]*["\<]nostr_core\.h["\>]' *.c 2>/dev/null; then
print_info "Found #include \"nostr_core.h\" - building all NIPs"
NEEDED_NIPS="001 004 005 006 011 013 019 044"
NEEDED_NIPS="001 004 005 006 011 013 019 042 044"
elif [ -n "$DETECTED" ]; then
NEEDED_NIPS="$DETECTED"
print_success "Auto-detected NIPs: $(echo $NEEDED_NIPS | tr ' ' ',')"
@@ -219,10 +229,10 @@ else
fi
fi
# If building tests, include all NIPs to ensure test compatibility
if [ "$BUILD_TESTS" = true ] && [ -z "$FORCE_NIPS" ]; then
NEEDED_NIPS="001 004 005 006 011 013 019 044"
print_info "Building tests - including all available NIPs for test compatibility"
# If building tests or examples, include all NIPs to ensure compatibility
if ([ "$BUILD_TESTS" = true ] || [ "$BUILD_EXAMPLES" = true ]) && [ -z "$FORCE_NIPS" ]; then
NEEDED_NIPS="001 004 005 006 011 013 017 019 021 042 044 059"
print_info "Building tests/examples - including all available NIPs for compatibility"
fi
# Ensure NIP-001 is always included (required for core functionality)
@@ -484,13 +494,15 @@ detect_system_curl
###########################################################################################
SOURCES="nostr_core/crypto/nostr_secp256k1.c"
SOURCES="$SOURCES nostr_core/crypto/nostr_aes.c"
SOURCES="$SOURCES nostr_core/crypto/nostr_aes.c"
SOURCES="$SOURCES nostr_core/crypto/nostr_chacha20.c"
SOURCES="$SOURCES cjson/cJSON.c"
SOURCES="$SOURCES nostr_core/utils.c"
SOURCES="$SOURCES nostr_core/nostr_common.c"
SOURCES="$SOURCES nostr_core/core_relays.c"
SOURCES="$SOURCES nostr_core/core_relay_pool.c"
SOURCES="$SOURCES nostr_websocket/nostr_websocket_openssl.c"
SOURCES="$SOURCES nostr_core/request_validator.c"
NIP_DESCRIPTIONS=""
@@ -505,8 +517,12 @@ for nip in $NEEDED_NIPS; do
006) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-006(Keys)" ;;
011) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-011(Relay-Info)" ;;
013) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-013(PoW)" ;;
017) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-017(DMs)" ;;
019) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-019(Bech32)" ;;
021) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-021(URI)" ;;
042) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-042(Auth)" ;;
044) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-044(Encrypt)" ;;
059) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-059(Gift-Wrap)" ;;
esac
else
print_warning "NIP file not found: $NIP_FILE - skipping"
@@ -663,7 +679,53 @@ if [ $AR_RESULT -eq 0 ]; then
fi
echo ""
fi
# Build examples if requested
if [ "$BUILD_EXAMPLES" = true ]; then
print_info "Scanning examples/ directory for example programs..."
if [ ! -d "examples" ]; then
print_warning "examples/ directory not found - skipping example builds"
else
EXAMPLE_COUNT=0
SUCCESS_COUNT=0
# Find all .c files in examples/ directory (not subdirectories)
while IFS= read -r -d '' example_file; do
EXAMPLE_COUNT=$((EXAMPLE_COUNT + 1))
example_name=$(basename "$example_file" .c)
example_exe="examples/$example_name"
print_info "Building example: $example_name"
# Example compilation with system libraries
LINK_FLAGS="-lz -ldl -lpthread -lm $SYSTEM_LIBS"
if [ "$VERBOSE" = true ]; then
print_info " Command: $CC $CFLAGS $INCLUDES \"$example_file\" -o \"$example_exe\" ./$OUTPUT $LINK_FLAGS"
fi
if $CC $CFLAGS $INCLUDES "$example_file" -o "$example_exe" "./$OUTPUT" $LINK_FLAGS; then
SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
print_success "Built $example_name"
if [ "$VERBOSE" = true ]; then
print_info " Executable: $example_exe"
fi
else
print_error " Failed to build: $example_name"
fi
done < <(find examples/ -maxdepth 1 -name "*.c" -type f -print0)
if [ $EXAMPLE_COUNT -eq 0 ]; then
print_warning "No .c files found in examples/ directory"
else
print_success "Built $SUCCESS_COUNT/$EXAMPLE_COUNT example programs"
fi
fi
echo ""
fi
echo "Usage in your project:"
echo " gcc your_app.c $OUTPUT -lz -ldl -lpthread -lm $SYSTEM_LIBS -o your_app"
echo ""

670
build.sh.static
View File

@@ -1,670 +0,0 @@
#!/bin/bash
# NOSTR Core Library - Customer Build Script with Auto-Detection
# Automatically detects which NIPs are needed based on #include statements
set -e # Exit on error
# Color constants
RED='\033[31m'
GREEN='\033[32m'
YELLOW='\033[33m'
BLUE='\033[34m'
BOLD='\033[1m'
RESET='\033[0m'
# Detect if we should use colors (terminal output and not piped)
USE_COLORS=true
if [ ! -t 1 ] || [ "$NO_COLOR" = "1" ]; then
USE_COLORS=false
fi
# Function to print output with colors
print_info() {
if [ "$USE_COLORS" = true ]; then
echo -e "${BLUE}[INFO]${RESET} $1"
else
echo "[INFO] $1"
fi
}
print_success() {
if [ "$USE_COLORS" = true ]; then
echo -e "${GREEN}${BOLD}[SUCCESS]${RESET} $1"
else
echo "[SUCCESS] $1"
fi
}
print_warning() {
if [ "$USE_COLORS" = true ]; then
echo -e "${YELLOW}[WARNING]${RESET} $1"
else
echo "[WARNING] $1"
fi
}
print_error() {
if [ "$USE_COLORS" = true ]; then
echo -e "${RED}${BOLD}[ERROR]${RESET} $1"
else
echo "[ERROR] $1"
fi
}
# Default values
ARCHITECTURE=""
FORCE_NIPS=""
VERBOSE=false
HELP=false
BUILD_TESTS=false
NO_COLOR_FLAG=false
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case $1 in
x64|x86_64|amd64)
ARCHITECTURE="x64"
shift
;;
arm64|aarch64)
ARCHITECTURE="arm64"
shift
;;
--nips=*)
FORCE_NIPS="${1#*=}"
shift
;;
--verbose|-v)
VERBOSE=true
shift
;;
--tests|-t)
BUILD_TESTS=true
shift
;;
--no-color)
NO_COLOR_FLAG=true
shift
;;
--help|-h)
HELP=true
shift
;;
*)
print_error "Unknown argument: $1"
HELP=true
shift
;;
esac
done
# Apply no-color flag
if [ "$NO_COLOR_FLAG" = true ]; then
USE_COLORS=false
fi
# Show help
if [ "$HELP" = true ]; then
echo "NOSTR Core Library - Customer Build Script"
echo ""
echo "Usage: $0 [architecture] [options]"
echo ""
echo "Architectures:"
echo " x64, x86_64, amd64 Build for x86-64 architecture"
echo " arm64, aarch64 Build for ARM64 architecture"
echo " (default) Build for current architecture"
echo ""
echo "Options:"
echo " --nips=1,5,6,19 Force specific NIPs (comma-separated)"
echo " --nips=all Include all available NIPs"
echo " --tests, -t Build all test programs in tests/ directory"
echo " --verbose, -v Verbose output"
echo " --no-color Disable colored output"
echo " --help, -h Show this help"
echo ""
echo "Auto-Detection:"
echo " Script automatically scans your .c files for #include statements"
echo " like #include \"nip001.h\" and compiles only needed NIPs."
echo ""
echo "Available NIPs:"
echo " 001 - Basic Protocol (event creation, signing)"
echo " 004 - Encryption (legacy)"
echo " 005 - DNS-based identifiers"
echo " 006 - Key derivation from mnemonic"
echo " 011 - Relay information document"
echo " 013 - Proof of Work"
echo " 019 - Bech32 encoding (nsec/npub)"
echo " 044 - Encryption (modern)"
echo ""
echo "Examples:"
echo " $0 # Auto-detect NIPs, build for current arch"
echo " $0 x64 # Auto-detect NIPs, build for x64"
echo " $0 --nips=1,6,19 # Force NIPs 1,6,19 only"
echo " $0 arm64 --nips=all # Build all NIPs for ARM64"
echo " $0 -t # Build library and all tests"
exit 0
fi
print_info "NOSTR Core Library - Customer Build Script"
# Check if we're running from the correct directory
CURRENT_DIR=$(basename "$(pwd)")
if [ "$CURRENT_DIR" != "nostr_core_lib" ]; then
print_error "Build script must be run from the nostr_core_lib directory"
echo ""
echo "Current directory: $CURRENT_DIR"
echo "Expected directory: nostr_core_lib"
echo ""
echo "Please change to the nostr_core_lib directory first, then run the build script."
echo ""
echo "Correct usage:"
echo " cd nostr_core_lib"
echo " ./build.sh"
echo ""
echo "Or if nostr_core_lib is in your project directory:"
echo " cd nostr_core_lib"
echo " ./build.sh"
echo " cd .."
echo " gcc your_app.c nostr_core_lib/libnostr_core_x64.a -lz -ldl -lpthread -lm -o your_app"
echo ""
exit 1
fi
print_info "Auto-detecting needed NIPs from your source code..."
###########################################################################################
###########################################################################################
############ AUTODETECT NIPS FROM SOURCE FILES
###########################################################################################
###########################################################################################
NEEDED_NIPS=""
if [ -n "$FORCE_NIPS" ]; then
if [ "$FORCE_NIPS" = "all" ]; then
NEEDED_NIPS="001 004 005 006 011 013 019 044"
print_info "Forced: Building all available NIPs"
else
# Convert comma-separated list to space-separated with 3-digit format
NEEDED_NIPS=$(echo "$FORCE_NIPS" | tr ',' ' ' | sed 's/\b\([0-9]\)\b/00\1/g' | sed 's/\b\([0-9][0-9]\)\b/0\1/g')
print_info "Forced NIPs: $NEEDED_NIPS"
fi
else
# Auto-detect from .c files in current directory
if ls *.c >/dev/null 2>&1; then
# Scan for nip*.h includes (with or without nostr_core/ prefix)
DETECTED=$(grep -h '#include[[:space:]]*["\<]\(nostr_core/\)\?nip[0-9][0-9][0-9]\.h["\>]' *.c 2>/dev/null | \
sed 's/.*nip0*\([0-9]*\)\.h.*/\1/' | \
sort -u | \
sed 's/\b\([0-9]\)\b/00\1/g' | sed 's/\b\([0-9][0-9]\)\b/0\1/g')
# Check for nostr_core.h (includes everything)
if grep -q '#include[[:space:]]*["\<]nostr_core\.h["\>]' *.c 2>/dev/null; then
print_info "Found #include \"nostr_core.h\" - building all NIPs"
NEEDED_NIPS="001 004 005 006 011 013 019 044"
elif [ -n "$DETECTED" ]; then
NEEDED_NIPS="$DETECTED"
print_success "Auto-detected NIPs: $(echo $NEEDED_NIPS | tr ' ' ',')"
else
print_warning "No NIP includes detected in *.c files"
print_info "Defaulting to basic NIPs: 001, 006, 019"
NEEDED_NIPS="001 006 019"
fi
else
print_warning "No .c files found in current directory"
print_info "Defaulting to basic NIPs: 001, 006, 019"
NEEDED_NIPS="001 006 019"
fi
fi
# If building tests, include all NIPs to ensure test compatibility
if [ "$BUILD_TESTS" = true ] && [ -z "$FORCE_NIPS" ]; then
NEEDED_NIPS="001 004 005 006 011 013 019 044"
print_info "Building tests - including all available NIPs for test compatibility"
fi
# Ensure NIP-001 is always included (required for core functionality)
if ! echo "$NEEDED_NIPS" | grep -q "001"; then
NEEDED_NIPS="001 $NEEDED_NIPS"
print_info "Added NIP-001 (required for core functionality)"
fi
###########################################################################################
###########################################################################################
############ AUTODETECT SYSTEM ARCHITECTURE
###########################################################################################
###########################################################################################
# Determine architecture
if [ -z "$ARCHITECTURE" ]; then
ARCH=$(uname -m)
case $ARCH in
x86_64|amd64)
ARCHITECTURE="x64"
;;
aarch64|arm64)
ARCHITECTURE="arm64"
;;
*)
ARCHITECTURE="x64" # Default fallback
print_warning "Unknown architecture '$ARCH', defaulting to x64"
;;
esac
fi
print_info "Target architecture: $ARCHITECTURE"
# Set compiler based on architecture
case $ARCHITECTURE in
x64)
CC="gcc"
ARCH_SUFFIX="x64"
;;
arm64)
CC="aarch64-linux-gnu-gcc"
ARCH_SUFFIX="arm64"
;;
*)
print_error "Unsupported architecture: $ARCHITECTURE"
exit 1
;;
esac
# Check if compiler exists
if ! command -v $CC &> /dev/null; then
print_error "Compiler $CC not found"
if [ "$ARCHITECTURE" = "arm64" ]; then
print_info "Install ARM64 cross-compiler: sudo apt install gcc-aarch64-linux-gnu"
fi
exit 1
fi
###########################################################################################
###########################################################################################
############ CHECK AND BUILD DEPENDENCIES BASED ON NEEDED NIPS
###########################################################################################
###########################################################################################
print_info "Checking dependencies based on needed NIPs..."
# Set secp256k1 library path based on architecture
case $ARCHITECTURE in
x64)
SECP256K1_LIB="secp256k1/.libs/libsecp256k1.a"
;;
arm64)
SECP256K1_LIB="secp256k1/.libs/libsecp256k1_arm64.a"
;;
esac
# Determine which dependencies are needed based on NIPs
NEED_SECP256K1=false
NEED_OPENSSL=false
NEED_CURL=false
# secp256k1 is always needed (core cryptography for NIP-001)
NEED_SECP256K1=true
# Check if network-dependent NIPs are included
NETWORK_NIPS="005 011" # NIP-005 (DNS), NIP-011 (Relay info)
for nip in $NEEDED_NIPS; do
case $nip in
005|011)
NEED_CURL=true
print_info "NIP-$nip requires HTTP functionality - curl needed"
;;
esac
done
# Check if WebSocket functionality is needed (always included currently)
# Since nostr_websocket/nostr_websocket_openssl.c is always compiled
NEED_OPENSSL=true
NEED_CURL=true
print_info "WebSocket functionality enabled - OpenSSL and curl needed"
if [ "$VERBOSE" = true ]; then
print_info "Dependency requirements:"
[ "$NEED_SECP256K1" = true ] && echo " ✓ secp256k1 (core crypto)"
[ "$NEED_OPENSSL" = true ] && echo " ✓ OpenSSL (TLS/WebSocket)"
[ "$NEED_CURL" = true ] && echo " ✓ curl (HTTP requests)"
fi
# Function to build secp256k1 if needed and missing
build_secp256k1() {
if [ "$NEED_SECP256K1" != true ]; then
return 0
fi
if [ -f "$SECP256K1_LIB" ]; then
if [ "$VERBOSE" = true ]; then
print_success "secp256k1 already available"
fi
return 0
fi
print_info "Building secp256k1..."
if [ ! -d "secp256k1" ]; then
print_error "secp256k1 source directory not found"
exit 1
fi
# Force clean build if .libs exists but no library
if [ -d "secp256k1/.libs" ] && [ ! -f "$SECP256K1_LIB" ]; then
print_info "Cleaning previous secp256k1 build..."
(cd secp256k1 && make clean) || true
fi
(cd secp256k1 && \
./autogen.sh && \
./configure --enable-static --disable-shared --enable-module-recovery && \
make clean && \
make -j$(nproc)) || { print_error "Failed to build secp256k1"; exit 1; }
# Verify the library was actually created
if [ ! -f "$SECP256K1_LIB" ]; then
print_error "secp256k1 library not created: $SECP256K1_LIB"
print_error "Check if secp256k1 source files are present"
if [ "$VERBOSE" = true ]; then
print_info "Checking secp256k1 directory contents:"
ls -la secp256k1/.libs/ 2>/dev/null || print_warning "No .libs directory found"
ls -la secp256k1/src/ 2>/dev/null || print_warning "No src directory found"
fi
exit 1
fi
print_success "secp256k1 built successfully"
}
# Function to build OpenSSL if needed and missing
build_openssl() {
if [ "$NEED_OPENSSL" != true ]; then
return 0
fi
if [ -f "openssl-install/lib64/libssl.a" ] && [ -f "openssl-install/lib64/libcrypto.a" ]; then
if [ "$VERBOSE" = true ]; then
print_success "OpenSSL already available"
fi
return 0
fi
print_info "Building OpenSSL (this may take 5-10 minutes)..."
if [ ! -d "openssl-3.4.2" ]; then
print_error "openssl-3.4.2 source directory not found"
exit 1
fi
(cd openssl-3.4.2 && \
./Configure linux-x86_64 no-shared --prefix="$(pwd)/../openssl-install" && \
make -j$(nproc) && \
make install) || { print_error "Failed to build OpenSSL"; exit 1; }
print_success "OpenSSL built successfully"
}
# Function to build curl if needed and missing
build_curl() {
if [ "$NEED_CURL" != true ]; then
return 0
fi
if [ -f "curl-install/lib/libcurl.a" ]; then
if [ "$VERBOSE" = true ]; then
print_success "curl already available"
fi
return 0
fi
print_info "Building curl..."
if [ ! -d "curl-8.15.0" ]; then
print_error "curl-8.15.0 source directory not found"
exit 1
fi
(cd curl-8.15.0 && \
./configure --disable-shared --enable-static \
--with-openssl="$(pwd)/../openssl-install" \
--without-libpsl --without-brotli \
--disable-ldap --disable-ldaps --disable-rtsp --disable-proxy \
--disable-dict --disable-telnet --disable-tftp --disable-pop3 \
--disable-imap --disable-smb --disable-smtp --disable-gopher \
--disable-manual \
--prefix="$(pwd)/../curl-install" && \
make -j$(nproc) && \
make install) || { print_error "Failed to build curl"; exit 1; }
print_success "curl built successfully"
}
# Build only the needed dependencies
build_secp256k1
build_openssl
build_curl
###########################################################################################
###########################################################################################
############ ADD CORE DEPENDENCIES THAT NEED TO BE BUILT TO THE $SOURCES VARIABLE
###########################################################################################
###########################################################################################
SOURCES="nostr_core/crypto/nostr_secp256k1.c"
SOURCES="$SOURCES nostr_core/crypto/nostr_aes.c"
SOURCES="$SOURCES nostr_core/crypto/nostr_chacha20.c"
SOURCES="$SOURCES cjson/cJSON.c"
SOURCES="$SOURCES nostr_core/utils.c"
SOURCES="$SOURCES nostr_core/nostr_common.c"
SOURCES="$SOURCES nostr_core/core_relays.c"
SOURCES="$SOURCES nostr_websocket/nostr_websocket_openssl.c"
NIP_DESCRIPTIONS=""
for nip in $NEEDED_NIPS; do
NIP_FILE="nostr_core/nip${nip}.c"
if [ -f "$NIP_FILE" ]; then
SOURCES="$SOURCES $NIP_FILE"
case $nip in
001) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-001(Basic)" ;;
004) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-004(Encrypt)" ;;
005) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-005(DNS)" ;;
006) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-006(Keys)" ;;
011) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-011(Relay-Info)" ;;
013) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-013(PoW)" ;;
019) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-019(Bech32)" ;;
044) NIP_DESCRIPTIONS="$NIP_DESCRIPTIONS NIP-044(Encrypt)" ;;
esac
else
print_warning "NIP file not found: $NIP_FILE - skipping"
fi
done
# Build flags
CFLAGS="-Wall -Wextra -std=c99 -fPIC -O2"
CFLAGS="$CFLAGS -DENABLE_FILE_LOGGING -DENABLE_WEBSOCKET_LOGGING -DENABLE_DEBUG_LOGGING"
INCLUDES="-I. -Inostr_core -Inostr_core/crypto -Icjson -Isecp256k1/include -Inostr_websocket"
INCLUDES="$INCLUDES -I./openssl-install/include -I./curl-install/include"
# Static libraries
STATIC_LIBS="./openssl-install/lib64/libssl.a ./openssl-install/lib64/libcrypto.a"
STATIC_LIBS="$STATIC_LIBS ./curl-install/lib/libcurl.a"
# Output library name
OUTPUT="libnostr_core_${ARCH_SUFFIX}.a"
print_info "Compiling with: $CC"
print_info "Including:$NIP_DESCRIPTIONS"
if [ "$VERBOSE" = true ]; then
print_info "Sources: $SOURCES"
print_info "Flags: $CFLAGS $INCLUDES"
fi
###########################################################################################
###########################################################################################
############ COMPILE EACH SOURCE FROM $SOURCES INTO A .o FILE
###########################################################################################
###########################################################################################
OBJECTS=""
for source in $SOURCES; do
if [ -f "$source" ]; then
obj_name=$(basename "$source" .c).${ARCH_SUFFIX}.o
OBJECTS="$OBJECTS $obj_name"
if [ "$VERBOSE" = true ]; then
print_info "Compiling: $source -> $obj_name"
fi
#################################################
# THE ACTUAL COMMAND TO COMPILE .c FILES
#################################################
$CC $CFLAGS $INCLUDES -c "$source" -o "$obj_name"
if [ $? -ne 0 ]; then
print_error "Failed to compile $source"
exit 1
fi
else
print_error "Source file not found: $source"
exit 1
fi
done
###########################################################################################
###########################################################################################
############ CREATE THE FINAL STATIC LIBRARY FOR THE PROJECT: libnostr_core_XX.a
############ BY LINKING IN ALL OUR .o FILES THAT ARE REQUESTED TO BE ADDED.
###########################################################################################
###########################################################################################
print_info "Creating self-contained static library: $OUTPUT"
# Store the build directory to ensure correct paths when extracting from subdirectories
BUILD_DIR=$(pwd)
# Create temporary directories for extracting objects
TMP_SECP256K1=".tmp_secp256k1_$$"
TMP_OPENSSL=".tmp_openssl_$$"
TMP_CURL=".tmp_curl_$$"
mkdir -p "$TMP_SECP256K1" "$TMP_OPENSSL" "$TMP_CURL"
# Extract secp256k1 objects (if library exists)
SECP256K1_OBJECTS=""
if [ -f "$SECP256K1_LIB" ]; then
if [ "$VERBOSE" = true ]; then
print_info "Extracting secp256k1 objects..."
fi
(cd "$TMP_SECP256K1" && ar x "$BUILD_DIR/$SECP256K1_LIB")
SECP256K1_OBJECTS="$TMP_SECP256K1/*.o"
else
print_warning "secp256k1 library not found: $SECP256K1_LIB - skipping secp256k1 objects"
fi
# Extract OpenSSL objects
if [ "$VERBOSE" = true ]; then
print_info "Extracting OpenSSL objects..."
fi
(cd "$TMP_OPENSSL" && ar x "$BUILD_DIR/openssl-install/lib64/libssl.a")
(cd "$TMP_OPENSSL" && ar x "$BUILD_DIR/openssl-install/lib64/libcrypto.a")
# Extract curl objects
if [ "$VERBOSE" = true ]; then
print_info "Extracting curl objects..."
fi
(cd "$TMP_CURL" && ar x "$BUILD_DIR/curl-install/lib/libcurl.a")
# Combine all objects into final library
if [ "$VERBOSE" = true ]; then
print_info "Combining all objects into self-contained library..."
fi
#########################################################
### THE ACTUAL COMMAND TO LINK .o FILES INTO A .a FILE
#########################################################
if [ -n "$SECP256K1_OBJECTS" ]; then
ar rcs "$OUTPUT" $OBJECTS $SECP256K1_OBJECTS "$TMP_OPENSSL"/*.o "$TMP_CURL"/*.o
else
ar rcs "$OUTPUT" $OBJECTS "$TMP_OPENSSL"/*.o "$TMP_CURL"/*.o
fi
AR_RESULT=$?
# Cleanup temporary directories
rm -rf "$TMP_SECP256K1" "$TMP_OPENSSL" "$TMP_CURL"
###########################################################################################
###########################################################################################
############ IF THE LINKING OCCURED SUCCESSFULLY, BUILD THE TEST FILE EXECUTABLES
############ BY LINKING IN ALL OUR .o FILES THAT ARE REQUESTED TO BE ADDED.
###########################################################################################
###########################################################################################
if [ $AR_RESULT -eq 0 ]; then
# Cleanup object files
rm -f $OBJECTS
# Show library info
size_kb=$(du -k "$OUTPUT" | cut -f1)
print_success "Built $OUTPUT (${size_kb}KB) with:$NIP_DESCRIPTIONS"
# Build tests if requested
if [ "$BUILD_TESTS" = true ]; then
print_info "Scanning tests/ directory for test programs..."
if [ ! -d "tests" ]; then
print_warning "tests/ directory not found - skipping test builds"
else
TEST_COUNT=0
SUCCESS_COUNT=0
# Find all .c files in tests/ directory (not subdirectories)
while IFS= read -r -d '' test_file; do
TEST_COUNT=$((TEST_COUNT + 1))
test_name=$(basename "$test_file" .c)
test_exe="tests/$test_name"
print_info "Building test: $test_name"
# Simple test compilation - everything is in our fat library
LINK_FLAGS="-lz -ldl -lpthread -lm -static"
if [ "$VERBOSE" = true ]; then
print_info " Command: $CC $CFLAGS $INCLUDES \"$test_file\" -o \"$test_exe\" ./$OUTPUT $LINK_FLAGS"
fi
if $CC $CFLAGS $INCLUDES "$test_file" -o "$test_exe" "./$OUTPUT" $LINK_FLAGS; then
SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
print_success "Built $test_name"
if [ "$VERBOSE" = true ]; then
print_info " Executable: $test_exe"
fi
else
print_error " Failed to build: $test_name"
fi
done < <(find tests/ -maxdepth 1 -name "*.c" -type f -print0)
if [ $TEST_COUNT -eq 0 ]; then
print_warning "No .c files found in tests/ directory"
else
print_success "Built $SUCCESS_COUNT/$TEST_COUNT test programs"
fi
fi
echo ""
fi
echo "Usage in your project:"
echo " gcc your_app.c $OUTPUT -lz -ldl -lpthread -lm -o your_app"
echo ""
else
print_error "Failed to create static library"
exit 1
fi

1302
debug.log
View File

File diff suppressed because one or more lines are too long

107
debug_nostr_tools.js
View File

@@ -1,107 +0,0 @@
// Debug script to extract all intermediate values from nostr-tools NIP-44
const { v2 } = require('./nostr-tools/nip44.js');
const { bytesToHex, hexToBytes } = require('@noble/hashes/utils');
// Test vector 1: single char 'a'
console.log('=== NOSTR-TOOLS DEBUG: Single char "a" ===');
const sec1 = hexToBytes('0000000000000000000000000000000000000000000000000000000000000001');
const sec2 = hexToBytes('0000000000000000000000000000000000000000000000000000000000000002');
const nonce = hexToBytes('0000000000000000000000000000000000000000000000000000000000000001');
const plaintext = 'a';
// Step 1: Get public keys
const { schnorr } = require('@noble/curves/secp256k1');
const pub1 = bytesToHex(schnorr.getPublicKey(sec1));
const pub2 = bytesToHex(schnorr.getPublicKey(sec2));
console.log('pub1:', pub1);
console.log('pub2:', pub2);
// Step 2: Get conversation key
const conversationKey = v2.utils.getConversationKey(sec1, pub2);
console.log('conversation_key:', bytesToHex(conversationKey));
// Step 3: Get shared secret (raw ECDH)
const { secp256k1 } = require('@noble/curves/secp256k1');
const sharedPoint = secp256k1.getSharedSecret(sec1, '02' + pub2);
const sharedSecret = sharedPoint.subarray(1, 33); // X coordinate only
console.log('ecdh_shared_secret:', bytesToHex(sharedSecret));
// Step 4: Get message keys using internal function
const hkdf = require('@noble/hashes/hkdf');
const { sha256 } = require('@noble/hashes/sha256');
// HKDF Extract step
const salt = new TextEncoder().encode('nip44-v2');
const prk = hkdf.extract(sha256, sharedSecret, salt);
console.log('hkdf_extract_result:', bytesToHex(prk));
// HKDF Expand step
const messageKeys = hkdf.expand(sha256, prk, nonce, 76);
const chachaKey = messageKeys.subarray(0, 32);
const chachaNonce = messageKeys.subarray(32, 44);
const hmacKey = messageKeys.subarray(44, 76);
console.log('chacha_key:', bytesToHex(chachaKey));
console.log('chacha_nonce:', bytesToHex(chachaNonce));
console.log('hmac_key:', bytesToHex(hmacKey));
// Step 5: Pad the plaintext
function pad(plaintext) {
const utf8Encoder = new TextEncoder();
const unpadded = utf8Encoder.encode(plaintext);
const unpaddedLen = unpadded.length;
// Length prefix (big-endian u16)
const prefix = new Uint8Array(2);
new DataView(prefix.buffer).setUint16(0, unpaddedLen, false);
// Calculate padded length
function calcPaddedLen(len) {
if (len <= 32) return 32;
const nextPower = 1 << (Math.floor(Math.log2(len - 1)) + 1);
const chunk = nextPower <= 256 ? 32 : nextPower / 8;
return chunk * (Math.floor((len - 1) / chunk) + 1);
}
const paddedLen = calcPaddedLen(unpaddedLen + 2);
const suffix = new Uint8Array(paddedLen - 2 - unpaddedLen);
// Combine: prefix + plaintext + padding
const result = new Uint8Array(paddedLen);
result.set(prefix);
result.set(unpadded, 2);
result.set(suffix, 2 + unpaddedLen);
return result;
}
const paddedPlaintext = pad(plaintext);
console.log('padded_plaintext:', bytesToHex(paddedPlaintext));
console.log('padded_length:', paddedPlaintext.length);
// Step 6: ChaCha20 encrypt
const { chacha20 } = require('@noble/ciphers/chacha');
const ciphertext = chacha20(chachaKey, chachaNonce, paddedPlaintext);
console.log('ciphertext:', bytesToHex(ciphertext));
// Step 7: HMAC with AAD
const { hmac } = require('@noble/hashes/hmac');
const { concatBytes } = require('@noble/hashes/utils');
const aad = concatBytes(nonce, ciphertext);
console.log('aad_data:', bytesToHex(aad));
const mac = hmac(sha256, hmacKey, aad);
console.log('mac:', bytesToHex(mac));
// Step 8: Final payload
const { base64 } = require('@scure/base');
const payload = concatBytes(new Uint8Array([2]), nonce, ciphertext, mac);
console.log('raw_payload:', bytesToHex(payload));
const base64Payload = base64.encode(payload);
console.log('final_payload:', base64Payload);
// Expected from test vectors
console.log('expected_payload:', 'AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABee0G5VSK0/9YypIObAtDKfYEAjD35uVkHyB0F4DwrcNaCXlCWZKaArsGrY6M9wnuTMxWfp1RTN9Xga8no+kF5Vsb');
// Now let's also test the full encrypt function
const fullEncrypt = v2.encrypt(plaintext, conversationKey, nonce);
console.log('v2.encrypt_result:', fullEncrypt);

394
dev_build.sh
View File

@@ -1,394 +0,0 @@
#!/bin/bash
# NOSTR Core Library Build Script
# Provides convenient build targets for the standalone library
# Automatically increments patch version with each build
set -e # Exit on any error
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Function to print colored output
print_status() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Function to automatically increment version
increment_version() {
print_status "Incrementing version..."
# Check if we're in a git repository
if ! git rev-parse --git-dir > /dev/null 2>&1; then
print_warning "Not in a git repository - skipping version increment"
return 0
fi
# Get the highest version tag (not necessarily the most recent chronologically)
LATEST_TAG=$(git tag -l 'v*.*.*' | sort -V | tail -n 1 || echo "v0.1.0")
if [[ -z "$LATEST_TAG" ]]; then
LATEST_TAG="v0.1.0"
fi
# Extract version components (remove 'v' prefix if present)
VERSION=${LATEST_TAG#v}
# Parse major.minor.patch
if [[ $VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
MAJOR=${BASH_REMATCH[1]}
MINOR=${BASH_REMATCH[2]}
PATCH=${BASH_REMATCH[3]}
else
print_error "Invalid version format in tag: $LATEST_TAG"
print_error "Expected format: v0.1.0"
return 1
fi
# Increment patch version
NEW_PATCH=$((PATCH + 1))
NEW_VERSION="v${MAJOR}.${MINOR}.${NEW_PATCH}"
print_status "Current version: $LATEST_TAG"
print_status "New version: $NEW_VERSION"
# Create new git tag
if git tag "$NEW_VERSION" 2>/dev/null; then
print_success "Created new version tag: $NEW_VERSION"
else
print_warning "Tag $NEW_VERSION already exists - using existing version"
NEW_VERSION=$LATEST_TAG
fi
# Update VERSION file for compatibility
echo "${NEW_VERSION#v}" > VERSION
print_success "Updated VERSION file to ${NEW_VERSION#v}"
}
# Function to perform git operations after successful build
perform_git_operations() {
local commit_message="$1"
if [[ -z "$commit_message" ]]; then
return 0 # No commit message provided, skip git operations
fi
print_status "Performing git operations..."
# Check if we're in a git repository
if ! git rev-parse --git-dir > /dev/null 2>&1; then
print_warning "Not in a git repository - skipping git operations"
return 0
fi
# Check if there are changes to commit
if git diff --quiet && git diff --cached --quiet; then
print_warning "No changes to commit"
return 0
fi
# Add all changes
print_status "Adding changes to git..."
if ! git add .; then
print_error "Failed to add changes to git"
return 1
fi
# Commit changes
print_status "Committing changes with message: '$commit_message'"
if ! git commit -m "$commit_message"; then
print_error "Failed to commit changes"
return 1
fi
# Push changes
print_status "Pushing changes to remote repository..."
if ! git push; then
print_error "Failed to push changes to remote repository"
print_warning "Changes have been committed locally but not pushed"
return 1
fi
print_success "Git operations completed successfully!"
return 0
}
# Function to show usage
show_usage() {
echo "NOSTR Core Library Build Script"
echo "==============================="
echo ""
echo "Usage: $0 [target] [-m \"commit message\"]"
echo ""
echo "Available targets:"
echo " clean - Clean all build artifacts"
echo " lib - Build static libraries for both x64 and ARM64 (default)"
echo " x64 - Build x64 static library only"
echo " arm64 - Build ARM64 static library only"
echo " all - Build both architectures and examples"
echo " examples - Build example programs"
echo " test - Run tests"
echo " install - Install library to system"
echo " uninstall - Remove library from system"
echo " help - Show this help message"
echo ""
echo "Options:"
echo " -m \"message\" - Git commit message (triggers automatic git add, commit, push after successful build)"
echo ""
echo "Examples:"
echo " $0 lib -m \"Add new proof-of-work parameters\""
echo " $0 x64 -m \"Fix OpenSSL minimal build configuration\""
echo " $0 lib # Build without git operations"
echo ""
echo "Library outputs (both self-contained with secp256k1):"
echo " libnostr_core.a - x86_64 static library"
echo " libnostr_core_arm64.a - ARM64 static library"
echo " examples/* - Example programs"
echo ""
echo "Both libraries include secp256k1 objects internally."
echo "Users only need to link with the library + -lm."
}
# Parse command line arguments
TARGET=""
COMMIT_MESSAGE=""
# Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
-m)
COMMIT_MESSAGE="$2"
shift 2
;;
-*)
print_error "Unknown option: $1"
show_usage
exit 1
;;
*)
if [[ -z "$TARGET" ]]; then
TARGET="$1"
else
print_error "Multiple targets specified: $TARGET and $1"
show_usage
exit 1
fi
shift
;;
esac
done
# Set default target if none specified
TARGET=${TARGET:-lib}
case "$TARGET" in
clean)
print_status "Cleaning build artifacts..."
make clean
print_success "Clean completed"
;;
lib|library)
increment_version
print_status "Building both x64 and ARM64 static libraries..."
make clean
make
# Check both libraries were built
SUCCESS=0
if [ -f "libnostr_core.a" ]; then
SIZE_X64=$(stat -c%s "libnostr_core.a")
print_success "x64 static library built successfully (${SIZE_X64} bytes)"
SUCCESS=$((SUCCESS + 1))
else
print_error "Failed to build x64 static library"
fi
if [ -f "libnostr_core_arm64.a" ]; then
SIZE_ARM64=$(stat -c%s "libnostr_core_arm64.a")
print_success "ARM64 static library built successfully (${SIZE_ARM64} bytes)"
SUCCESS=$((SUCCESS + 1))
else
print_error "Failed to build ARM64 static library"
fi
if [ $SUCCESS -eq 2 ]; then
print_success "Both architectures built successfully!"
ls -la libnostr_core*.a
perform_git_operations "$COMMIT_MESSAGE"
else
print_error "Failed to build all libraries"
exit 1
fi
;;
x64|x64-only)
increment_version
print_status "Building x64 static library only..."
make clean
make x64
if [ -f "libnostr_core.a" ]; then
SIZE=$(stat -c%s "libnostr_core.a")
print_success "x64 static library built successfully (${SIZE} bytes)"
ls -la libnostr_core.a
perform_git_operations "$COMMIT_MESSAGE"
else
print_error "Failed to build x64 static library"
exit 1
fi
;;
arm64|arm64-only)
increment_version
print_status "Building ARM64 static library only..."
make clean
make arm64
if [ -f "libnostr_core_arm64.a" ]; then
SIZE=$(stat -c%s "libnostr_core_arm64.a")
print_success "ARM64 static library built successfully (${SIZE} bytes)"
ls -la libnostr_core_arm64.a
perform_git_operations "$COMMIT_MESSAGE"
else
print_error "Failed to build ARM64 static library"
exit 1
fi
;;
shared)
increment_version
print_status "Building shared library..."
make clean
make libnostr_core.so
if [ -f "libnostr_core.so" ]; then
SIZE=$(stat -c%s "libnostr_core.so")
print_success "Shared library built successfully (${SIZE} bytes)"
ls -la libnostr_core.so
perform_git_operations "$COMMIT_MESSAGE"
else
print_error "Failed to build shared library"
exit 1
fi
;;
all)
increment_version
print_status "Building all libraries and examples..."
make clean
make all
# Check both libraries and examples were built
SUCCESS=0
if [ -f "libnostr_core.a" ]; then
SIZE_X64=$(stat -c%s "libnostr_core.a")
print_success "x64 static library built successfully (${SIZE_X64} bytes)"
SUCCESS=$((SUCCESS + 1))
else
print_error "Failed to build x64 static library"
fi
if [ -f "libnostr_core_arm64.a" ]; then
SIZE_ARM64=$(stat -c%s "libnostr_core_arm64.a")
print_success "ARM64 static library built successfully (${SIZE_ARM64} bytes)"
SUCCESS=$((SUCCESS + 1))
else
print_error "Failed to build ARM64 static library"
fi
if [ $SUCCESS -eq 2 ]; then
print_success "All libraries and examples built successfully!"
ls -la libnostr_core*.a
ls -la examples/
perform_git_operations "$COMMIT_MESSAGE"
else
print_error "Failed to build all components"
exit 1
fi
;;
examples)
increment_version
print_status "Building both libraries and examples..."
make clean
make
make examples
# Verify libraries were built
if [ -f "libnostr_core.a" ] && [ -f "libnostr_core_arm64.a" ]; then
print_success "Both libraries and examples built successfully"
ls -la libnostr_core*.a
ls -la examples/
perform_git_operations "$COMMIT_MESSAGE"
else
print_error "Failed to build libraries for examples"
exit 1
fi
;;
test)
print_status "Running tests..."
make clean
make
if make test-crypto 2>/dev/null; then
print_success "All tests passed"
else
print_warning "Running simple test instead..."
make test
print_success "Basic test completed"
fi
;;
tests)
print_status "Running tests..."
make clean
make
if make test-crypto 2>/dev/null; then
print_success "All tests passed"
else
print_warning "Running simple test instead..."
make test
print_success "Basic test completed"
fi
;;
install)
increment_version
print_status "Installing library to system..."
make clean
make all
sudo make install
print_success "Library installed to /usr/local"
perform_git_operations "$COMMIT_MESSAGE"
;;
uninstall)
print_status "Uninstalling library from system..."
sudo make uninstall
print_success "Library uninstalled"
;;
help|--help|-h)
show_usage
;;
*)
print_error "Unknown target: $TARGET"
echo ""
show_usage
exit 1
;;
esac

40
example_basic.c
View File

@@ -1,40 +0,0 @@
/*
* Example: Basic NOSTR functionality
* This example shows auto-detection working with selective includes
*/
#include "nostr_core/nip001.h" // Basic protocol
#include "nostr_core/nip006.h" // Key generation (will be created next)
#include "nostr_core/nip019.h" // Bech32 encoding (will be created next)
#include <stdio.h>
int main() {
printf("NOSTR Core Library - Basic Example\n");
// Initialize library
if (nostr_init() != 0) {
printf("Failed to initialize NOSTR library\n");
return 1;
}
printf("Library initialized successfully!\n");
// Generate keypair (from NIP-006)
// unsigned char private_key[32], public_key[32];
// nostr_generate_keypair(private_key, public_key);
// Convert to bech32 (from NIP-019)
// char nsec[100];
// nostr_key_to_bech32(private_key, "nsec", nsec);
// Create basic event (from NIP-001)
// cJSON* event = nostr_create_and_sign_event(1, "Hello Nostr!", NULL, private_key, 0);
printf("Example completed - the build script should detect NIPs: 001, 006, 019\n");
// Cleanup
nostr_cleanup();
return 0;
}

104
example_modular_nips.c
View File

@@ -1,104 +0,0 @@
/*
* Example demonstrating modular NIP usage
* Shows how different NIPs can be used independently
*/
#include "nostr_core/nip001.h" // Basic protocol
#include "nostr_core/nip005.h" // NIP-05 DNS verification
#include "nostr_core/nip006.h" // Key derivation
#include "nostr_core/nip011.h" // Relay information
#include "nostr_core/nip013.h" // Proof of work
#include "nostr_core/nip019.h" // Bech32 encoding
#include "nostr_core/utils.h" // Utility functions
#include <stdio.h>
#include <stdlib.h>
int main() {
printf("=== Modular NOSTR Core Library Demo ===\n\n");
// Initialize the library
if (nostr_init() != NOSTR_SUCCESS) {
printf("Failed to initialize NOSTR library\n");
return 1;
}
// Test NIP-006: Key generation and detection
printf("1. NIP-006: Key Generation and Input Detection\n");
unsigned char private_key[32], public_key[32];
if (nostr_generate_keypair(private_key, public_key) == NOSTR_SUCCESS) {
char private_hex[65], public_hex[65];
nostr_bytes_to_hex(private_key, 32, private_hex);
nostr_bytes_to_hex(public_key, 32, public_hex);
printf(" Generated keypair:\n");
printf(" Private: %s\n", private_hex);
printf(" Public: %s\n", public_hex);
// Test input type detection
nostr_input_type_t type = nostr_detect_input_type(private_hex);
printf(" Input type: %s\n",
type == NOSTR_INPUT_NSEC_HEX ? "NSEC_HEX" :
type == NOSTR_INPUT_NSEC_BECH32 ? "NSEC_BECH32" :
type == NOSTR_INPUT_MNEMONIC ? "MNEMONIC" : "UNKNOWN");
}
// Test NIP-019: Bech32 encoding
printf("\n2. NIP-019: Bech32 Encoding\n");
char bech32_nsec[200], bech32_npub[200];
if (nostr_key_to_bech32(private_key, "nsec", bech32_nsec) == NOSTR_SUCCESS) {
printf(" nsec: %s\n", bech32_nsec);
}
if (nostr_key_to_bech32(public_key, "npub", bech32_npub) == NOSTR_SUCCESS) {
printf(" npub: %s\n", bech32_npub);
}
// Test NIP-001: Event creation
printf("\n3. NIP-001: Event Creation\n");
cJSON* event = nostr_create_and_sign_event(1, "Hello from modular NOSTR!", NULL, private_key, 0);
if (event) {
char* event_json = cJSON_Print(event);
printf(" Created event: %s\n", event_json);
free(event_json);
cJSON_Delete(event);
}
// Test NIP-013: Proof of Work (light test)
printf("\n4. NIP-013: Proof of Work\n");
cJSON* pow_event = nostr_create_and_sign_event(1, "PoW test message", NULL, private_key, 0);
if (pow_event) {
printf(" Adding PoW (target difficulty: 4)...\n");
int result = nostr_add_proof_of_work(pow_event, private_key, 4, 100000, 10000, 5000, NULL, NULL);
if (result == NOSTR_SUCCESS) {
cJSON* id_item = cJSON_GetObjectItem(pow_event, "id");
if (id_item) {
printf(" PoW success! Event ID: %s\n", cJSON_GetStringValue(id_item));
}
} else {
printf(" PoW failed or timeout\n");
}
cJSON_Delete(pow_event);
}
// Test NIP-005: DNS verification (parse only - no network call in example)
printf("\n5. NIP-005: DNS Identifier Parsing\n");
const char* test_json = "{\"names\":{\"test\":\"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef\"}}";
char found_pubkey[65];
int result = nostr_nip05_parse_well_known(test_json, "test", found_pubkey, NULL, NULL);
if (result == NOSTR_SUCCESS) {
printf(" Parsed pubkey from test JSON: %s\n", found_pubkey);
}
// Test NIP-011: Just show the structure exists
printf("\n6. NIP-011: Relay Information Structure\n");
printf(" Relay info structure available for fetching relay metadata\n");
printf(" (Network calls not performed in this example)\n");
printf("\n=== All modular NIPs working! ===\n");
nostr_cleanup();
return 0;
}

BIN
examples/input_detection Executable file
View File

Binary file not shown.

39
examples/integration_example/CMakeLists.txt
View File

@@ -1,39 +0,0 @@
# Example CMakeLists.txt for a project using nostr_core library
cmake_minimum_required(VERSION 3.12)
project(my_nostr_app VERSION 1.0.0 LANGUAGES C)
set(CMAKE_C_STANDARD 99)
# Method 1: Find installed package
# Uncomment if nostr_core is installed system-wide
# find_package(nostr_core REQUIRED)
# Method 2: Use as subdirectory
# Uncomment if nostr_core is a subdirectory
# add_subdirectory(nostr_core)
# Method 3: Use pkg-config
# Uncomment if using pkg-config
# find_package(PkgConfig REQUIRED)
# pkg_check_modules(NOSTR_CORE REQUIRED nostr_core)
# Create executable
add_executable(my_nostr_app main.c)
# Link with nostr_core
# Choose one of the following based on your integration method:
# Method 1: Installed package
# target_link_libraries(my_nostr_app nostr_core::static)
# Method 2: Subdirectory
# target_link_libraries(my_nostr_app nostr_core_static)
# Method 3: pkg-config
# target_include_directories(my_nostr_app PRIVATE ${NOSTR_CORE_INCLUDE_DIRS})
# target_link_libraries(my_nostr_app ${NOSTR_CORE_LIBRARIES})
# For this example, we'll assume Method 2 (subdirectory)
# Add the parent nostr_core directory
add_subdirectory(../.. nostr_core)
target_link_libraries(my_nostr_app nostr_core_static)

186
examples/integration_example/README.md
View File

@@ -1,186 +0,0 @@
# NOSTR Core Integration Example
This directory contains a complete example showing how to integrate the NOSTR Core library into your own projects.
## What This Example Demonstrates
- **Library Initialization**: Proper setup and cleanup of the NOSTR library
- **Identity Management**: Key generation, bech32 encoding, and format detection
- **Event Creation**: Creating and signing different types of NOSTR events
- **Input Handling**: Processing various input formats (mnemonic, hex, bech32)
- **Utility Functions**: Using helper functions for hex conversion and error handling
- **CMake Integration**: How to integrate the library in your CMake-based project
## Building and Running
### Method 1: Using CMake
```bash
# Create build directory
mkdir build && cd build
# Configure with CMake
cmake ..
# Build
make
# Run the example
./my_nostr_app
```
### Method 2: Manual Compilation
```bash
# Compile directly (assuming you're in the c_nostr root directory)
gcc -I. examples/integration_example/main.c nostr_core.c nostr_crypto.c cjson/cJSON.c -lm -o integration_example
# Run
./integration_example
```
## Expected Output
The example will demonstrate:
1. **Identity Management Demo**
- Generate a new keypair
- Display keys in hex and bech32 format
2. **Event Creation Demo**
- Create a text note event
- Create a profile event
- Display the JSON for both events
3. **Input Handling Demo**
- Process different input formats
- Show format detection and decoding
4. **Utility Functions Demo**
- Hex conversion round-trip
- Error message display
## Integration Patterns
### Pattern 1: CMake Find Package
If NOSTR Core is installed system-wide:
```cmake
find_package(nostr_core REQUIRED)
target_link_libraries(your_app nostr_core::static)
```
### Pattern 2: CMake Subdirectory
If NOSTR Core is a subdirectory of your project:
```cmake
add_subdirectory(nostr_core)
target_link_libraries(your_app nostr_core_static)
```
### Pattern 3: pkg-config
If using pkg-config:
```cmake
find_package(PkgConfig REQUIRED)
pkg_check_modules(NOSTR_CORE REQUIRED nostr_core)
target_include_directories(your_app PRIVATE ${NOSTR_CORE_INCLUDE_DIRS})
target_link_libraries(your_app ${NOSTR_CORE_LIBRARIES})
```
### Pattern 4: Direct Source Integration
Copy the essential files to your project:
```bash
cp nostr_core.{c,h} nostr_crypto.{c,h} your_project/src/
cp -r cjson/ your_project/src/
```
Then compile them with your project sources.
## Code Structure
### main.c Structure
The example is organized into clear demonstration functions:
- `demo_identity_management()` - Key generation and encoding
- `demo_event_creation()` - Creating different event types
- `demo_input_handling()` - Processing various input formats
- `demo_utilities()` - Using utility functions
Each function demonstrates specific aspects of the library while maintaining proper error handling and resource cleanup.
### Key Integration Points
1. **Initialization**
```c
int ret = nostr_init();
if (ret != NOSTR_SUCCESS) {
// Handle error
}
```
2. **Resource Cleanup**
```c
// Always clean up JSON objects
cJSON_Delete(event);
// Clean up library on exit
nostr_cleanup();
```
3. **Error Handling**
```c
if (ret != NOSTR_SUCCESS) {
printf("Error: %s\n", nostr_strerror(ret));
return ret;
}
```
## Customization
You can modify this example for your specific needs:
- Change the `app_config_t` structure to match your application's configuration
- Add additional event types or custom event creation logic
- Integrate with your existing error handling and logging systems
- Add networking functionality using the WebSocket layer
## Dependencies
This example requires:
- C99 compiler (gcc, clang)
- CMake 3.12+ (for CMake build)
- NOSTR Core library and its dependencies
## Testing
You can test different input formats by passing them as command line arguments:
```bash
# Test with mnemonic
./my_nostr_app "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
# Test with hex private key
./my_nostr_app "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
# Test with bech32 nsec
./my_nostr_app "nsec1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
```
## Next Steps
After studying this example, you can:
1. Integrate the patterns into your own application
2. Explore the WebSocket functionality for relay communication
3. Add support for additional NOSTR event types
4. Implement your own identity persistence layer
5. Add networking and relay management features
For more examples, see the other files in the `examples/` directory.

271
examples/integration_example/main.c
View File

@@ -1,271 +0,0 @@
/*
* Example application demonstrating how to integrate nostr_core into other projects
* This shows a complete workflow from key generation to event publishing
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "nostr_core.h"
// Example application configuration
typedef struct {
char* app_name;
char* version;
int debug_mode;
} app_config_t;
static app_config_t g_config = {
.app_name = "My NOSTR App",
.version = "1.0.0",
.debug_mode = 1
};
// Helper function to print hex data
static void print_hex(const char* label, const unsigned char* data, size_t len) {
if (g_config.debug_mode) {
printf("%s: ", label);
for (size_t i = 0; i < len; i++) {
printf("%02x", data[i]);
}
printf("\n");
}
}
// Helper function to print JSON nicely
static void print_event(const char* label, cJSON* event) {
if (!event) {
printf("%s: NULL\n", label);
return;
}
char* json_string = cJSON_Print(event);
if (json_string) {
printf("%s:\n%s\n", label, json_string);
free(json_string);
}
}
// Example: Generate and manage identity
static int demo_identity_management(void) {
printf("\n=== Identity Management Demo ===\n");
unsigned char private_key[32], public_key[32];
char nsec[100], npub[100];
// Generate a new keypair
printf("Generating new keypair...\n");
int ret = nostr_generate_keypair(private_key, public_key);
if (ret != NOSTR_SUCCESS) {
printf("Error generating keypair: %s\n", nostr_strerror(ret));
return ret;
}
print_hex("Private Key", private_key, 32);
print_hex("Public Key", public_key, 32);
// Convert to bech32 format
ret = nostr_key_to_bech32(private_key, "nsec", nsec);
if (ret != NOSTR_SUCCESS) {
printf("Error encoding nsec: %s\n", nostr_strerror(ret));
return ret;
}
ret = nostr_key_to_bech32(public_key, "npub", npub);
if (ret != NOSTR_SUCCESS) {
printf("Error encoding npub: %s\n", nostr_strerror(ret));
return ret;
}
printf("nsec: %s\n", nsec);
printf("npub: %s\n", npub);
return NOSTR_SUCCESS;
}
// Example: Create different types of events
static int demo_event_creation(const unsigned char* private_key) {
printf("\n=== Event Creation Demo ===\n");
// Create a text note
printf("Creating text note...\n");
cJSON* text_event = nostr_create_text_event("Hello from my NOSTR app!", private_key);
if (!text_event) {
printf("Error creating text event\n");
return NOSTR_ERROR_JSON_PARSE;
}
print_event("Text Event", text_event);
// Create a profile event
printf("\nCreating profile event...\n");
cJSON* profile_event = nostr_create_profile_event(
g_config.app_name,
"A sample application demonstrating NOSTR integration",
private_key
);
if (!profile_event) {
printf("Error creating profile event\n");
cJSON_Delete(text_event);
return NOSTR_ERROR_JSON_PARSE;
}
print_event("Profile Event", profile_event);
// Cleanup
cJSON_Delete(text_event);
cJSON_Delete(profile_event);
return NOSTR_SUCCESS;
}
// Example: Handle different input formats
static int demo_input_handling(const char* user_input) {
printf("\n=== Input Handling Demo ===\n");
printf("Processing input: %s\n", user_input);
// Detect input type
int input_type = nostr_detect_input_type(user_input);
switch (input_type) {
case NOSTR_INPUT_MNEMONIC:
printf("Detected: BIP39 Mnemonic\n");
{
unsigned char priv[32], pub[32];
int ret = nostr_derive_keys_from_mnemonic(user_input, 0, priv, pub);
if (ret == NOSTR_SUCCESS) {
print_hex("Derived Private Key", priv, 32);
print_hex("Derived Public Key", pub, 32);
}
}
break;
case NOSTR_INPUT_NSEC_HEX:
printf("Detected: Hex-encoded private key\n");
{
unsigned char decoded[32];
int ret = nostr_decode_nsec(user_input, decoded);
if (ret == NOSTR_SUCCESS) {
print_hex("Decoded Private Key", decoded, 32);
}
}
break;
case NOSTR_INPUT_NSEC_BECH32:
printf("Detected: Bech32-encoded private key (nsec)\n");
{
unsigned char decoded[32];
int ret = nostr_decode_nsec(user_input, decoded);
if (ret == NOSTR_SUCCESS) {
print_hex("Decoded Private Key", decoded, 32);
}
}
break;
default:
printf("Unknown input format\n");
return NOSTR_ERROR_INVALID_INPUT;
}
return NOSTR_SUCCESS;
}
// Example: Demonstrate utility functions
static int demo_utilities(void) {
printf("\n=== Utility Functions Demo ===\n");
// Hex conversion
const char* test_hex = "deadbeef";
unsigned char bytes[4];
char hex_result[9];
printf("Testing hex conversion with: %s\n", test_hex);
int ret = nostr_hex_to_bytes(test_hex, bytes, 4);
if (ret != NOSTR_SUCCESS) {
printf("Error in hex_to_bytes: %s\n", nostr_strerror(ret));
return ret;
}
nostr_bytes_to_hex(bytes, 4, hex_result);
printf("Round-trip result: %s\n", hex_result);
// Error message testing
printf("\nTesting error messages:\n");
for (int i = 0; i >= -10; i--) {
const char* msg = nostr_strerror(i);
if (msg && strlen(msg) > 0) {
printf(" %d: %s\n", i, msg);
}
}
return NOSTR_SUCCESS;
}
int main(int argc, char* argv[]) {
printf("%s v%s\n", g_config.app_name, g_config.version);
printf("NOSTR Core Integration Example\n");
printf("=====================================\n");
// Initialize the NOSTR library
printf("Initializing NOSTR core library...\n");
int ret = nostr_init();
if (ret != NOSTR_SUCCESS) {
printf("Failed to initialize NOSTR library: %s\n", nostr_strerror(ret));
return 1;
}
// Run demonstrations
unsigned char demo_private_key[32];
// 1. Identity management
ret = demo_identity_management();
if (ret != NOSTR_SUCCESS) {
goto cleanup;
}
// Generate a key for other demos
nostr_generate_keypair(demo_private_key, NULL);
// 2. Event creation
ret = demo_event_creation(demo_private_key);
if (ret != NOSTR_SUCCESS) {
goto cleanup;
}
// 3. Input handling (use command line argument if provided)
const char* test_input = (argc > 1) ? argv[1] :
"abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about";
ret = demo_input_handling(test_input);
if (ret != NOSTR_SUCCESS && ret != NOSTR_ERROR_INVALID_INPUT) {
goto cleanup;
}
// 4. Utility functions
ret = demo_utilities();
if (ret != NOSTR_SUCCESS) {
goto cleanup;
}
printf("\n=====================================\n");
printf("All demonstrations completed successfully!\n");
printf("\nThis example shows how to:\n");
printf(" • Initialize the NOSTR library\n");
printf(" • Generate and manage keypairs\n");
printf(" • Create and sign different event types\n");
printf(" • Handle various input formats\n");
printf(" • Use utility functions\n");
printf(" • Clean up resources properly\n");
ret = NOSTR_SUCCESS;
cleanup:
// Clean up the NOSTR library
printf("\nCleaning up NOSTR library...\n");
nostr_cleanup();
if (ret == NOSTR_SUCCESS) {
printf("Example completed successfully.\n");
return 0;
} else {
printf("Example failed with error: %s\n", nostr_strerror(ret));
return 1;
}
}

BIN
examples/keypair_generation Executable file
View File

Binary file not shown.

BIN
examples/mnemonic_derivation Executable file
View File

Binary file not shown.

BIN
examples/mnemonic_generation Executable file
View File

Binary file not shown.

BIN
examples/relay_pool Executable file
View File

Binary file not shown.

889
examples/relay_pool.c Normal file
View File

@@ -0,0 +1,889 @@
/*
* Interactive Relay Pool Test Program
*
* Interactive command-line interface for testing nostr_relay_pool functionality.
* All output is logged to pool.log while the menu runs in the terminal.
*
* Usage: ./pool_test
*/
#define _POSIX_C_SOURCE 200809L
#define _DEFAULT_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <time.h>
#include <unistd.h>
#include <pthread.h>
#include <fcntl.h>
#include <sys/stat.h>
#include "../nostr_core/nostr_core.h"
#include "../cjson/cJSON.h"
// Global variables
volatile sig_atomic_t running = 1;
nostr_relay_pool_t* pool = NULL;
nostr_pool_subscription_t** subscriptions = NULL;
int subscription_count = 0;
int subscription_capacity = 0;
pthread_t poll_thread;
int log_fd = -1;
// Signal handler for clean shutdown
void signal_handler(int signum) {
(void)signum;
running = 0;
}
// Event callback - called when an event is received
void on_event(cJSON* event, const char* relay_url, void* user_data) {
(void)user_data;
// Extract basic event information
cJSON* id = cJSON_GetObjectItem(event, "id");
cJSON* pubkey = cJSON_GetObjectItem(event, "pubkey");
cJSON* created_at = cJSON_GetObjectItem(event, "created_at");
cJSON* kind = cJSON_GetObjectItem(event, "kind");
cJSON* content = cJSON_GetObjectItem(event, "content");
time_t now = time(NULL);
char timestamp[26];
ctime_r(&now, timestamp);
timestamp[24] = '\0'; // Remove newline
dprintf(log_fd, "[%s] 📨 EVENT from %s\n", timestamp, relay_url);
dprintf(log_fd, "├── ID: %.12s...\n", id && cJSON_IsString(id) ? cJSON_GetStringValue(id) : "unknown");
dprintf(log_fd, "├── Pubkey: %.12s...\n", pubkey && cJSON_IsString(pubkey) ? cJSON_GetStringValue(pubkey) : "unknown");
dprintf(log_fd, "├── Kind: %d\n", kind && cJSON_IsNumber(kind) ? (int)cJSON_GetNumberValue(kind) : -1);
dprintf(log_fd, "├── Created: %lld\n", created_at && cJSON_IsNumber(created_at) ? (long long)cJSON_GetNumberValue(created_at) : 0);
// Truncate content if too long
if (content && cJSON_IsString(content)) {
const char* content_str = cJSON_GetStringValue(content);
size_t content_len = strlen(content_str);
if (content_len > 100) {
dprintf(log_fd, "└── Content: %.97s...\n", content_str);
} else {
dprintf(log_fd, "└── Content: %s\n", content_str);
}
} else {
dprintf(log_fd, "└── Content: (empty)\n");
}
dprintf(log_fd, "\n");
}
// EOSE callback - called when End of Stored Events is received
void on_eose(cJSON** events, int event_count, void* user_data) {
(void)user_data;
time_t now = time(NULL);
char timestamp[26];
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] 📋 EOSE received - %d events collected\n", timestamp, event_count);
// Log collected events if any
for (int i = 0; i < event_count; i++) {
cJSON* id = cJSON_GetObjectItem(events[i], "id");
if (id && cJSON_IsString(id)) {
dprintf(log_fd, " Event %d: %.12s...\n", i + 1, cJSON_GetStringValue(id));
}
}
dprintf(log_fd, "\n");
}
// Background polling thread
void* poll_thread_func(void* arg) {
(void)arg;
while (running) {
if (pool) {
nostr_relay_pool_poll(pool, 100);
}
struct timespec ts = {0, 10000000}; // 10ms
nanosleep(&ts, NULL);
}
return NULL;
}
// Print menu
void print_menu() {
printf("\n=== NOSTR Relay Pool Test Menu ===\n");
printf("1. Start Pool (ws://localhost:7555)\n");
printf("2. Stop Pool\n");
printf("3. Add relay to pool\n");
printf("4. Remove relay from pool\n");
printf("5. Add subscription\n");
printf("6. Remove subscription\n");
printf("7. Show pool status\n");
printf("8. Test reconnection (simulate disconnect)\n");
printf("9. Publish Event\n");
printf("0. Exit\n");
printf("Choice: ");
}
// Get user input with default
char* get_input(const char* prompt, const char* default_value) {
static char buffer[1024];
printf("%s", prompt);
if (default_value) {
printf(" [%s]", default_value);
}
printf(": ");
if (!fgets(buffer, sizeof(buffer), stdin)) {
return NULL;
}
// Remove newline
size_t len = strlen(buffer);
if (len > 0 && buffer[len-1] == '\n') {
buffer[len-1] = '\0';
}
// Return default if empty
if (strlen(buffer) == 0 && default_value) {
return strdup(default_value);
}
return strdup(buffer);
}
// Parse comma-separated list into cJSON array
cJSON* parse_comma_list(const char* input, int is_number) {
if (!input || strlen(input) == 0) {
return NULL;
}
cJSON* array = cJSON_CreateArray();
if (!array) return NULL;
char* input_copy = strdup(input);
char* token = strtok(input_copy, ",");
while (token) {
// Trim whitespace
while (*token == ' ') token++;
char* end = token + strlen(token) - 1;
while (end > token && *end == ' ') *end-- = '\0';
if (is_number) {
int num = atoi(token);
cJSON_AddItemToArray(array, cJSON_CreateNumber(num));
} else {
cJSON_AddItemToArray(array, cJSON_CreateString(token));
}
token = strtok(NULL, ",");
}
free(input_copy);
return array;
}
// Add subscription interactively
void add_subscription() {
if (!pool) {
printf("❌ Pool not started\n");
return;
}
printf("\n--- Add Subscription ---\n");
printf("Enter filter values (press Enter for no value):\n");
cJSON* filter = cJSON_CreateObject();
// ids
char* ids_input = get_input("ids (comma-separated event ids)", NULL);
if (ids_input && strlen(ids_input) > 0) {
cJSON* ids = parse_comma_list(ids_input, 0);
if (ids) cJSON_AddItemToObject(filter, "ids", ids);
}
free(ids_input);
// authors
char* authors_input = get_input("authors (comma-separated pubkeys)", NULL);
if (authors_input && strlen(authors_input) > 0) {
cJSON* authors = parse_comma_list(authors_input, 0);
if (authors) cJSON_AddItemToObject(filter, "authors", authors);
}
free(authors_input);
// kinds
char* kinds_input = get_input("kinds (comma-separated numbers)", NULL);
if (kinds_input && strlen(kinds_input) > 0) {
cJSON* kinds = parse_comma_list(kinds_input, 1);
if (kinds) cJSON_AddItemToObject(filter, "kinds", kinds);
}
free(kinds_input);
// #e tag
char* e_input = get_input("#e (comma-separated event ids)", NULL);
if (e_input && strlen(e_input) > 0) {
cJSON* e_array = parse_comma_list(e_input, 0);
if (e_array) cJSON_AddItemToObject(filter, "#e", e_array);
}
free(e_input);
// #p tag
char* p_input = get_input("#p (comma-separated pubkeys)", NULL);
if (p_input && strlen(p_input) > 0) {
cJSON* p_array = parse_comma_list(p_input, 0);
if (p_array) cJSON_AddItemToObject(filter, "#p", p_array);
}
free(p_input);
// since
char* since_input = get_input("since (unix timestamp or 'n' for now)", NULL);
if (since_input && strlen(since_input) > 0) {
if (strcmp(since_input, "n") == 0) {
// Use current timestamp
time_t now = time(NULL);
cJSON_AddItemToObject(filter, "since", cJSON_CreateNumber((int)now));
printf("Using current timestamp: %ld\n", now);
} else {
int since = atoi(since_input);
if (since > 0) cJSON_AddItemToObject(filter, "since", cJSON_CreateNumber(since));
}
}
free(since_input);
// until
char* until_input = get_input("until (unix timestamp)", NULL);
if (until_input && strlen(until_input) > 0) {
int until = atoi(until_input);
if (until > 0) cJSON_AddItemToObject(filter, "until", cJSON_CreateNumber(until));
}
free(until_input);
// limit
char* limit_input = get_input("limit (max events)", "10");
if (limit_input && strlen(limit_input) > 0) {
int limit = atoi(limit_input);
if (limit > 0) cJSON_AddItemToObject(filter, "limit", cJSON_CreateNumber(limit));
}
free(limit_input);
// Get relay URLs from pool
char** relay_urls = NULL;
nostr_pool_relay_status_t* statuses = NULL;
int relay_count = nostr_relay_pool_list_relays(pool, &relay_urls, &statuses);
if (relay_count <= 0) {
printf("❌ No relays in pool\n");
cJSON_Delete(filter);
return;
}
// Ask about close_on_eose behavior
char* close_input = get_input("Close subscription on EOSE? (y/n)", "n");
int close_on_eose = (close_input && strcmp(close_input, "y") == 0) ? 1 : 0;
free(close_input);
// Create subscription with new parameters
nostr_pool_subscription_t* sub = nostr_relay_pool_subscribe(
pool,
(const char**)relay_urls,
relay_count,
filter,
on_event,
on_eose,
NULL,
close_on_eose,
1, // enable_deduplication
NOSTR_POOL_EOSE_FULL_SET, // result_mode
30, // relay_timeout_seconds
60 // eose_timeout_seconds
);
// Free relay URLs
for (int i = 0; i < relay_count; i++) {
free(relay_urls[i]);
}
free(relay_urls);
free(statuses);
if (!sub) {
printf("❌ Failed to create subscription\n");
cJSON_Delete(filter);
return;
}
// Store subscription
if (subscription_count >= subscription_capacity) {
subscription_capacity = subscription_capacity == 0 ? 10 : subscription_capacity * 2;
subscriptions = realloc(subscriptions, subscription_capacity * sizeof(nostr_pool_subscription_t*));
}
subscriptions[subscription_count++] = sub;
printf("✅ Subscription created (ID: %d)\n", subscription_count);
// Log the filter
char* filter_json = cJSON_Print(filter);
time_t now = time(NULL);
char timestamp[26];
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] 🔍 New subscription created (ID: %d)\n", timestamp, subscription_count);
dprintf(log_fd, "Filter: %s\n\n", filter_json);
free(filter_json);
}
// Remove subscription
void remove_subscription() {
if (subscription_count == 0) {
printf("❌ No subscriptions to remove\n");
return;
}
printf("\n--- Remove Subscription ---\n");
printf("Available subscriptions:\n");
for (int i = 0; i < subscription_count; i++) {
printf("%d. Subscription %d\n", i + 1, i + 1);
}
char* choice_input = get_input("Enter subscription number to remove", NULL);
if (!choice_input || strlen(choice_input) == 0) {
free(choice_input);
return;
}
int choice = atoi(choice_input) - 1;
free(choice_input);
if (choice < 0 || choice >= subscription_count) {
printf("❌ Invalid subscription number\n");
return;
}
nostr_pool_subscription_close(subscriptions[choice]);
// Shift remaining subscriptions
for (int i = choice; i < subscription_count - 1; i++) {
subscriptions[i] = subscriptions[i + 1];
}
subscription_count--;
printf("✅ Subscription removed\n");
time_t now = time(NULL);
char timestamp[26];
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] 🗑️ Subscription removed (was ID: %d)\n\n", timestamp, choice + 1);
}
// Show pool status
void show_pool_status() {
if (!pool) {
printf("❌ Pool not started\n");
return;
}
// Give polling thread time to establish connections
printf("⏳ Waiting for connections to establish...\n");
sleep(3);
char** relay_urls = NULL;
nostr_pool_relay_status_t* statuses = NULL;
int relay_count = nostr_relay_pool_list_relays(pool, &relay_urls, &statuses);
printf("\n📊 POOL STATUS\n");
printf("Relays: %d\n", relay_count);
printf("Subscriptions: %d\n", subscription_count);
if (relay_count > 0) {
printf("\nRelay Details:\n");
for (int i = 0; i < relay_count; i++) {
const char* status_str;
switch (statuses[i]) {
case NOSTR_POOL_RELAY_CONNECTED: status_str = "🟢 CONNECTED"; break;
case NOSTR_POOL_RELAY_CONNECTING: status_str = "🟡 CONNECTING"; break;
case NOSTR_POOL_RELAY_DISCONNECTED: status_str = "⚪ DISCONNECTED"; break;
case NOSTR_POOL_RELAY_ERROR: status_str = "🔴 ERROR"; break;
default: status_str = "❓ UNKNOWN"; break;
}
printf("├── %s: %s\n", relay_urls[i], status_str);
// Show connection and publish error details
const char* conn_error = nostr_relay_pool_get_relay_last_connection_error(pool, relay_urls[i]);
const char* pub_error = nostr_relay_pool_get_relay_last_publish_error(pool, relay_urls[i]);
if (conn_error) {
printf("│ ├── Connection error: %s\n", conn_error);
}
if (pub_error) {
printf("│ ├── Last publish error: %s\n", pub_error);
}
const nostr_relay_stats_t* stats = nostr_relay_pool_get_relay_stats(pool, relay_urls[i]);
if (stats) {
printf("│ ├── Events received: %d\n", stats->events_received);
printf("│ ├── Connection attempts: %d\n", stats->connection_attempts);
printf("│ ├── Connection failures: %d\n", stats->connection_failures);
printf("│ ├── Events published: %d (OK: %d, Failed: %d)\n",
stats->events_published, stats->events_published_ok, stats->events_published_failed);
printf("│ ├── Ping latency: %.2f ms\n", stats->ping_latency_current);
printf("│ └── Query latency: %.2f ms\n", stats->query_latency_avg);
}
free(relay_urls[i]);
}
free(relay_urls);
free(statuses);
}
printf("\n");
}
// Async publish callback context
typedef struct {
int total_relays;
int responses_received;
int success_count;
time_t start_time;
} async_publish_context_t;
// Async publish callback - called for each relay response
void async_publish_callback(const char* relay_url, const char* event_id,
int success, const char* message, void* user_data) {
async_publish_context_t* ctx = (async_publish_context_t*)user_data;
ctx->responses_received++;
if (success) {
ctx->success_count++;
}
// Calculate elapsed time
time_t now = time(NULL);
double elapsed = difftime(now, ctx->start_time);
// Log to file with real-time feedback
char timestamp[26];
ctime_r(&now, timestamp);
timestamp[24] = '\0';
if (success) {
printf("✅ %s: Published successfully (%.1fs)\n", relay_url, elapsed);
dprintf(log_fd, "[%s] ✅ ASYNC: %s published successfully (%.1fs)\n",
timestamp, relay_url, elapsed);
} else {
printf("❌ %s: Failed - %s (%.1fs)\n", relay_url, message ? message : "unknown error", elapsed);
dprintf(log_fd, "[%s] ❌ ASYNC: %s failed - %s (%.1fs)\n",
timestamp, relay_url, message ? message : "unknown error", elapsed);
}
// Show progress
printf(" Progress: %d/%d responses received\n", ctx->responses_received, ctx->total_relays);
if (ctx->responses_received >= ctx->total_relays) {
printf("\n🎉 All relays responded! Final result: %d/%d successful\n",
ctx->success_count, ctx->total_relays);
dprintf(log_fd, "[%s] 🎉 ASYNC: All relays responded - %d/%d successful\n\n",
timestamp, ctx->success_count, ctx->total_relays);
}
}
// Publish test event with async callbacks
void publish_event() {
if (!pool) {
printf("❌ Pool not started\n");
return;
}
printf("\n--- Publish Test Event ---\n");
// Generate random keypair
unsigned char private_key[32], public_key[32];
if (nostr_generate_keypair(private_key, public_key) != NOSTR_SUCCESS) {
printf("❌ Failed to generate keypair\n");
return;
}
// Get current timestamp
time_t now = time(NULL);
// Format content with date/time
char content[256];
struct tm* tm_info = localtime(&now);
strftime(content, sizeof(content), "Test post at %Y-%m-%d %H:%M:%S", tm_info);
// Create kind 1 event
cJSON* event = nostr_create_and_sign_event(1, content, NULL, private_key, now);
if (!event) {
printf("❌ Failed to create event\n");
return;
}
// Get relay URLs from pool
char** relay_urls = NULL;
nostr_pool_relay_status_t* statuses = NULL;
int relay_count = nostr_relay_pool_list_relays(pool, &relay_urls, &statuses);
if (relay_count <= 0) {
printf("❌ No relays in pool\n");
cJSON_Delete(event);
return;
}
printf("📤 Publishing event to %d relay(s)...\n", relay_count);
printf("Watch for real-time responses below:\n\n");
// Setup callback context
async_publish_context_t ctx = {0};
ctx.total_relays = relay_count;
ctx.start_time = time(NULL);
// Log the event
char* event_json = cJSON_Print(event);
char timestamp[26];
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] 📤 Publishing test event\n", timestamp);
dprintf(log_fd, "Event: %s\n\n", event_json);
free(event_json);
// Publish using async function
int sent_count = nostr_relay_pool_publish_async(pool, (const char**)relay_urls,
relay_count, event,
async_publish_callback, &ctx);
if (sent_count > 0) {
printf("📡 Event sent to %d/%d relays, waiting for responses...\n\n",
sent_count, relay_count);
// Wait for all responses or timeout (10 seconds)
time_t wait_start = time(NULL);
while (ctx.responses_received < ctx.total_relays &&
(time(NULL) - wait_start) < 10) {
// Let the polling thread process messages
usleep(100000); // 100ms
}
if (ctx.responses_received < ctx.total_relays) {
printf("\n⏰ Timeout reached - %d/%d relays responded\n",
ctx.responses_received, ctx.total_relays);
}
} else {
printf("❌ Failed to send event to any relays\n");
}
// Cleanup
for (int i = 0; i < relay_count; i++) {
free(relay_urls[i]);
}
free(relay_urls);
free(statuses);
cJSON_Delete(event);
}
int main() {
// Setup logging to file
log_fd = open("pool.log", O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (log_fd == -1) {
fprintf(stderr, "❌ Failed to open pool.log for writing\n");
return 1;
}
// Initialize NOSTR library
if (nostr_init() != NOSTR_SUCCESS) {
fprintf(stderr, "❌ Failed to initialize NOSTR library\n");
close(log_fd);
return 1;
}
// Setup signal handler
signal(SIGINT, signal_handler);
signal(SIGTERM, signal_handler);
// Start polling thread
if (pthread_create(&poll_thread, NULL, poll_thread_func, NULL) != 0) {
fprintf(stderr, "❌ Failed to create polling thread\n");
nostr_cleanup();
close(log_fd);
return 1;
}
printf("🔗 NOSTR Relay Pool Interactive Test\n");
printf("=====================================\n");
printf("All event output is logged to pool.log\n");
printf("Press Ctrl+C to exit\n\n");
time_t now = time(NULL);
char timestamp[26];
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] 🚀 Pool test started\n\n", timestamp);
// Main menu loop
while (running) {
print_menu();
char choice;
if (scanf("%c", &choice) != 1) {
break;
}
// Consume newline
int c;
while ((c = getchar()) != '\n' && c != EOF);
switch (choice) {
case '1': { // Start Pool
if (pool) {
printf("❌ Pool already started\n");
break;
}
// Create pool with custom reconnection configuration for faster testing
nostr_pool_reconnect_config_t config = *nostr_pool_reconnect_config_default();
config.ping_interval_seconds = 5; // Ping every 5 seconds for testing
pool = nostr_relay_pool_create(&config);
if (!pool) {
printf("❌ Failed to create pool\n");
break;
}
if (nostr_relay_pool_add_relay(pool, "ws://localhost:7555") != NOSTR_SUCCESS) {
printf("❌ Failed to add default relay\n");
nostr_relay_pool_destroy(pool);
pool = NULL;
break;
}
printf("✅ Pool started with ws://localhost:7555\n");
now = time(NULL);
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] 🏊 Pool started with default relay\n\n", timestamp);
break;
}
case '2': { // Stop Pool
if (!pool) {
printf("❌ Pool not started\n");
break;
}
// Close all subscriptions
for (int i = 0; i < subscription_count; i++) {
if (subscriptions[i]) {
nostr_pool_subscription_close(subscriptions[i]);
}
}
free(subscriptions);
subscriptions = NULL;
subscription_count = 0;
subscription_capacity = 0;
nostr_relay_pool_destroy(pool);
pool = NULL;
printf("✅ Pool stopped\n");
now = time(NULL);
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] 🛑 Pool stopped\n\n", timestamp);
break;
}
case '3': { // Add relay
if (!pool) {
printf("❌ Pool not started\n");
break;
}
char* url = get_input("Enter relay URL", "wss://relay.example.com");
if (url && strlen(url) > 0) {
if (nostr_relay_pool_add_relay(pool, url) == NOSTR_SUCCESS) {
printf("✅ Relay added: %s\n", url);
printf("⏳ Attempting to connect...\n");
// Give it a moment to attempt connection
sleep(2);
// Check connection status and show any errors
nostr_pool_relay_status_t status = nostr_relay_pool_get_relay_status(pool, url);
const char* error_msg = nostr_relay_pool_get_relay_last_connection_error(pool, url);
switch (status) {
case NOSTR_POOL_RELAY_CONNECTED:
printf("🟢 Successfully connected to %s\n", url);
break;
case NOSTR_POOL_RELAY_CONNECTING:
printf("🟡 Still connecting to %s...\n", url);
break;
case NOSTR_POOL_RELAY_DISCONNECTED:
printf("⚪ Disconnected from %s\n", url);
if (error_msg) {
printf(" Last error: %s\n", error_msg);
}
break;
case NOSTR_POOL_RELAY_ERROR:
printf("🔴 Connection error for %s\n", url);
if (error_msg) {
printf(" Error details: %s\n", error_msg);
}
break;
default:
printf("❓ Unknown status for %s\n", url);
break;
}
now = time(NULL);
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] Relay added: %s (status: %d)\n", timestamp, url, status);
if (error_msg) {
dprintf(log_fd, " Connection error: %s\n", error_msg);
}
dprintf(log_fd, "\n");
} else {
printf("❌ Failed to add relay to pool\n");
}
}
free(url);
break;
}
case '4': { // Remove relay
if (!pool) {
printf("❌ Pool not started\n");
break;
}
char* url = get_input("Enter relay URL to remove", NULL);
if (url && strlen(url) > 0) {
if (nostr_relay_pool_remove_relay(pool, url) == NOSTR_SUCCESS) {
printf("✅ Relay removed: %s\n", url);
now = time(NULL);
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] Relay removed: %s\n\n", timestamp, url);
} else {
printf("❌ Failed to remove relay\n");
}
}
free(url);
break;
}
case '5': // Add subscription
add_subscription();
break;
case '6': // Remove subscription
remove_subscription();
break;
case '7': // Show status
show_pool_status();
break;
case '8': { // Test reconnection
if (!pool) {
printf("❌ Pool not started\n");
break;
}
char** relay_urls = NULL;
nostr_pool_relay_status_t* statuses = NULL;
int relay_count = nostr_relay_pool_list_relays(pool, &relay_urls, &statuses);
if (relay_count <= 0) {
printf("❌ No relays in pool\n");
break;
}
printf("\n--- Test Reconnection ---\n");
printf("Available relays:\n");
for (int i = 0; i < relay_count; i++) {
printf("%d. %s (%s)\n", i + 1, relay_urls[i],
statuses[i] == NOSTR_POOL_RELAY_CONNECTED ? "CONNECTED" : "NOT CONNECTED");
}
char* choice_input = get_input("Enter relay number to test reconnection with", NULL);
if (!choice_input || strlen(choice_input) == 0) {
for (int i = 0; i < relay_count; i++) free(relay_urls[i]);
free(relay_urls);
free(statuses);
free(choice_input);
break;
}
int choice = atoi(choice_input) - 1;
free(choice_input);
if (choice < 0 || choice >= relay_count) {
printf("❌ Invalid relay number\n");
for (int i = 0; i < relay_count; i++) free(relay_urls[i]);
free(relay_urls);
free(statuses);
break;
}
printf("🔄 Testing reconnection with %s...\n", relay_urls[choice]);
printf(" The pool is configured with automatic reconnection enabled.\n");
printf(" If the connection drops, it will automatically attempt to reconnect\n");
printf(" with exponential backoff (1s → 2s → 4s → 8s → 16s → 30s max).\n");
printf(" Connection health is monitored with ping/pong every 30 seconds.\n");
time_t now = time(NULL);
char timestamp[26];
ctime_r(&now, timestamp);
timestamp[24] = '\0';
dprintf(log_fd, "[%s] 🔄 TEST: Testing reconnection behavior with %s\n", timestamp, relay_urls[choice]);
dprintf(log_fd, " Pool configured with: auto-reconnect=ON, max_attempts=10, ping_interval=30s\n\n");
printf("✅ Reconnection test initiated. Monitor the status and logs for reconnection activity.\n");
for (int i = 0; i < relay_count; i++) free(relay_urls[i]);
free(relay_urls);
free(statuses);
break;
}
case '9': // Publish Event
publish_event();
break;
case '0': // Exit
running = 0;
break;
default:
printf("❌ Invalid choice\n");
break;
}
}
printf("\n🧹 Cleaning up...\n");
// Stop polling thread
running = 0;
pthread_join(poll_thread, NULL);
// Clean up pool and subscriptions
if (pool) {
for (int i = 0; i < subscription_count; i++) {
if (subscriptions[i]) {
nostr_pool_subscription_close(subscriptions[i]);
}
}
free(subscriptions);
nostr_relay_pool_destroy(pool);
printf("✅ Pool destroyed\n");
}
// Cleanup
nostr_cleanup();
close(log_fd);
printf("👋 Test completed\n");
return 0;
}

BIN
examples/send_nip17_dm Executable file
View File

Binary file not shown.

242
examples/send_nip17_dm.c Normal file
View File

@@ -0,0 +1,242 @@
/*
* NIP-17 Private Direct Messages - Command Line Application
*
* This example demonstrates how to send NIP-17 private direct messages
* using the Nostr Core Library.
*
* Usage:
* ./send_nip17_dm <recipient_pubkey> <message> [sender_nsec]
*
* Arguments:
* recipient_pubkey: The npub or hex public key of the recipient
* message: The message to send
* sender_nsec: (optional) The nsec private key to use for sending.
* If not provided, uses a default test key.
*
* Example:
* ./send_nip17_dm npub1example... "Hello from NIP-17!" nsec1test...
*/
#define _GNU_SOURCE
#define _POSIX_C_SOURCE 200809L
#include "../nostr_core/nostr_core.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
// Default test private key (for demonstration - DO NOT USE IN PRODUCTION)
#define DEFAULT_SENDER_NSEC "nsec12kgt0dv2k2safv6s32w8f89z9uw27e68hjaa0d66c5xvk70ezpwqncd045"
// Default relay for sending DMs
#define DEFAULT_RELAY "wss://relay.laantungir.net"
// Progress callback for publishing
void publish_progress_callback(const char* relay_url, const char* status,
const char* message, int success_count,
int total_relays, int completed_relays, void* user_data) {
(void)user_data;
if (relay_url) {
printf("📡 [%s]: %s", relay_url, status);
if (message) {
printf(" - %s", message);
}
printf(" (%d/%d completed, %d successful)\n", completed_relays, total_relays, success_count);
} else {
printf("📡 PUBLISH COMPLETE: %d/%d successful\n", success_count, total_relays);
}
}
/**
* Convert npub to hex if needed
*/
int convert_pubkey_to_hex(const char* input_pubkey, char* output_hex) {
// Check if it's already hex (64 characters)
if (strlen(input_pubkey) == 64) {
// Assume it's already hex
strcpy(output_hex, input_pubkey);
return 0;
}
// Check if it's an npub (starts with "npub1")
if (strncmp(input_pubkey, "npub1", 5) == 0) {
// Convert npub to hex
unsigned char pubkey_bytes[32];
if (nostr_decode_npub(input_pubkey, pubkey_bytes) != 0) {
fprintf(stderr, "Error: Invalid npub format\n");
return -1;
}
nostr_bytes_to_hex(pubkey_bytes, 32, output_hex);
return 0;
}
fprintf(stderr, "Error: Public key must be 64-character hex or valid npub\n");
return -1;
}
/**
* Convert nsec to private key bytes if needed
*/
int convert_nsec_to_private_key(const char* input_nsec, unsigned char* private_key) {
// Check if it's already hex (64 characters)
if (strlen(input_nsec) == 64) {
// Convert hex to bytes
if (nostr_hex_to_bytes(input_nsec, private_key, 32) != 0) {
fprintf(stderr, "Error: Invalid hex private key\n");
return -1;
}
return 0;
}
// Check if it's an nsec (starts with "nsec1")
if (strncmp(input_nsec, "nsec1", 5) == 0) {
// Convert nsec directly to private key bytes
if (nostr_decode_nsec(input_nsec, private_key) != 0) {
fprintf(stderr, "Error: Invalid nsec format\n");
return -1;
}
return 0;
}
fprintf(stderr, "Error: Private key must be 64-character hex or valid nsec\n");
return -1;
}
/**
* Main function
*/
int main(int argc, char* argv[]) {
if (argc < 3 || argc > 4) {
fprintf(stderr, "Usage: %s <recipient_pubkey> <message> [sender_nsec]\n\n", argv[0]);
fprintf(stderr, "Arguments:\n");
fprintf(stderr, " recipient_pubkey: npub or hex public key of recipient\n");
fprintf(stderr, " message: The message to send\n");
fprintf(stderr, " sender_nsec: (optional) nsec private key. Uses test key if not provided.\n\n");
fprintf(stderr, "Example:\n");
fprintf(stderr, " %s npub1example... \"Hello!\" nsec1test...\n", argv[0]);
return 1;
}
const char* recipient_pubkey_input = argv[1];
const char* message = argv[2];
const char* sender_nsec_input = (argc >= 4) ? argv[3] : DEFAULT_SENDER_NSEC;
printf("🧪 NIP-17 Private Direct Message Sender\n");
printf("======================================\n\n");
// Initialize crypto
if (nostr_init() != NOSTR_SUCCESS) {
fprintf(stderr, "Failed to initialize crypto\n");
return 1;
}
// Convert recipient pubkey
char recipient_pubkey_hex[65];
if (convert_pubkey_to_hex(recipient_pubkey_input, recipient_pubkey_hex) != 0) {
return 1;
}
// Convert sender private key
unsigned char sender_privkey[32];
if (convert_nsec_to_private_key(sender_nsec_input, sender_privkey) != 0) {
return 1;
}
// Derive sender public key for display
unsigned char sender_pubkey_bytes[32];
char sender_pubkey_hex[65];
if (nostr_ec_public_key_from_private_key(sender_privkey, sender_pubkey_bytes) != 0) {
fprintf(stderr, "Failed to derive sender public key\n");
return 1;
}
nostr_bytes_to_hex(sender_pubkey_bytes, 32, sender_pubkey_hex);
printf("📤 Sender: %s\n", sender_pubkey_hex);
printf("📥 Recipient: %s\n", recipient_pubkey_hex);
printf("💬 Message: %s\n", message);
printf("🌐 Relay: %s\n\n", DEFAULT_RELAY);
// Create DM event
printf("💬 Creating DM event...\n");
const char* recipient_pubkeys[] = {recipient_pubkey_hex};
cJSON* dm_event = nostr_nip17_create_chat_event(
message,
recipient_pubkeys,
1,
"NIP-17 CLI", // subject
NULL, // no reply
DEFAULT_RELAY, // relay hint
sender_pubkey_hex
);
if (!dm_event) {
fprintf(stderr, "Failed to create DM event\n");
return 1;
}
printf("✅ Created DM event (kind 14)\n");
// Send DM (create gift wraps)
printf("🎁 Creating gift wraps...\n");
cJSON* gift_wraps[10]; // Max 10 gift wraps
int gift_wrap_count = nostr_nip17_send_dm(
dm_event,
recipient_pubkeys,
1,
sender_privkey,
gift_wraps,
10
);
cJSON_Delete(dm_event); // Original DM event no longer needed
if (gift_wrap_count <= 0) {
fprintf(stderr, "Failed to create gift wraps\n");
return 1;
}
printf("✅ Created %d gift wrap(s)\n", gift_wrap_count);
// Publish the gift wrap to relay
printf("\n📤 Publishing gift wrap to relay...\n");
const char* relay_urls[] = {DEFAULT_RELAY};
int success_count = 0;
publish_result_t* publish_results = synchronous_publish_event_with_progress(
relay_urls,
1, // single relay
gift_wraps[0], // Send the first gift wrap
&success_count,
10, // 10 second timeout
publish_progress_callback,
NULL, // no user data
0, // NIP-42 disabled
NULL // no private key for auth
);
if (!publish_results || success_count != 1) {
fprintf(stderr, "\n❌ Failed to publish gift wrap (success_count: %d)\n", success_count);
// Clean up gift wraps
for (int i = 0; i < gift_wrap_count; i++) {
cJSON_Delete(gift_wraps[i]);
}
if (publish_results) free(publish_results);
return 1;
}
printf("\n✅ Successfully published NIP-17 DM!\n");
// Clean up
free(publish_results);
for (int i = 0; i < gift_wrap_count; i++) {
cJSON_Delete(gift_wraps[i]);
}
nostr_cleanup();
printf("\n🎉 DM sent successfully! The recipient can now decrypt it using their private key.\n");
return 0;
}

BIN
examples/simple_keygen Executable file
View File

Binary file not shown.

BIN
examples/utility_functions Executable file
View File

Binary file not shown.

BIN
examples/version_test Executable file
View File

Binary file not shown.

151
increment_and_push.sh Executable file
View File

@@ -0,0 +1,151 @@
#!/bin/bash
# increment_and_push.sh - Version increment and git automation script
# Usage: ./increment_and_push.sh "meaningful git comment"
set -e # Exit on error
# Color constants
RED='\033[31m'
GREEN='\033[32m'
YELLOW='\033[33m'
BLUE='\033[34m'
BOLD='\033[1m'
RESET='\033[0m'
# Function to print output with colors
print_info() {
if [ "$USE_COLORS" = true ]; then
echo -e "${BLUE}[INFO]${RESET} $1"
else
echo "[INFO] $1"
fi
}
print_success() {
if [ "$USE_COLORS" = true ]; then
echo -e "${GREEN}${BOLD}[SUCCESS]${RESET} $1"
else
echo "[SUCCESS] $1"
fi
}
print_warning() {
if [ "$USE_COLORS" = true ]; then
echo -e "${YELLOW}[WARNING]${RESET} $1"
else
echo "[WARNING] $1"
fi
}
print_error() {
if [ "$USE_COLORS" = true ]; then
echo -e "${RED}${BOLD}[ERROR]${RESET} $1"
else
echo "[ERROR] $1"
fi
}
# Check if we're in the correct directory
CURRENT_DIR=$(basename "$(pwd)")
if [ "$CURRENT_DIR" != "nostr_core_lib" ]; then
print_error "Script must be run from the nostr_core_lib directory"
echo ""
echo "Current directory: $CURRENT_DIR"
echo "Expected directory: nostr_core_lib"
echo ""
echo "Please change to the nostr_core_lib directory first."
echo ""
exit 1
fi
# Check if git repository exists
if ! git rev-parse --git-dir > /dev/null 2>&1; then
print_error "Not a git repository. Please initialize git first."
exit 1
fi
# Check if we have a commit message
if [ $# -eq 0 ]; then
print_error "Usage: $0 \"meaningful git comment\""
echo ""
echo "Example: $0 \"Add enhanced subscription functionality\""
echo ""
exit 1
fi
COMMIT_MESSAGE="$1"
# Check if nostr_core.h exists
if [ ! -f "nostr_core/nostr_core.h" ]; then
print_error "nostr_core/nostr_core.h not found"
exit 1
fi
print_info "Starting version increment and push process..."
# Extract current version from nostr_core.h
CURRENT_VERSION=$(grep '#define VERSION ' nostr_core/nostr_core.h | cut -d'"' -f2)
if [ -z "$CURRENT_VERSION" ]; then
print_error "Could not find VERSION define in nostr_core.h"
exit 1
fi
# Extract version components
VERSION_MAJOR=$(grep '#define VERSION_MAJOR ' nostr_core/nostr_core.h | awk '{print $3}')
VERSION_MINOR=$(grep '#define VERSION_MINOR ' nostr_core/nostr_core.h | awk '{print $3}')
VERSION_PATCH=$(grep '#define VERSION_PATCH ' nostr_core/nostr_core.h | awk '{print $3}')
if [ -z "$VERSION_MAJOR" ] || [ -z "$VERSION_MINOR" ] || [ -z "$VERSION_PATCH" ]; then
print_error "Could not extract version components from nostr_core.h"
exit 1
fi
print_info "Current version: $CURRENT_VERSION (Major: $VERSION_MAJOR, Minor: $VERSION_MINOR, Patch: $VERSION_PATCH)"
# Increment patch version
NEW_PATCH=$((VERSION_PATCH + 1))
NEW_VERSION="v$VERSION_MAJOR.$VERSION_MINOR.$NEW_PATCH"
print_info "New version will be: $NEW_VERSION"
# Update version in nostr_core.h
sed -i "s/#define VERSION .*/#define VERSION \"$NEW_VERSION\"/" nostr_core/nostr_core.h
sed -i "s/#define VERSION_PATCH .*/#define VERSION_PATCH $NEW_PATCH/" nostr_core/nostr_core.h
print_success "Updated version in nostr_core.h"
# Check if VERSION file exists and update it
if [ -f "VERSION" ]; then
echo "$VERSION_MAJOR.$VERSION_MINOR.$NEW_PATCH" > VERSION
print_success "Updated VERSION file"
fi
# Check git status
if ! git diff --quiet; then
print_info "Adding changes to git..."
git add .
print_info "Committing changes..."
git commit -m "$COMMIT_MESSAGE"
print_success "Changes committed"
else
print_warning "No changes to commit"
fi
# Create and push git tag
print_info "Creating git tag: $NEW_VERSION"
git tag "$NEW_VERSION"
print_info "Pushing commits and tags..."
CURRENT_BRANCH=$(git branch --show-current)
git push origin "$CURRENT_BRANCH"
git push origin "$NEW_VERSION"
print_success "Version $NEW_VERSION successfully released!"
print_info "Git commit: $COMMIT_MESSAGE"
print_info "Tag: $NEW_VERSION"
echo ""
echo "🎉 Release complete! Version $NEW_VERSION is now live."

1043
nostr_core/core_relay_pool.c
View File

File diff suppressed because it is too large Load Diff

147
nostr_core/core_relays.c
View File

@@ -13,7 +13,7 @@
#define _GNU_SOURCE
#define _POSIX_C_SOURCE 200809L
#include "nostr_common.h"
#include "nostr_core.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -26,6 +26,9 @@
// cJSON for JSON handling
#include "../cjson/cJSON.h"
// NIP-42 Authentication
#include "nip042.h"
// =============================================================================
// TYPE DEFINITIONS FOR SYNCHRONOUS RELAY QUERIES
// =============================================================================
@@ -51,6 +54,12 @@ typedef struct {
cJSON** events; // Array of events from this relay
int events_capacity; // Allocated capacity
char subscription_id[32]; // Unique subscription ID
// NIP-42 Authentication fields
nostr_auth_state_t auth_state; // Current authentication state
char auth_challenge[NOSTR_NIP42_MAX_CHALLENGE_LENGTH]; // Stored challenge
time_t auth_challenge_time; // When challenge was received
int nip42_enabled; // Whether NIP-42 is enabled for this relay
} relay_connection_t;
@@ -65,7 +74,9 @@ cJSON** synchronous_query_relays_with_progress(
int* result_count,
int relay_timeout_seconds,
relay_progress_callback_t callback,
void* user_data) {
void* user_data,
int nip42_enabled,
const unsigned char* private_key) {
if (!relay_urls || relay_count <= 0 || !filter || !result_count) {
if (result_count) *result_count = 0;
@@ -95,11 +106,17 @@ cJSON** synchronous_query_relays_with_progress(
relays[i].last_activity = start_time;
relays[i].events_capacity = 10;
relays[i].events = malloc(relays[i].events_capacity * sizeof(cJSON*));
// Initialize NIP-42 authentication fields
relays[i].auth_state = NOSTR_AUTH_STATE_NONE;
memset(relays[i].auth_challenge, 0, sizeof(relays[i].auth_challenge));
relays[i].auth_challenge_time = 0;
relays[i].nip42_enabled = nip42_enabled;
// Generate unique subscription ID
snprintf(relays[i].subscription_id, sizeof(relays[i].subscription_id),
snprintf(relays[i].subscription_id, sizeof(relays[i].subscription_id),
"sync_%d_%ld", i, start_time);
if (callback) {
callback(relays[i].url, "connecting", NULL, 0, relay_count, 0, user_data);
}
@@ -191,19 +208,50 @@ cJSON** synchronous_query_relays_with_progress(
cJSON* parsed = NULL;
if (nostr_parse_relay_message(buffer, &msg_type, &parsed) == 0) {
if (msg_type && strcmp(msg_type, "EVENT") == 0) {
if (msg_type && strcmp(msg_type, "AUTH") == 0) {
// Handle AUTH challenge message: ["AUTH", <challenge-string>]
if (relay->nip42_enabled && private_key && cJSON_IsArray(parsed) && cJSON_GetArraySize(parsed) >= 2) {
cJSON* challenge_json = cJSON_GetArrayItem(parsed, 1);
if (cJSON_IsString(challenge_json)) {
const char* challenge = cJSON_GetStringValue(challenge_json);
// Store challenge and attempt authentication
strncpy(relay->auth_challenge, challenge, sizeof(relay->auth_challenge) - 1);
relay->auth_challenge[sizeof(relay->auth_challenge) - 1] = '\0';
relay->auth_challenge_time = time(NULL);
relay->auth_state = NOSTR_AUTH_STATE_CHALLENGE_RECEIVED;
// Create and send authentication event
cJSON* auth_event = nostr_nip42_create_auth_event(challenge, relay->url, private_key, 0);
if (auth_event) {
char* auth_message = nostr_nip42_create_auth_message(auth_event);
if (auth_message) {
if (nostr_ws_send_text(relay->client, auth_message) >= 0) {
relay->auth_state = NOSTR_AUTH_STATE_AUTHENTICATING;
if (callback) {
callback(relay->url, "authenticating", NULL, 0, relay_count, completed_relays, user_data);
}
}
free(auth_message);
}
cJSON_Delete(auth_event);
}
}
}
} else if (msg_type && strcmp(msg_type, "EVENT") == 0) {
// Handle EVENT message
if (cJSON_IsArray(parsed) && cJSON_GetArraySize(parsed) >= 3) {
cJSON* sub_id_json = cJSON_GetArrayItem(parsed, 1);
cJSON* event = cJSON_GetArrayItem(parsed, 2);
if (cJSON_IsString(sub_id_json) && event &&
strcmp(cJSON_GetStringValue(sub_id_json), relay->subscription_id) == 0) {
cJSON* event_id_json = cJSON_GetObjectItem(event, "id");
if (event_id_json && cJSON_IsString(event_id_json)) {
const char* event_id = cJSON_GetStringValue(event_id_json);
// Check for duplicate
int is_duplicate = 0;
for (int j = 0; j < seen_count; j++) {
@@ -212,31 +260,31 @@ cJSON** synchronous_query_relays_with_progress(
break;
}
}
if (!is_duplicate && seen_count < 1000) {
// New event - add to seen list
strncpy(seen_event_ids[seen_count], event_id, 64);
seen_event_ids[seen_count][64] = '\0';
seen_count++;
total_unique_events++;
// Store event in relay's array
if (relay->events_received >= relay->events_capacity) {
relay->events_capacity *= 2;
relay->events = realloc(relay->events,
relay->events = realloc(relay->events,
relay->events_capacity * sizeof(cJSON*));
}
relay->events[relay->events_received] = cJSON_Duplicate(event, 1);
relay->events_received++;
relay->state = RELAY_STATE_ACTIVE;
if (callback) {
callback(relay->url, "event_found", event_id,
relay->events_received, relay_count,
callback(relay->url, "event_found", event_id,
relay->events_received, relay_count,
completed_relays, user_data);
}
// For FIRST_RESULT mode, return immediately
if (mode == RELAY_QUERY_FIRST_RESULT) {
result_array = malloc(sizeof(cJSON*));
@@ -244,7 +292,7 @@ cJSON** synchronous_query_relays_with_progress(
result_array[0] = cJSON_Duplicate(event, 1);
*result_count = 1;
if (callback) {
callback(NULL, "first_result", event_id,
callback(NULL, "first_result", event_id,
1, relay_count, completed_relays, user_data);
}
}
@@ -254,7 +302,7 @@ cJSON** synchronous_query_relays_with_progress(
}
}
}
} else if (msg_type && strcmp(msg_type, "EOSE") == 0) {
// Handle End of Stored Events
cJSON* sub_id_json = cJSON_GetArrayItem(parsed, 1);
@@ -400,7 +448,9 @@ publish_result_t* synchronous_publish_event_with_progress(
int* success_count,
int relay_timeout_seconds,
publish_progress_callback_t callback,
void* user_data) {
void* user_data,
int nip42_enabled,
const unsigned char* private_key) {
if (!relay_urls || relay_count <= 0 || !event || !success_count) {
if (success_count) *success_count = 0;
@@ -443,7 +493,13 @@ publish_result_t* synchronous_publish_event_with_progress(
relays[i].state = RELAY_STATE_CONNECTING;
relays[i].last_activity = start_time;
results[i] = PUBLISH_ERROR; // Default to error
// Initialize NIP-42 authentication fields
relays[i].auth_state = NOSTR_AUTH_STATE_NONE;
memset(relays[i].auth_challenge, 0, sizeof(relays[i].auth_challenge));
relays[i].auth_challenge_time = 0;
relays[i].nip42_enabled = nip42_enabled;
if (callback) {
callback(relays[i].url, "connecting", NULL, 0, relay_count, 0, user_data);
}
@@ -535,34 +591,65 @@ publish_result_t* synchronous_publish_event_with_progress(
char* msg_type = NULL;
cJSON* parsed = NULL;
if (nostr_parse_relay_message(buffer, &msg_type, &parsed) == 0) {
if (msg_type && strcmp(msg_type, "OK") == 0) {
if (msg_type && strcmp(msg_type, "AUTH") == 0) {
// Handle AUTH challenge message: ["AUTH", <challenge-string>]
if (relay->nip42_enabled && private_key && cJSON_IsArray(parsed) && cJSON_GetArraySize(parsed) >= 2) {
cJSON* challenge_json = cJSON_GetArrayItem(parsed, 1);
if (cJSON_IsString(challenge_json)) {
const char* challenge = cJSON_GetStringValue(challenge_json);
// Store challenge and attempt authentication
strncpy(relay->auth_challenge, challenge, sizeof(relay->auth_challenge) - 1);
relay->auth_challenge[sizeof(relay->auth_challenge) - 1] = '\0';
relay->auth_challenge_time = time(NULL);
relay->auth_state = NOSTR_AUTH_STATE_CHALLENGE_RECEIVED;
// Create and send authentication event
cJSON* auth_event = nostr_nip42_create_auth_event(challenge, relay->url, private_key, 0);
if (auth_event) {
char* auth_message = nostr_nip42_create_auth_message(auth_event);
if (auth_message) {
if (nostr_ws_send_text(relay->client, auth_message) >= 0) {
relay->auth_state = NOSTR_AUTH_STATE_AUTHENTICATING;
if (callback) {
callback(relay->url, "authenticating", NULL, 0, relay_count, completed_relays, user_data);
}
}
free(auth_message);
}
cJSON_Delete(auth_event);
}
}
}
} else if (msg_type && strcmp(msg_type, "OK") == 0) {
// Handle OK message: ["OK", <event_id>, <true|false>, <message>]
if (cJSON_IsArray(parsed) && cJSON_GetArraySize(parsed) >= 3) {
cJSON* ok_event_id = cJSON_GetArrayItem(parsed, 1);
cJSON* accepted = cJSON_GetArrayItem(parsed, 2);
cJSON* message = cJSON_GetArrayItem(parsed, 3);
// Verify this OK is for our event
if (ok_event_id && cJSON_IsString(ok_event_id) && event_id &&
strcmp(cJSON_GetStringValue(ok_event_id), event_id) == 0) {
relay->state = RELAY_STATE_EOSE_RECEIVED; // Reuse for "completed"
active_relays--;
completed_relays++;
const char* ok_message = "";
if (message && cJSON_IsString(message)) {
ok_message = cJSON_GetStringValue(message);
}
if (accepted && cJSON_IsBool(accepted) && cJSON_IsTrue(accepted)) {
// Event accepted
results[i] = PUBLISH_SUCCESS;
(*success_count)++;
if (callback) {
callback(relay->url, "accepted", ok_message,
callback(relay->url, "accepted", ok_message,
*success_count, relay_count, completed_relays, user_data);
}
} else {
@@ -570,11 +657,11 @@ publish_result_t* synchronous_publish_event_with_progress(
results[i] = PUBLISH_REJECTED;
if (callback) {
callback(relay->url, "rejected", ok_message,
callback(relay->url, "rejected", ok_message,
*success_count, relay_count, completed_relays, user_data);
}
}
// Close connection
nostr_ws_close(relay->client);
relay->client = NULL;

67
nostr_core/crypto/nostr_aes.c
View File

@@ -1,15 +1,76 @@
/*
* NOSTR AES Implementation
*
*
* Based on tiny-AES-c by kokke (public domain)
* Configured specifically for NIP-04: AES-256-CBC only
*
*
* This is an implementation of the AES algorithm, specifically CBC mode.
* Configured for AES-256 as required by NIP-04.
*/
#include <stdint.h>
#include <stddef.h>
#include <string.h> // CBC mode, for memset
#include "nostr_aes.h"
// Configure for NIP-04 requirements: AES-256-CBC only
#define CBC 1
#define ECB 0
#define CTR 0
// Configure for AES-256 (required by NIP-04)
#define AES128 0
#define AES192 0
#define AES256 1
#define AES_BLOCKLEN 16 // Block length in bytes - AES is 128b block only
#if defined(AES256) && (AES256 == 1)
#define AES_KEYLEN 32
#define AES_keyExpSize 240
#elif defined(AES192) && (AES192 == 1)
#define AES_KEYLEN 24
#define AES_keyExpSize 208
#else
#define AES_KEYLEN 16 // Key length in bytes
#define AES_keyExpSize 176
#endif
struct AES_ctx
{
uint8_t RoundKey[AES_keyExpSize];
#if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1))
uint8_t Iv[AES_BLOCKLEN];
#endif
};
// state - array holding the intermediate results during decryption.
typedef uint8_t state_t[4][4];
// Function prototypes (internal use only)
static void KeyExpansion(uint8_t* RoundKey, const uint8_t* Key);
static void AddRoundKey(uint8_t round, state_t* state, const uint8_t* RoundKey);
static void SubBytes(state_t* state);
static void ShiftRows(state_t* state);
static uint8_t xtime(uint8_t x);
static void MixColumns(state_t* state);
static void InvMixColumns(state_t* state);
static void InvSubBytes(state_t* state);
static void InvShiftRows(state_t* state);
static void Cipher(state_t* state, const uint8_t* RoundKey);
static void InvCipher(state_t* state, const uint8_t* RoundKey);
static void XorWithIv(uint8_t* buf, const uint8_t* Iv);
// Public functions (used by NIP-04 implementation)
void AES_init_ctx(struct AES_ctx* ctx, const uint8_t* key);
#if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1))
void AES_init_ctx_iv(struct AES_ctx* ctx, const uint8_t* key, const uint8_t* iv);
void AES_ctx_set_iv(struct AES_ctx* ctx, const uint8_t* iv);
#endif
#if defined(CBC) && (CBC == 1)
void AES_CBC_encrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, size_t length);
void AES_CBC_decrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, size_t length);
#endif
// The number of columns comprising a state in AES. This is a constant in AES. Value=4
#define Nb 4

53
nostr_core/crypto/nostr_aes.h
View File

@@ -1,53 +0,0 @@
#ifndef _NOSTR_AES_H_
#define _NOSTR_AES_H_
#include <stdint.h>
#include <stddef.h>
// Configure for NIP-04 requirements: AES-256-CBC only
#define CBC 1
#define ECB 0
#define CTR 0
// Configure for AES-256 (required by NIP-04)
#define AES128 0
#define AES192 0
#define AES256 1
#define AES_BLOCKLEN 16 // Block length in bytes - AES is 128b block only
#if defined(AES256) && (AES256 == 1)
#define AES_KEYLEN 32
#define AES_keyExpSize 240
#elif defined(AES192) && (AES192 == 1)
#define AES_KEYLEN 24
#define AES_keyExpSize 208
#else
#define AES_KEYLEN 16 // Key length in bytes
#define AES_keyExpSize 176
#endif
struct AES_ctx
{
uint8_t RoundKey[AES_keyExpSize];
#if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1))
uint8_t Iv[AES_BLOCKLEN];
#endif
};
void AES_init_ctx(struct AES_ctx* ctx, const uint8_t* key);
#if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1))
void AES_init_ctx_iv(struct AES_ctx* ctx, const uint8_t* key, const uint8_t* iv);
void AES_ctx_set_iv(struct AES_ctx* ctx, const uint8_t* iv);
#endif
#if defined(CBC) && (CBC == 1)
// buffer size MUST be multiple of AES_BLOCKLEN;
// Suggest https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 for padding scheme
// NOTES: you need to set IV in ctx via AES_init_ctx_iv() or AES_ctx_set_iv()
// no IV should ever be reused with the same key
void AES_CBC_encrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, size_t length);
void AES_CBC_decrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, size_t length);
#endif // #if defined(CBC) && (CBC == 1)
#endif // _NOSTR_AES_H_

38
nostr_core/crypto/nostr_chacha20.c
View File

@@ -1,15 +1,47 @@
/*
* nostr_chacha20.c - ChaCha20 stream cipher implementation
*
*
* Implementation based on RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols"
*
*
* This implementation is adapted from the RFC 8439 reference specification.
* It prioritizes correctness and clarity over performance optimization.
*/
#include "nostr_chacha20.h"
#include <stdint.h>
#include <stddef.h>
#include <string.h>
/*
* ============================================================================
* CONSTANTS AND DEFINITIONS
* ============================================================================
*/
#define CHACHA20_KEY_SIZE 32 /* 256 bits */
#define CHACHA20_NONCE_SIZE 12 /* 96 bits */
#define CHACHA20_BLOCK_SIZE 64 /* 512 bits */
/*
* ============================================================================
* FUNCTION PROTOTYPES (INTERNAL USE ONLY)
* ============================================================================
*/
// Internal utility functions
static uint32_t bytes_to_u32_le(const uint8_t *bytes);
static void u32_to_bytes_le(uint32_t val, uint8_t *bytes);
// Public functions (used by NIP-44 implementation)
void chacha20_quarter_round(uint32_t state[16], int a, int b, int c, int d);
int chacha20_block(const uint8_t key[32], uint32_t counter,
const uint8_t nonce[12], uint8_t output[64]);
int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
const uint8_t nonce[12], const uint8_t* input,
uint8_t* output, size_t length);
void chacha20_init_state(uint32_t state[16], const uint8_t key[32],
uint32_t counter, const uint8_t nonce[12]);
void chacha20_serialize_state(const uint32_t state[16], uint8_t output[64]);
/*
* ============================================================================
* UTILITY MACROS AND FUNCTIONS

115
nostr_core/crypto/nostr_chacha20.h
View File

@@ -1,115 +0,0 @@
/*
* nostr_chacha20.h - ChaCha20 stream cipher implementation
*
* Implementation based on RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols"
*
* This is a small, portable implementation for NIP-44 support in the NOSTR library.
* The implementation prioritizes correctness and simplicity over performance.
*/
#ifndef NOSTR_CHACHA20_H
#define NOSTR_CHACHA20_H
#include <stdint.h>
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* ============================================================================
* CONSTANTS AND DEFINITIONS
* ============================================================================
*/
#define CHACHA20_KEY_SIZE 32 /* 256 bits */
#define CHACHA20_NONCE_SIZE 12 /* 96 bits */
#define CHACHA20_BLOCK_SIZE 64 /* 512 bits */
/*
* ============================================================================
* CORE CHACHA20 FUNCTIONS
* ============================================================================
*/
/**
* ChaCha20 quarter round operation
*
* Operates on four 32-bit words performing the core ChaCha20 quarter round:
* a += b; d ^= a; d <<<= 16;
* c += d; b ^= c; b <<<= 12;
* a += b; d ^= a; d <<<= 8;
* c += d; b ^= c; b <<<= 7;
*
* @param state[in,out] ChaCha state as 16 32-bit words
* @param a, b, c, d Indices into state array for quarter round
*/
void chacha20_quarter_round(uint32_t state[16], int a, int b, int c, int d);
/**
* ChaCha20 block function
*
* Transforms a 64-byte input block using ChaCha20 algorithm with 20 rounds.
*
* @param key[in] 32-byte key
* @param counter[in] 32-bit block counter
* @param nonce[in] 12-byte nonce
* @param output[out] 64-byte output buffer
* @return 0 on success, negative on error
*/
int chacha20_block(const uint8_t key[32], uint32_t counter,
const uint8_t nonce[12], uint8_t output[64]);
/**
* ChaCha20 encryption/decryption
*
* Encrypts or decrypts data using ChaCha20 stream cipher.
* Since ChaCha20 is a stream cipher, encryption and decryption are the same operation.
*
* @param key[in] 32-byte key
* @param counter[in] Initial 32-bit counter value
* @param nonce[in] 12-byte nonce
* @param input[in] Input data to encrypt/decrypt
* @param output[out] Output buffer (can be same as input)
* @param length[in] Length of input data in bytes
* @return 0 on success, negative on error
*/
int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
const uint8_t nonce[12], const uint8_t* input,
uint8_t* output, size_t length);
/*
* ============================================================================
* UTILITY FUNCTIONS
* ============================================================================
*/
/**
* Initialize ChaCha20 state matrix
*
* Sets up the initial 16-word state matrix with constants, key, counter, and nonce.
*
* @param state[out] 16-word state array to initialize
* @param key[in] 32-byte key
* @param counter[in] 32-bit block counter
* @param nonce[in] 12-byte nonce
*/
void chacha20_init_state(uint32_t state[16], const uint8_t key[32],
uint32_t counter, const uint8_t nonce[12]);
/**
* Serialize ChaCha20 state to bytes
*
* Converts 16 32-bit words to 64 bytes in little-endian format.
*
* @param state[in] 16-word state array
* @param output[out] 64-byte output buffer
*/
void chacha20_serialize_state(const uint32_t state[16], uint8_t output[64]);
#ifdef __cplusplus
}
#endif
#endif /* NOSTR_CHACHA20_H */

28
nostr_core/crypto/nostr_secp256k1.c
View File

@@ -1,4 +1,3 @@
#include "nostr_secp256k1.h"
#include <secp256k1.h>
#include <secp256k1_schnorrsig.h>
#include <secp256k1_ecdh.h>
@@ -6,6 +5,33 @@
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <stddef.h>
/*
* PRIVATE INTERNAL FUNCTIONS - NOT EXPORTED
* These functions are for internal library use only.
*/
/** Opaque data structure that holds a parsed and valid public key.
* Guaranteed to be 64 bytes in size, and can be safely copied/moved.
*/
typedef struct nostr_secp256k1_pubkey {
unsigned char data[64];
} nostr_secp256k1_pubkey;
/** Opaque data structure that holds a parsed keypair.
* Guaranteed to be 96 bytes in size, and can be safely copied/moved.
*/
typedef struct nostr_secp256k1_keypair {
unsigned char data[96];
} nostr_secp256k1_keypair;
/** Opaque data structure that holds a parsed x-only public key.
* Guaranteed to be 64 bytes in size, and can be safely copied/moved.
*/
typedef struct nostr_secp256k1_xonly_pubkey {
unsigned char data[64];
} nostr_secp256k1_xonly_pubkey;
// Global context for secp256k1 operations
static secp256k1_context* g_ctx = NULL;

141
nostr_core/crypto/nostr_secp256k1.h
View File

@@ -1,141 +0,0 @@
#ifndef NOSTR_SECP256K1_H
#define NOSTR_SECP256K1_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stddef.h>
/** Opaque data structure that holds a parsed and valid public key.
* Guaranteed to be 64 bytes in size, and can be safely copied/moved.
*/
typedef struct nostr_secp256k1_pubkey {
unsigned char data[64];
} nostr_secp256k1_pubkey;
/** Opaque data structure that holds a parsed keypair.
* Guaranteed to be 96 bytes in size, and can be safely copied/moved.
*/
typedef struct nostr_secp256k1_keypair {
unsigned char data[96];
} nostr_secp256k1_keypair;
/** Opaque data structure that holds a parsed x-only public key.
* Guaranteed to be 64 bytes in size, and can be safely copied/moved.
*/
typedef struct nostr_secp256k1_xonly_pubkey {
unsigned char data[64];
} nostr_secp256k1_xonly_pubkey;
/** Initialize the secp256k1 library. Must be called before any other functions.
* Returns: 1 on success, 0 on failure.
*/
int nostr_secp256k1_context_create(void);
/** Clean up the secp256k1 library resources.
*/
void nostr_secp256k1_context_destroy(void);
/** Verify an elliptic curve secret key.
* Returns: 1: secret key is valid, 0: secret key is invalid
* In: seckey: pointer to a 32-byte secret key.
*/
int nostr_secp256k1_ec_seckey_verify(const unsigned char *seckey);
/** Compute the public key for a secret key.
* Returns: 1: secret was valid, public key stored. 0: secret was invalid.
* Out: pubkey: pointer to the created public key.
* In: seckey: pointer to a 32-byte secret key.
*/
int nostr_secp256k1_ec_pubkey_create(nostr_secp256k1_pubkey *pubkey, const unsigned char *seckey);
/** Create a keypair from a secret key.
* Returns: 1: keypair created, 0: secret key invalid.
* Out: keypair: pointer to the created keypair.
* In: seckey: pointer to a 32-byte secret key.
*/
int nostr_secp256k1_keypair_create(nostr_secp256k1_keypair *keypair, const unsigned char *seckey);
/** Get the x-only public key from a keypair.
* Returns: 1 always.
* Out: pubkey: pointer to storage for the x-only public key.
* In: keypair: pointer to a keypair.
*/
int nostr_secp256k1_keypair_xonly_pub(nostr_secp256k1_xonly_pubkey *pubkey, const nostr_secp256k1_keypair *keypair);
/** Parse an x-only public key from bytes.
* Returns: 1: public key parsed, 0: invalid public key.
* Out: pubkey: pointer to the created x-only public key.
* In: input32: pointer to a 32-byte x-only public key.
*/
int nostr_secp256k1_xonly_pubkey_parse(nostr_secp256k1_xonly_pubkey *pubkey, const unsigned char *input32);
/** Serialize an x-only public key to bytes.
* Returns: 1 always.
* Out: output32: pointer to a 32-byte array to store the serialized key.
* In: pubkey: pointer to an x-only public key.
*/
int nostr_secp256k1_xonly_pubkey_serialize(unsigned char *output32, const nostr_secp256k1_xonly_pubkey *pubkey);
/** Create a Schnorr signature.
* Returns: 1: signature created, 0: nonce generation failed or secret key invalid.
* Out: sig64: pointer to a 64-byte array where the signature will be placed.
* In: msghash32: the 32-byte message hash being signed.
* keypair: pointer to an initialized keypair.
* aux_rand32: pointer to 32 bytes of auxiliary randomness (can be NULL).
*/
int nostr_secp256k1_schnorrsig_sign32(unsigned char *sig64, const unsigned char *msghash32, const nostr_secp256k1_keypair *keypair, const unsigned char *aux_rand32);
/** Verify a Schnorr signature.
* Returns: 1: correct signature, 0: incorrect signature
* In: sig64: pointer to the 64-byte signature being verified.
* msghash32: the 32-byte message hash being verified.
* pubkey: pointer to an x-only public key to verify with.
*/
int nostr_secp256k1_schnorrsig_verify(const unsigned char *sig64, const unsigned char *msghash32, const nostr_secp256k1_xonly_pubkey *pubkey);
/** Serialize a pubkey object into a serialized byte sequence.
* Returns: 1 always.
* Out: output: pointer to a 33-byte array to place the serialized key in.
* In: pubkey: pointer to a secp256k1_pubkey containing an initialized public key.
*
* The output will be a 33-byte compressed public key (0x02 or 0x03 prefix + 32 bytes x coordinate).
*/
int nostr_secp256k1_ec_pubkey_serialize_compressed(unsigned char *output, const nostr_secp256k1_pubkey *pubkey);
/** Tweak a secret key by adding a 32-byte tweak to it.
* Returns: 1: seckey was valid, 0: seckey invalid or resulting key invalid
* In/Out: seckey: pointer to a 32-byte secret key. Will be modified in-place.
* In: tweak: pointer to a 32-byte tweak.
*/
int nostr_secp256k1_ec_seckey_tweak_add(unsigned char *seckey, const unsigned char *tweak);
/** Parse a variable-length public key into the pubkey object.
* Returns: 1: public key parsed, 0: invalid public key.
* Out: pubkey: pointer to the created public key.
* In: input: pointer to a serialized public key
* inputlen: length of the array pointed to by input
*/
int nostr_secp256k1_ec_pubkey_parse(nostr_secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen);
/** Compute an EC Diffie-Hellman secret in constant time.
* Returns: 1: exponentiation was successful, 0: scalar was invalid (zero or overflow)
* Out: result: a 32-byte array which will be populated by an ECDH secret computed from point and scalar
* In: pubkey: a pointer to a secp256k1_pubkey containing an initialized public key
* seckey: a 32-byte scalar with which to multiply the point
*/
int nostr_secp256k1_ecdh(unsigned char *result, const nostr_secp256k1_pubkey *pubkey, const unsigned char *seckey, void *hashfp, void *data);
/** Generate cryptographically secure random bytes.
* Returns: 1: success, 0: failure
* Out: buf: buffer to fill with random bytes
* In: len: number of bytes to generate
*/
int nostr_secp256k1_get_random_bytes(unsigned char *buf, size_t len);
#ifdef __cplusplus
}
#endif
#endif /* NOSTR_SECP256K1_H */

212
nostr_core/nip001.c
View File

@@ -13,9 +13,21 @@
#include <time.h>
#include "../nostr_core/nostr_common.h"
// Forward declarations for crypto functions (private API)
// These functions are implemented in crypto/ but not exposed through public headers
typedef struct {
unsigned char data[64];
} nostr_secp256k1_xonly_pubkey;
int nostr_secp256k1_xonly_pubkey_parse(nostr_secp256k1_xonly_pubkey* pubkey, const unsigned char* input32);
int nostr_secp256k1_schnorrsig_verify(const unsigned char* sig64, const unsigned char* msg32, const nostr_secp256k1_xonly_pubkey* pubkey);
// Declare utility functions
void nostr_bytes_to_hex(const unsigned char* bytes, size_t len, char* hex);
int nostr_hex_to_bytes(const char* hex, unsigned char* bytes, size_t len);
int nostr_sha256(const unsigned char* data, size_t len, unsigned char* hash);
int nostr_ec_public_key_from_private_key(const unsigned char* private_key, unsigned char* public_key);
int nostr_ec_sign(const unsigned char* private_key, const unsigned char* hash, unsigned char* signature);
/**
* Create and sign a NOSTR event
@@ -131,3 +143,203 @@ cJSON* nostr_create_and_sign_event(int kind, const char* content, cJSON* tags, c
return event;
}
/**
* Validate the structure of a NOSTR event
* Checks required fields, types, and basic format validation
*/
int nostr_validate_event_structure(cJSON* event) {
if (!event || !cJSON_IsObject(event)) {
return NOSTR_ERROR_EVENT_INVALID_STRUCTURE;
}
// Check required fields exist
cJSON* id_item = cJSON_GetObjectItem(event, "id");
cJSON* pubkey_item = cJSON_GetObjectItem(event, "pubkey");
cJSON* created_at_item = cJSON_GetObjectItem(event, "created_at");
cJSON* kind_item = cJSON_GetObjectItem(event, "kind");
cJSON* tags_item = cJSON_GetObjectItem(event, "tags");
cJSON* content_item = cJSON_GetObjectItem(event, "content");
cJSON* sig_item = cJSON_GetObjectItem(event, "sig");
if (!id_item || !pubkey_item || !created_at_item || !kind_item ||
!tags_item || !content_item || !sig_item) {
return NOSTR_ERROR_EVENT_INVALID_STRUCTURE;
}
// Validate field types
if (!cJSON_IsString(id_item)) return NOSTR_ERROR_EVENT_INVALID_ID;
if (!cJSON_IsString(pubkey_item)) return NOSTR_ERROR_EVENT_INVALID_PUBKEY;
if (!cJSON_IsNumber(created_at_item)) return NOSTR_ERROR_EVENT_INVALID_CREATED_AT;
if (!cJSON_IsNumber(kind_item)) return NOSTR_ERROR_EVENT_INVALID_KIND;
if (!cJSON_IsArray(tags_item)) return NOSTR_ERROR_EVENT_INVALID_TAGS;
if (!cJSON_IsString(content_item)) return NOSTR_ERROR_EVENT_INVALID_CONTENT;
if (!cJSON_IsString(sig_item)) return NOSTR_ERROR_EVENT_INVALID_SIGNATURE;
// Validate hex string lengths
const char* id_str = cJSON_GetStringValue(id_item);
const char* pubkey_str = cJSON_GetStringValue(pubkey_item);
const char* sig_str = cJSON_GetStringValue(sig_item);
if (!id_str || strlen(id_str) != 64) return NOSTR_ERROR_EVENT_INVALID_ID;
if (!pubkey_str || strlen(pubkey_str) != 64) return NOSTR_ERROR_EVENT_INVALID_PUBKEY;
if (!sig_str || strlen(sig_str) != 128) return NOSTR_ERROR_EVENT_INVALID_SIGNATURE;
// Validate hex characters (lowercase)
for (int i = 0; i < 64; i++) {
char c = id_str[i];
if (!((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f'))) {
return NOSTR_ERROR_EVENT_INVALID_ID;
}
c = pubkey_str[i];
if (!((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f'))) {
return NOSTR_ERROR_EVENT_INVALID_PUBKEY;
}
}
// Validate signature hex characters (lowercase) - 128 characters
for (int i = 0; i < 128; i++) {
char c = sig_str[i];
if (!((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f'))) {
return NOSTR_ERROR_EVENT_INVALID_SIGNATURE;
}
}
// Validate created_at is a valid timestamp (positive number)
double created_at = cJSON_GetNumberValue(created_at_item);
if (created_at < 0) return NOSTR_ERROR_EVENT_INVALID_CREATED_AT;
// Validate kind is valid (0-65535)
double kind = cJSON_GetNumberValue(kind_item);
if (kind < 0 || kind > 65535 || kind != (int)kind) {
return NOSTR_ERROR_EVENT_INVALID_KIND;
}
// Validate tags array structure (array of arrays of strings)
cJSON* tag_item;
cJSON_ArrayForEach(tag_item, tags_item) {
if (!cJSON_IsArray(tag_item)) {
return NOSTR_ERROR_EVENT_INVALID_TAGS;
}
cJSON* tag_element;
cJSON_ArrayForEach(tag_element, tag_item) {
if (!cJSON_IsString(tag_element)) {
return NOSTR_ERROR_EVENT_INVALID_TAGS;
}
}
}
return NOSTR_SUCCESS;
}
/**
* Verify the cryptographic signature of a NOSTR event
* Validates event ID and signature according to NIP-01
*/
int nostr_verify_event_signature(cJSON* event) {
if (!event) {
return NOSTR_ERROR_INVALID_INPUT;
}
// Get event fields
cJSON* id_item = cJSON_GetObjectItem(event, "id");
cJSON* pubkey_item = cJSON_GetObjectItem(event, "pubkey");
cJSON* created_at_item = cJSON_GetObjectItem(event, "created_at");
cJSON* kind_item = cJSON_GetObjectItem(event, "kind");
cJSON* tags_item = cJSON_GetObjectItem(event, "tags");
cJSON* content_item = cJSON_GetObjectItem(event, "content");
cJSON* sig_item = cJSON_GetObjectItem(event, "sig");
if (!id_item || !pubkey_item || !created_at_item || !kind_item ||
!tags_item || !content_item || !sig_item) {
return NOSTR_ERROR_EVENT_INVALID_STRUCTURE;
}
// Create serialization array: [0, pubkey, created_at, kind, tags, content]
cJSON* serialize_array = cJSON_CreateArray();
if (!serialize_array) {
return NOSTR_ERROR_MEMORY_FAILED;
}
cJSON_AddItemToArray(serialize_array, cJSON_CreateNumber(0));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(pubkey_item, 1));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(created_at_item, 1));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(kind_item, 1));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(tags_item, 1));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(content_item, 1));
char* serialize_string = cJSON_PrintUnformatted(serialize_array);
cJSON_Delete(serialize_array);
if (!serialize_string) {
return NOSTR_ERROR_MEMORY_FAILED;
}
// Hash the serialized event
unsigned char event_hash[32];
if (nostr_sha256((const unsigned char*)serialize_string, strlen(serialize_string), event_hash) != 0) {
free(serialize_string);
return NOSTR_ERROR_CRYPTO_FAILED;
}
// Convert hash to hex for event ID verification
char calculated_id[65];
nostr_bytes_to_hex(event_hash, 32, calculated_id);
// Compare with provided event ID
const char* provided_id = cJSON_GetStringValue(id_item);
if (!provided_id || strcmp(calculated_id, provided_id) != 0) {
free(serialize_string);
return NOSTR_ERROR_EVENT_INVALID_ID;
}
// Verify signature
const char* pubkey_str = cJSON_GetStringValue(pubkey_item);
const char* sig_str = cJSON_GetStringValue(sig_item);
if (!pubkey_str || !sig_str) {
free(serialize_string);
return NOSTR_ERROR_EVENT_INVALID_STRUCTURE;
}
// Convert hex strings to bytes
unsigned char pubkey_bytes[32];
unsigned char sig_bytes[64];
if (nostr_hex_to_bytes(pubkey_str, pubkey_bytes, 32) != 0 ||
nostr_hex_to_bytes(sig_str, sig_bytes, 64) != 0) {
free(serialize_string);
return NOSTR_ERROR_CRYPTO_FAILED;
}
// Parse the public key into secp256k1 format
nostr_secp256k1_xonly_pubkey xonly_pubkey;
if (!nostr_secp256k1_xonly_pubkey_parse(&xonly_pubkey, pubkey_bytes)) {
free(serialize_string);
return NOSTR_ERROR_EVENT_INVALID_PUBKEY;
}
// Verify Schnorr signature
if (!nostr_secp256k1_schnorrsig_verify(sig_bytes, event_hash, &xonly_pubkey)) {
free(serialize_string);
return NOSTR_ERROR_EVENT_INVALID_SIGNATURE;
}
free(serialize_string);
return NOSTR_SUCCESS;
}
/**
* Complete validation of a NOSTR event
* Performs both structure and cryptographic validation
*/
int nostr_validate_event(cJSON* event) {
// First validate structure (fast check)
int structure_result = nostr_validate_event_structure(event);
if (structure_result != NOSTR_SUCCESS) {
return structure_result;
}
// Then verify signature (expensive check)
return nostr_verify_event_signature(event);
}

5
nostr_core/nip001.h
View File

@@ -15,4 +15,9 @@
// Function declarations
cJSON* nostr_create_and_sign_event(int kind, const char* content, cJSON* tags, const unsigned char* private_key, time_t timestamp);
// Event validation functions
int nostr_validate_event_structure(cJSON* event);
int nostr_verify_event_signature(cJSON* event);
int nostr_validate_event(cJSON* event);
#endif // NIP001_H

17
nostr_core/nip004.c
View File

@@ -6,13 +6,24 @@
#include "nip004.h"
#include "utils.h"
#include "nostr_common.h"
#include "crypto/nostr_secp256k1.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
// Include our AES implementation
#include "crypto/nostr_aes.h"
// Forward declarations for crypto functions (private API)
// These functions are implemented in crypto/ but not exposed through public headers
int ecdh_shared_secret(const unsigned char* private_key, const unsigned char* public_key, unsigned char* shared_secret);
int nostr_secp256k1_get_random_bytes(unsigned char* buf, size_t len);
// AES context and functions for NIP-04 encryption
struct AES_ctx {
unsigned char RoundKey[240]; // AES-256 key expansion
unsigned char Iv[16]; // Initialization vector
};
void AES_init_ctx_iv(struct AES_ctx* ctx, const unsigned char* key, const unsigned char* iv);
void AES_CBC_encrypt_buffer(struct AES_ctx* ctx, unsigned char* buf, size_t length);
void AES_CBC_decrypt_buffer(struct AES_ctx* ctx, unsigned char* buf, size_t length);
// Forward declarations for internal functions
static int aes_cbc_encrypt(const unsigned char* key, const unsigned char* iv,

2
nostr_core/nip004.h
View File

@@ -13,7 +13,7 @@ extern "C" {
#endif
// NIP-04 constants
// #define NOSTR_NIP04_MAX_PLAINTEXT_SIZE 65535
// #define NOSTR_NIP04_MAX_PLAINTEXT_SIZE 1048576 // 1MB
// NIP-04 Constants
// #define NOSTR_NIP04_MAX_PLAINTEXT_SIZE 16777216 // 16MB
// #define NOSTR_NIP04_MAX_ENCRYPTED_SIZE 22369621 // ~21.3MB (accounts for base64 overhead + IV)

329
nostr_core/nip013.c
View File

@@ -277,3 +277,332 @@ int nostr_add_proof_of_work(cJSON* event, const unsigned char* private_key,
// If we reach here, we've exceeded max attempts
return NOSTR_ERROR_CRYPTO_FAILED;
}
/**
* Calculate PoW difficulty (leading zero bits) for an event ID
*
* @param event_id_hex Hexadecimal event ID string (64 characters)
* @return Number of leading zero bits, or negative error code on failure
*/
int nostr_calculate_pow_difficulty(const char* event_id_hex) {
if (!event_id_hex) {
return NOSTR_ERROR_INVALID_INPUT;
}
// Validate hex string length (should be 64 characters for SHA-256)
size_t hex_len = strlen(event_id_hex);
if (hex_len != 64) {
return NOSTR_ERROR_NIP13_CALCULATION;
}
// Convert hex to bytes
unsigned char hash[32];
if (nostr_hex_to_bytes(event_id_hex, hash, 32) != NOSTR_SUCCESS) {
return NOSTR_ERROR_NIP13_CALCULATION;
}
// Use existing NIP-13 reference implementation
return count_leading_zero_bits(hash);
}
/**
* Extract nonce information from event tags
*
* @param event Complete event JSON object
* @param nonce_out Output pointer for nonce value (can be NULL)
* @param target_difficulty_out Output pointer for target difficulty (can be NULL)
* @return NOSTR_SUCCESS if nonce tag found, NOSTR_ERROR_NIP13_NO_NONCE_TAG if not found, other error codes on failure
*/
int nostr_extract_nonce_info(cJSON* event, uint64_t* nonce_out, int* target_difficulty_out) {
if (!event) {
return NOSTR_ERROR_INVALID_INPUT;
}
// Initialize output values
if (nonce_out) *nonce_out = 0;
if (target_difficulty_out) *target_difficulty_out = -1;
// Get tags array
cJSON* tags = cJSON_GetObjectItem(event, "tags");
if (!tags || !cJSON_IsArray(tags)) {
return NOSTR_ERROR_NIP13_NO_NONCE_TAG;
}
// Search for nonce tag
cJSON* tag = NULL;
cJSON_ArrayForEach(tag, tags) {
if (!cJSON_IsArray(tag) || cJSON_GetArraySize(tag) < 2) {
continue;
}
// Check if this is a nonce tag
cJSON* tag_type = cJSON_GetArrayItem(tag, 0);
if (!tag_type || !cJSON_IsString(tag_type)) {
continue;
}
const char* tag_name = cJSON_GetStringValue(tag_type);
if (!tag_name || strcmp(tag_name, "nonce") != 0) {
continue;
}
// Extract nonce value (second element)
cJSON* nonce_item = cJSON_GetArrayItem(tag, 1);
if (!nonce_item || !cJSON_IsString(nonce_item)) {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
const char* nonce_str = cJSON_GetStringValue(nonce_item);
if (!nonce_str) {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
// Parse nonce value
char* endptr;
uint64_t nonce_val = strtoull(nonce_str, &endptr, 10);
if (*endptr != '\0') {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
if (nonce_out) *nonce_out = nonce_val;
// Extract target difficulty (third element, optional)
if (cJSON_GetArraySize(tag) >= 3) {
cJSON* target_item = cJSON_GetArrayItem(tag, 2);
if (target_item && cJSON_IsString(target_item)) {
const char* target_str = cJSON_GetStringValue(target_item);
if (target_str) {
char* endptr2;
long target_val = strtol(target_str, &endptr2, 10);
if (*endptr2 == '\0' && target_val >= 0) {
if (target_difficulty_out) *target_difficulty_out = (int)target_val;
}
}
}
}
return NOSTR_SUCCESS;
}
// No nonce tag found
return NOSTR_ERROR_NIP13_NO_NONCE_TAG;
}
/**
* Validate just the nonce tag format (without PoW calculation)
*
* @param nonce_tag_array JSON array representing a nonce tag
* @return NOSTR_SUCCESS if valid format, error code otherwise
*/
int nostr_validate_nonce_tag(cJSON* nonce_tag_array) {
if (!nonce_tag_array || !cJSON_IsArray(nonce_tag_array)) {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
int array_size = cJSON_GetArraySize(nonce_tag_array);
if (array_size < 2) {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
// First element should be "nonce"
cJSON* tag_type = cJSON_GetArrayItem(nonce_tag_array, 0);
if (!tag_type || !cJSON_IsString(tag_type)) {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
const char* tag_name = cJSON_GetStringValue(tag_type);
if (!tag_name || strcmp(tag_name, "nonce") != 0) {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
// Second element should be a valid nonce (numeric string)
cJSON* nonce_item = cJSON_GetArrayItem(nonce_tag_array, 1);
if (!nonce_item || !cJSON_IsString(nonce_item)) {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
const char* nonce_str = cJSON_GetStringValue(nonce_item);
if (!nonce_str) {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
// Validate nonce is a valid number
char* endptr;
strtoull(nonce_str, &endptr, 10);
if (*endptr != '\0') {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
// Third element (target difficulty) is optional, but if present should be valid
if (array_size >= 3) {
cJSON* target_item = cJSON_GetArrayItem(nonce_tag_array, 2);
if (target_item && cJSON_IsString(target_item)) {
const char* target_str = cJSON_GetStringValue(target_item);
if (target_str) {
char* endptr2;
strtol(target_str, &endptr2, 10);
if (*endptr2 != '\0') {
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
}
}
}
return NOSTR_SUCCESS;
}
/**
* Validate Proof of Work for an event according to NIP-13
*
* @param event Complete event JSON object to validate
* @param min_difficulty Minimum difficulty required by the relay (0 = no requirement)
* @param validation_flags Bitflags for validation options
* @param result_info Optional output struct for detailed results (can be NULL)
* @return NOSTR_SUCCESS if PoW is valid and meets requirements, error code otherwise
*/
int nostr_validate_pow(cJSON* event, int min_difficulty, int validation_flags,
nostr_pow_result_t* result_info) {
if (!event) {
return NOSTR_ERROR_INVALID_INPUT;
}
// Initialize result info if provided
if (result_info) {
result_info->actual_difficulty = 0;
result_info->committed_target = -1;
result_info->nonce_value = 0;
result_info->has_nonce_tag = 0;
result_info->error_detail[0] = '\0';
}
// Get event ID for PoW calculation
cJSON* id_item = cJSON_GetObjectItem(event, "id");
if (!id_item || !cJSON_IsString(id_item)) {
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"Missing or invalid event ID");
}
return NOSTR_ERROR_EVENT_INVALID_ID;
}
const char* event_id = cJSON_GetStringValue(id_item);
if (!event_id) {
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"Event ID is not a string");
}
return NOSTR_ERROR_EVENT_INVALID_ID;
}
// Calculate actual PoW difficulty
int actual_difficulty = nostr_calculate_pow_difficulty(event_id);
if (actual_difficulty < 0) {
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"Failed to calculate PoW difficulty");
}
return actual_difficulty; // Return the specific error from calculation
}
if (result_info) {
result_info->actual_difficulty = actual_difficulty;
}
// Check if minimum difficulty requirement is met
if (min_difficulty > 0 && actual_difficulty < min_difficulty) {
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"Insufficient difficulty: %d < %d", actual_difficulty, min_difficulty);
}
return NOSTR_ERROR_NIP13_INSUFFICIENT;
}
// Extract nonce information if validation flags require it
uint64_t nonce_value = 0;
int committed_target = -1;
int nonce_extract_result = nostr_extract_nonce_info(event, &nonce_value, &committed_target);
if (result_info) {
result_info->nonce_value = nonce_value;
result_info->committed_target = committed_target;
result_info->has_nonce_tag = (nonce_extract_result == NOSTR_SUCCESS) ? 1 : 0;
}
// Validate nonce tag presence if required
if (validation_flags & NOSTR_POW_VALIDATE_NONCE_TAG) {
if (nonce_extract_result == NOSTR_ERROR_NIP13_NO_NONCE_TAG) {
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"Missing required nonce tag");
}
return NOSTR_ERROR_NIP13_NO_NONCE_TAG;
} else if (nonce_extract_result != NOSTR_SUCCESS) {
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"Invalid nonce tag format");
}
return nonce_extract_result;
}
// If strict format validation is enabled, validate the nonce tag structure
if (validation_flags & NOSTR_POW_STRICT_FORMAT) {
cJSON* tags = cJSON_GetObjectItem(event, "tags");
if (tags && cJSON_IsArray(tags)) {
cJSON* tag = NULL;
cJSON_ArrayForEach(tag, tags) {
if (cJSON_IsArray(tag) && cJSON_GetArraySize(tag) >= 2) {
cJSON* tag_type = cJSON_GetArrayItem(tag, 0);
if (tag_type && cJSON_IsString(tag_type)) {
const char* tag_name = cJSON_GetStringValue(tag_type);
if (tag_name && strcmp(tag_name, "nonce") == 0) {
int validation_result = nostr_validate_nonce_tag(tag);
if (validation_result != NOSTR_SUCCESS) {
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"Nonce tag failed strict format validation");
}
return validation_result;
}
break;
}
}
}
}
}
}
}
// Validate committed target difficulty if required
if (validation_flags & NOSTR_POW_VALIDATE_TARGET_COMMIT) {
if (nonce_extract_result == NOSTR_SUCCESS && committed_target == -1) {
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"Missing committed target difficulty in nonce tag");
}
return NOSTR_ERROR_NIP13_INVALID_NONCE_TAG;
}
// Check for target/difficulty mismatch if rejecting lower targets
if (validation_flags & NOSTR_POW_REJECT_LOWER_TARGET) {
// According to NIP-13: "if you require 40 bits to reply to your thread and see
// a committed target of 30, you can safely reject it even if the note has 40 bits difficulty"
// This means we reject if committed_target < min_difficulty, not actual_difficulty
if (committed_target != -1 && min_difficulty > 0 && committed_target < min_difficulty) {
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"Committed target (%d) is lower than required minimum (%d)",
committed_target, min_difficulty);
}
return NOSTR_ERROR_NIP13_TARGET_MISMATCH;
}
}
}
// All validations passed
if (result_info) {
snprintf(result_info->error_detail, sizeof(result_info->error_detail),
"PoW validation successful");
}
return NOSTR_SUCCESS;
}

32
nostr_core/nip013.h
View File

@@ -8,11 +8,41 @@
#include "nip001.h"
#include <stdint.h>
// PoW validation flags
#define NOSTR_POW_VALIDATE_NONCE_TAG 0x01 // Require and validate nonce tag format
#define NOSTR_POW_VALIDATE_TARGET_COMMIT 0x02 // Validate committed target difficulty
#define NOSTR_POW_REJECT_LOWER_TARGET 0x04 // Reject if committed target < actual difficulty
#define NOSTR_POW_STRICT_FORMAT 0x08 // Strict nonce tag format validation
// Convenience combinations
#define NOSTR_POW_VALIDATE_BASIC (NOSTR_POW_VALIDATE_NONCE_TAG)
#define NOSTR_POW_VALIDATE_FULL (NOSTR_POW_VALIDATE_NONCE_TAG | NOSTR_POW_VALIDATE_TARGET_COMMIT)
#define NOSTR_POW_VALIDATE_ANTI_SPAM (NOSTR_POW_VALIDATE_FULL | NOSTR_POW_REJECT_LOWER_TARGET)
// Result information structure (optional output)
typedef struct {
int actual_difficulty; // Calculated difficulty (leading zero bits)
int committed_target; // Target difficulty from nonce tag (-1 if none)
uint64_t nonce_value; // Nonce value from tag (0 if none)
int has_nonce_tag; // 1 if nonce tag present, 0 otherwise
char error_detail[256]; // Detailed error description
} nostr_pow_result_t;
// Function declarations
int nostr_add_proof_of_work(cJSON* event, const unsigned char* private_key,
int nostr_add_proof_of_work(cJSON* event, const unsigned char* private_key,
int target_difficulty, int max_attempts,
int progress_report_interval, int timestamp_update_interval,
void (*progress_callback)(int current_difficulty, uint64_t nonce, void* user_data),
void* user_data);
// PoW validation functions
int nostr_validate_pow(cJSON* event, int min_difficulty, int validation_flags,
nostr_pow_result_t* result_info);
int nostr_calculate_pow_difficulty(const char* event_id_hex);
int nostr_extract_nonce_info(cJSON* event, uint64_t* nonce_out, int* target_difficulty_out);
int nostr_validate_nonce_tag(cJSON* nonce_tag_array);
#endif // NIP013_H

407
nostr_core/nip017.c Normal file
View File

@@ -0,0 +1,407 @@
/*
* NIP-17: Private Direct Messages Implementation
* https://github.com/nostr-protocol/nips/blob/master/17.md
*/
#define _GNU_SOURCE
#include "nip017.h"
#include "nip059.h"
#include "nip001.h"
#include "utils.h"
#include "nostr_common.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
// Forward declarations for crypto functions
int nostr_ec_public_key_from_private_key(const unsigned char* private_key, unsigned char* public_key);
/**
* Create tags array for DM events
*/
static cJSON* create_dm_tags(const char** recipient_pubkeys,
int num_recipients,
const char* subject,
const char* reply_to_event_id,
const char* reply_relay_url) {
cJSON* tags = cJSON_CreateArray();
if (!tags) return NULL;
// Add "p" tags for each recipient
for (int i = 0; i < num_recipients; i++) {
cJSON* p_tag = cJSON_CreateArray();
if (!p_tag) {
cJSON_Delete(tags);
return NULL;
}
cJSON_AddItemToArray(p_tag, cJSON_CreateString("p"));
cJSON_AddItemToArray(p_tag, cJSON_CreateString(recipient_pubkeys[i]));
// Add relay URL if provided (recommended)
if (reply_relay_url) {
cJSON_AddItemToArray(p_tag, cJSON_CreateString(reply_relay_url));
}
cJSON_AddItemToArray(tags, p_tag);
}
// Add subject tag if provided
if (subject && strlen(subject) > 0) {
cJSON* subject_tag = cJSON_CreateArray();
if (!subject_tag) {
cJSON_Delete(tags);
return NULL;
}
cJSON_AddItemToArray(subject_tag, cJSON_CreateString("subject"));
cJSON_AddItemToArray(subject_tag, cJSON_CreateString(subject));
cJSON_AddItemToArray(tags, subject_tag);
}
// Add reply reference if provided
if (reply_to_event_id && strlen(reply_to_event_id) > 0) {
cJSON* e_tag = cJSON_CreateArray();
if (!e_tag) {
cJSON_Delete(tags);
return NULL;
}
cJSON_AddItemToArray(e_tag, cJSON_CreateString("e"));
cJSON_AddItemToArray(e_tag, cJSON_CreateString(reply_to_event_id));
if (reply_relay_url) {
cJSON_AddItemToArray(e_tag, cJSON_CreateString(reply_relay_url));
}
// For replies, add "reply" marker as per NIP-17
cJSON_AddItemToArray(e_tag, cJSON_CreateString("reply"));
cJSON_AddItemToArray(tags, e_tag);
}
return tags;
}
/**
* NIP-17: Create a chat message event (kind 14)
*/
cJSON* nostr_nip17_create_chat_event(const char* message,
const char** recipient_pubkeys,
int num_recipients,
const char* subject,
const char* reply_to_event_id,
const char* reply_relay_url,
const char* sender_pubkey_hex) {
if (!message || !recipient_pubkeys || num_recipients <= 0 || !sender_pubkey_hex) {
return NULL;
}
// Create tags
cJSON* tags = create_dm_tags(recipient_pubkeys, num_recipients, subject,
reply_to_event_id, reply_relay_url);
if (!tags) {
return NULL;
}
// Create the chat rumor (kind 14, unsigned)
cJSON* chat_event = nostr_nip59_create_rumor(14, message, tags, sender_pubkey_hex, 0);
cJSON_Delete(tags); // Tags are duplicated in create_rumor
return chat_event;
}
/**
* NIP-17: Create a file message event (kind 15)
*/
cJSON* nostr_nip17_create_file_event(const char* file_url,
const char* file_type,
const char* encryption_algorithm,
const char* decryption_key,
const char* decryption_nonce,
const char* file_hash,
const char* original_file_hash,
size_t file_size,
const char* dimensions,
const char* blurhash,
const char* thumbnail_url,
const char** recipient_pubkeys,
int num_recipients,
const char* subject,
const char* reply_to_event_id,
const char* reply_relay_url,
const char* sender_pubkey_hex) {
if (!file_url || !file_type || !encryption_algorithm || !decryption_key ||
!decryption_nonce || !file_hash || !recipient_pubkeys ||
num_recipients <= 0 || !sender_pubkey_hex) {
return NULL;
}
// Create base tags
cJSON* tags = create_dm_tags(recipient_pubkeys, num_recipients, subject,
reply_to_event_id, reply_relay_url);
if (!tags) {
return NULL;
}
// Add file-specific tags
cJSON* file_type_tag = cJSON_CreateArray();
cJSON_AddItemToArray(file_type_tag, cJSON_CreateString("file-type"));
cJSON_AddItemToArray(file_type_tag, cJSON_CreateString(file_type));
cJSON_AddItemToArray(tags, file_type_tag);
cJSON* encryption_tag = cJSON_CreateArray();
cJSON_AddItemToArray(encryption_tag, cJSON_CreateString("encryption-algorithm"));
cJSON_AddItemToArray(encryption_tag, cJSON_CreateString(encryption_algorithm));
cJSON_AddItemToArray(tags, encryption_tag);
cJSON* key_tag = cJSON_CreateArray();
cJSON_AddItemToArray(key_tag, cJSON_CreateString("decryption-key"));
cJSON_AddItemToArray(key_tag, cJSON_CreateString(decryption_key));
cJSON_AddItemToArray(tags, key_tag);
cJSON* nonce_tag = cJSON_CreateArray();
cJSON_AddItemToArray(nonce_tag, cJSON_CreateString("decryption-nonce"));
cJSON_AddItemToArray(nonce_tag, cJSON_CreateString(decryption_nonce));
cJSON_AddItemToArray(tags, nonce_tag);
cJSON* x_tag = cJSON_CreateArray();
cJSON_AddItemToArray(x_tag, cJSON_CreateString("x"));
cJSON_AddItemToArray(x_tag, cJSON_CreateString(file_hash));
cJSON_AddItemToArray(tags, x_tag);
// Optional tags
if (original_file_hash && strlen(original_file_hash) > 0) {
cJSON* ox_tag = cJSON_CreateArray();
cJSON_AddItemToArray(ox_tag, cJSON_CreateString("ox"));
cJSON_AddItemToArray(ox_tag, cJSON_CreateString(original_file_hash));
cJSON_AddItemToArray(tags, ox_tag);
}
if (file_size > 0) {
char size_str[32];
snprintf(size_str, sizeof(size_str), "%zu", file_size);
cJSON* size_tag = cJSON_CreateArray();
cJSON_AddItemToArray(size_tag, cJSON_CreateString("size"));
cJSON_AddItemToArray(size_tag, cJSON_CreateString(size_str));
cJSON_AddItemToArray(tags, size_tag);
}
if (dimensions && strlen(dimensions) > 0) {
cJSON* dim_tag = cJSON_CreateArray();
cJSON_AddItemToArray(dim_tag, cJSON_CreateString("dim"));
cJSON_AddItemToArray(dim_tag, cJSON_CreateString(dimensions));
cJSON_AddItemToArray(tags, dim_tag);
}
if (blurhash && strlen(blurhash) > 0) {
cJSON* blurhash_tag = cJSON_CreateArray();
cJSON_AddItemToArray(blurhash_tag, cJSON_CreateString("blurhash"));
cJSON_AddItemToArray(blurhash_tag, cJSON_CreateString(blurhash));
cJSON_AddItemToArray(tags, blurhash_tag);
}
if (thumbnail_url && strlen(thumbnail_url) > 0) {
cJSON* thumb_tag = cJSON_CreateArray();
cJSON_AddItemToArray(thumb_tag, cJSON_CreateString("thumb"));
cJSON_AddItemToArray(thumb_tag, cJSON_CreateString(thumbnail_url));
cJSON_AddItemToArray(tags, thumb_tag);
}
// Create the file rumor (kind 15, unsigned)
cJSON* file_event = nostr_nip59_create_rumor(15, file_url, tags, sender_pubkey_hex, 0);
cJSON_Delete(tags); // Tags are duplicated in create_rumor
return file_event;
}
/**
* NIP-17: Create a relay list event (kind 10050)
*/
cJSON* nostr_nip17_create_relay_list_event(const char** relay_urls,
int num_relays,
const unsigned char* private_key) {
if (!relay_urls || num_relays <= 0 || !private_key) {
return NULL;
}
// Get public key
unsigned char public_key[32];
if (nostr_ec_public_key_from_private_key(private_key, public_key) != 0) {
return NULL;
}
char pubkey_hex[65];
nostr_bytes_to_hex(public_key, 32, pubkey_hex);
// Create tags with relay URLs
cJSON* tags = cJSON_CreateArray();
if (!tags) {
return NULL;
}
for (int i = 0; i < num_relays; i++) {
cJSON* relay_tag = cJSON_CreateArray();
if (!relay_tag) {
cJSON_Delete(tags);
return NULL;
}
cJSON_AddItemToArray(relay_tag, cJSON_CreateString("relay"));
cJSON_AddItemToArray(relay_tag, cJSON_CreateString(relay_urls[i]));
cJSON_AddItemToArray(tags, relay_tag);
}
// Create and sign the event
cJSON* relay_event = nostr_create_and_sign_event(10050, "", tags, private_key, time(NULL));
cJSON_Delete(tags); // Tags are duplicated in create_and_sign_event
return relay_event;
}
/**
* NIP-17: Send a direct message to recipients
*/
int nostr_nip17_send_dm(cJSON* dm_event,
const char** recipient_pubkeys,
int num_recipients,
const unsigned char* sender_private_key,
cJSON** gift_wraps_out,
int max_gift_wraps,
long max_delay_sec) {
if (!dm_event || !recipient_pubkeys || num_recipients <= 0 ||
!sender_private_key || !gift_wraps_out || max_gift_wraps <= 0) {
return -1;
}
int created_wraps = 0;
for (int i = 0; i < num_recipients && created_wraps < max_gift_wraps; i++) {
// Convert recipient pubkey hex to bytes
unsigned char recipient_public_key[32];
if (nostr_hex_to_bytes(recipient_pubkeys[i], recipient_public_key, 32) != 0) {
continue; // Skip invalid pubkeys
}
// Create seal for this recipient
cJSON* seal = nostr_nip59_create_seal(dm_event, sender_private_key, recipient_public_key, max_delay_sec);
if (!seal) {
continue; // Skip if sealing fails
}
// Create gift wrap for this recipient
cJSON* gift_wrap = nostr_nip59_create_gift_wrap(seal, recipient_pubkeys[i], max_delay_sec);
cJSON_Delete(seal); // Seal is now wrapped
if (!gift_wrap) {
continue; // Skip if wrapping fails
}
gift_wraps_out[created_wraps++] = gift_wrap;
}
// Also create a gift wrap for the sender (so they can see their own messages)
if (created_wraps < max_gift_wraps) {
// Get sender's public key
unsigned char sender_public_key[32];
if (nostr_ec_public_key_from_private_key(sender_private_key, sender_public_key) == 0) {
char sender_pubkey_hex[65];
nostr_bytes_to_hex(sender_public_key, 32, sender_pubkey_hex);
// Create seal for sender
cJSON* sender_seal = nostr_nip59_create_seal(dm_event, sender_private_key, sender_public_key, max_delay_sec);
if (sender_seal) {
// Create gift wrap for sender
cJSON* sender_gift_wrap = nostr_nip59_create_gift_wrap(sender_seal, sender_pubkey_hex, max_delay_sec);
cJSON_Delete(sender_seal);
if (sender_gift_wrap) {
gift_wraps_out[created_wraps++] = sender_gift_wrap;
}
}
}
}
return created_wraps;
}
/**
* NIP-17: Receive and decrypt a direct message
*/
cJSON* nostr_nip17_receive_dm(cJSON* gift_wrap,
const unsigned char* recipient_private_key) {
if (!gift_wrap || !recipient_private_key) {
return NULL;
}
// Unwrap the gift wrap to get the seal
cJSON* seal = nostr_nip59_unwrap_gift(gift_wrap, recipient_private_key);
if (!seal) {
return NULL;
}
// Get sender's public key from the seal
cJSON* seal_pubkey_item = cJSON_GetObjectItem(seal, "pubkey");
if (!seal_pubkey_item || !cJSON_IsString(seal_pubkey_item)) {
cJSON_Delete(seal);
return NULL;
}
const char* sender_pubkey_hex = cJSON_GetStringValue(seal_pubkey_item);
// Convert sender pubkey hex to bytes
unsigned char sender_public_key[32];
if (nostr_hex_to_bytes(sender_pubkey_hex, sender_public_key, 32) != 0) {
cJSON_Delete(seal);
return NULL;
}
// Unseal the rumor
cJSON* rumor = nostr_nip59_unseal_rumor(seal, sender_public_key, recipient_private_key);
cJSON_Delete(seal); // Seal is no longer needed
return rumor;
}
/**
* NIP-17: Extract DM relay URLs from a user's kind 10050 event
*/
int nostr_nip17_extract_dm_relays(cJSON* relay_list_event,
char** relay_urls_out,
int max_relays) {
if (!relay_list_event || !relay_urls_out || max_relays <= 0) {
return -1;
}
// Check if this is a kind 10050 event
cJSON* kind_item = cJSON_GetObjectItem(relay_list_event, "kind");
if (!kind_item || !cJSON_IsNumber(kind_item) || cJSON_GetNumberValue(kind_item) != 10050) {
return -1;
}
// Get tags array
cJSON* tags_item = cJSON_GetObjectItem(relay_list_event, "tags");
if (!tags_item || !cJSON_IsArray(tags_item)) {
return -1;
}
int extracted = 0;
cJSON* tag_item;
cJSON_ArrayForEach(tag_item, tags_item) {
if (!cJSON_IsArray(tag_item) || cJSON_GetArraySize(tag_item) < 2) {
continue;
}
// Check if this is a "relay" tag
cJSON* tag_name = cJSON_GetArrayItem(tag_item, 0);
cJSON* relay_url = cJSON_GetArrayItem(tag_item, 1);
if (cJSON_IsString(tag_name) && cJSON_IsString(relay_url) &&
strcmp(cJSON_GetStringValue(tag_name), "relay") == 0) {
if (extracted < max_relays) {
relay_urls_out[extracted] = strdup(cJSON_GetStringValue(relay_url));
if (relay_urls_out[extracted]) {
extracted++;
}
}
}
}
return extracted;
}

139
nostr_core/nip017.h Normal file
View File

@@ -0,0 +1,139 @@
/*
* NIP-17: Private Direct Messages
* https://github.com/nostr-protocol/nips/blob/master/17.md
*/
#ifndef NOSTR_NIP017_H
#define NOSTR_NIP017_H
#include <stddef.h>
#include "../cjson/cJSON.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* NIP-17: Create a chat message event (kind 14)
*
* @param message Plain text message content
* @param recipient_pubkeys Array of recipient public keys (hex strings)
* @param num_recipients Number of recipients
* @param subject Optional conversation subject/title (can be NULL)
* @param reply_to_event_id Optional event ID this message replies to (can be NULL)
* @param reply_relay_url Optional relay URL for reply reference (can be NULL)
* @param sender_pubkey_hex Sender's public key in hex format
* @return cJSON object representing the unsigned chat event, or NULL on error
*/
cJSON* nostr_nip17_create_chat_event(const char* message,
const char** recipient_pubkeys,
int num_recipients,
const char* subject,
const char* reply_to_event_id,
const char* reply_relay_url,
const char* sender_pubkey_hex);
/**
* NIP-17: Create a file message event (kind 15)
*
* @param file_url URL of the encrypted file
* @param file_type MIME type of the original file (e.g., "image/jpeg")
* @param encryption_algorithm Encryption algorithm used ("aes-gcm")
* @param decryption_key Base64-encoded decryption key
* @param decryption_nonce Base64-encoded decryption nonce
* @param file_hash SHA-256 hash of the encrypted file (hex)
* @param original_file_hash SHA-256 hash of the original file before encryption (hex, optional)
* @param file_size Size of encrypted file in bytes (optional, 0 to skip)
* @param dimensions Image dimensions in "WxH" format (optional, NULL to skip)
* @param blurhash Blurhash for preview (optional, NULL to skip)
* @param thumbnail_url URL of encrypted thumbnail (optional, NULL to skip)
* @param recipient_pubkeys Array of recipient public keys (hex strings)
* @param num_recipients Number of recipients
* @param subject Optional conversation subject/title (can be NULL)
* @param reply_to_event_id Optional event ID this message replies to (can be NULL)
* @param reply_relay_url Optional relay URL for reply reference (can be NULL)
* @param sender_pubkey_hex Sender's public key in hex format
* @return cJSON object representing the unsigned file event, or NULL on error
*/
cJSON* nostr_nip17_create_file_event(const char* file_url,
const char* file_type,
const char* encryption_algorithm,
const char* decryption_key,
const char* decryption_nonce,
const char* file_hash,
const char* original_file_hash,
size_t file_size,
const char* dimensions,
const char* blurhash,
const char* thumbnail_url,
const char** recipient_pubkeys,
int num_recipients,
const char* subject,
const char* reply_to_event_id,
const char* reply_relay_url,
const char* sender_pubkey_hex);
/**
* NIP-17: Create a relay list event (kind 10050)
*
* @param relay_urls Array of relay URLs for DM delivery
* @param num_relays Number of relay URLs
* @param private_key Sender's private key for signing
* @return cJSON object representing the signed relay list event, or NULL on error
*/
cJSON* nostr_nip17_create_relay_list_event(const char** relay_urls,
int num_relays,
const unsigned char* private_key);
/**
* NIP-17: Send a direct message to recipients
*
* This function creates the appropriate rumor, seals it, gift wraps it,
* and returns the final gift wrap events ready for publishing.
*
* @param dm_event The unsigned DM event (kind 14 or 15)
* @param recipient_pubkeys Array of recipient public keys (hex strings)
* @param num_recipients Number of recipients
* @param sender_private_key 32-byte sender private key
* @param gift_wraps_out Array to store resulting gift wrap events (caller must free)
* @param max_gift_wraps Maximum number of gift wraps to create
* @param max_delay_sec Maximum random timestamp delay in seconds (0 = no randomization)
* @return Number of gift wrap events created, or -1 on error
*/
int nostr_nip17_send_dm(cJSON* dm_event,
const char** recipient_pubkeys,
int num_recipients,
const unsigned char* sender_private_key,
cJSON** gift_wraps_out,
int max_gift_wraps,
long max_delay_sec);
/**
* NIP-17: Receive and decrypt a direct message
*
* This function unwraps a gift wrap, unseals the rumor, and returns the original DM event.
*
* @param gift_wrap The received gift wrap event (kind 1059)
* @param recipient_private_key 32-byte recipient private key
* @return cJSON object representing the decrypted DM event, or NULL on error
*/
cJSON* nostr_nip17_receive_dm(cJSON* gift_wrap,
const unsigned char* recipient_private_key);
/**
* NIP-17: Extract DM relay URLs from a user's kind 10050 event
*
* @param relay_list_event The kind 10050 event
* @param relay_urls_out Array to store extracted relay URLs (caller must free)
* @param max_relays Maximum number of relays to extract
* @return Number of relay URLs extracted, or -1 on error
*/
int nostr_nip17_extract_dm_relays(cJSON* relay_list_event,
char** relay_urls_out,
int max_relays);
#ifdef __cplusplus
}
#endif
#endif // NOSTR_NIP017_H

855
nostr_core/nip021.c Normal file
View File

@@ -0,0 +1,855 @@
/*
* NOSTR Core Library - NIP-021: nostr: URI scheme
*/
#include "nip021.h"
#include "nip019.h" // For existing bech32 functions
#include "utils.h"
#include "nostr_common.h" // For error codes
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "../cjson/cJSON.h"
// Forward declarations for internal parsing functions
static int parse_nprofile_data(const uint8_t* data, size_t data_len, nostr_nprofile_t* nprofile);
static int parse_nevent_data(const uint8_t* data, size_t data_len, nostr_nevent_t* nevent);
static int parse_naddr_data(const uint8_t* data, size_t data_len, nostr_naddr_t* naddr);
// Bech32 constants and functions (copied from nip019.c for internal use)
static const char bech32_charset[] = "qpzry9x8gf2tvdw0s3jn54khce6mua7l";
static const int8_t bech32_charset_rev[128] = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
15, -1, 10, 17, 21, 20, 26, 30, 7, 5, -1, -1, -1, -1, -1, -1,
-1, 29, -1, 24, 13, 25, 9, 8, 23, -1, 18, 22, 31, 27, 19, -1,
1, 0, 3, 16, 11, 28, 12, 14, 6, 4, 2, -1, -1, -1, -1, -1,
-1, 29, -1, 24, 13, 25, 9, 8, 23, -1, 18, 22, 31, 27, 19, -1,
1, 0, 3, 16, 11, 28, 12, 14, 6, 4, 2, -1, -1, -1, -1, -1
};
static uint32_t bech32_polymod_step(uint32_t pre) {
uint8_t b = pre >> 25;
return ((pre & 0x1FFFFFF) << 5) ^
(-((b >> 0) & 1) & 0x3b6a57b2UL) ^
(-((b >> 1) & 1) & 0x26508e6dUL) ^
(-((b >> 2) & 1) & 0x1ea119faUL) ^
(-((b >> 3) & 1) & 0x3d4233ddUL) ^
(-((b >> 4) & 1) & 0x2a1462b3UL);
}
static int convert_bits(uint8_t *out, size_t *outlen, int outbits, const uint8_t *in, size_t inlen, int inbits, int pad) {
uint32_t val = 0;
int bits = 0;
uint32_t maxv = (((uint32_t)1) << outbits) - 1;
*outlen = 0;
while (inlen--) {
val = (val << inbits) | *(in++);
bits += inbits;
while (bits >= outbits) {
bits -= outbits;
out[(*outlen)++] = (val >> bits) & maxv;
}
}
if (pad) {
if (bits) {
out[(*outlen)++] = (val << (outbits - bits)) & maxv;
}
} else if (((val << (outbits - bits)) & maxv) || bits >= inbits) {
return 0;
}
return 1;
}
static int bech32_encode(char *output, const char *hrp, const uint8_t *data, size_t data_len) {
uint32_t chk = 1;
size_t i, hrp_len = strlen(hrp);
for (i = 0; i < hrp_len; ++i) {
int ch = hrp[i];
if (ch < 33 || ch > 126) return 0;
if (ch >= 'A' && ch <= 'Z') return 0;
chk = bech32_polymod_step(chk) ^ (ch >> 5);
}
chk = bech32_polymod_step(chk);
for (i = 0; i < hrp_len; ++i) {
chk = bech32_polymod_step(chk) ^ (hrp[i] & 0x1f);
*(output++) = hrp[i];
}
*(output++) = '1';
for (i = 0; i < data_len; ++i) {
if (*data >> 5) return 0;
chk = bech32_polymod_step(chk) ^ (*data);
*(output++) = bech32_charset[*(data++)];
}
for (i = 0; i < 6; ++i) {
chk = bech32_polymod_step(chk);
}
chk ^= 1;
for (i = 0; i < 6; ++i) {
*(output++) = bech32_charset[(chk >> ((5 - i) * 5)) & 0x1f];
}
*output = 0;
return 1;
}
static int bech32_decode(const char* input, const char* hrp, unsigned char* data, size_t* data_len) {
if (!input || !hrp || !data || !data_len) {
return 0;
}
size_t input_len = strlen(input);
size_t hrp_len = strlen(hrp);
if (input_len < hrp_len + 7) return 0;
if (strncmp(input, hrp, hrp_len) != 0) return 0;
if (input[hrp_len] != '1') return 0;
const char* data_part = input + hrp_len + 1;
size_t data_part_len = input_len - hrp_len - 1;
uint8_t values[256];
for (size_t i = 0; i < data_part_len; i++) {
unsigned char c = (unsigned char)data_part[i];
if (c >= 128) return 0;
int8_t val = bech32_charset_rev[c];
if (val == -1) return 0;
values[i] = (uint8_t)val;
}
if (data_part_len < 6) return 0;
uint32_t chk = 1;
for (size_t i = 0; i < hrp_len; i++) {
chk = bech32_polymod_step(chk) ^ (hrp[i] >> 5);
}
chk = bech32_polymod_step(chk);
for (size_t i = 0; i < hrp_len; i++) {
chk = bech32_polymod_step(chk) ^ (hrp[i] & 0x1f);
}
for (size_t i = 0; i < data_part_len; i++) {
chk = bech32_polymod_step(chk) ^ values[i];
}
if (chk != 1) return 0;
size_t payload_len = data_part_len - 6;
size_t decoded_len;
if (!convert_bits(data, &decoded_len, 8, values, payload_len, 5, 0)) {
return 0;
}
*data_len = decoded_len;
return 1;
}
// TLV (Type-Length-Value) constants for structured data
#define TLV_SPECIAL 0
#define TLV_RELAY 1
#define TLV_AUTHOR 2
#define TLV_KIND 3
#define TLV_CREATED_AT 4
#define TLV_IDENTIFIER 5
// Forward declarations for internal functions
static int tlv_encode(const uint8_t* data, size_t data_len, uint8_t type, uint8_t** output, size_t* output_len);
static int encode_structured_bech32(const char* hrp, const uint8_t* data, size_t data_len, char* output, size_t output_size);
static int decode_structured_bech32(const char* input, const char* expected_hrp, uint8_t** data, size_t* data_len);
// Utility function to duplicate string array (removed - not used)
// Free string array
static void free_string_array(char** array, int count) {
if (!array) return;
for (int i = 0; i < count; i++) {
free(array[i]);
}
free(array);
}
// TLV encoding: Type (1 byte) + Length (1 byte) + Value
static int tlv_encode(const uint8_t* data, size_t data_len, uint8_t type, uint8_t** output, size_t* output_len) {
if (data_len > 255) return 0; // Length must fit in 1 byte
*output_len = 2 + data_len;
*output = malloc(*output_len);
if (!*output) return 0;
(*output)[0] = type;
(*output)[1] = (uint8_t)data_len;
memcpy(*output + 2, data, data_len);
return 1;
}
// TLV decoding (removed - not used)
// Encode structured data to bech32
static int encode_structured_bech32(const char* hrp, const uint8_t* data, size_t data_len, char* output, size_t output_size) {
// For simple cases like note (32 bytes), use the existing key encoding
if (strcmp(hrp, "note") == 0 && data_len == 32) {
return nostr_key_to_bech32(data, "note", output);
}
uint8_t conv[256];
size_t conv_len;
if (!convert_bits(conv, &conv_len, 5, data, data_len, 8, 1)) {
return NOSTR_ERROR_INVALID_INPUT;
}
if (!bech32_encode(output, hrp, conv, conv_len)) {
return NOSTR_ERROR_INVALID_INPUT;
}
if (strlen(output) >= output_size) {
return NOSTR_ERROR_INVALID_INPUT;
}
return NOSTR_SUCCESS;
}
// Decode structured bech32 data
static int decode_structured_bech32(const char* input, const char* expected_hrp, uint8_t** data, size_t* data_len) {
// bech32_decode already converts from 5-bit to 8-bit internally
*data = malloc(256); // Max size
if (!*data) return NOSTR_ERROR_MEMORY_FAILED;
if (!bech32_decode(input, expected_hrp, *data, data_len)) {
free(*data);
return NOSTR_ERROR_INVALID_INPUT;
}
return NOSTR_SUCCESS;
}
// Detect URI type from string
nostr_uri_type_t nostr_detect_uri_type(const char* uri) {
if (!uri) return NOSTR_URI_INVALID;
// Check for nostr: prefix
if (strncmp(uri, "nostr:", 6) != 0) {
return NOSTR_URI_INVALID;
}
const char* bech32_part = uri + 6;
// Check prefixes
if (strncmp(bech32_part, "npub1", 5) == 0) return NOSTR_URI_NPUB;
if (strncmp(bech32_part, "nsec1", 5) == 0) return NOSTR_URI_NSEC;
if (strncmp(bech32_part, "note1", 5) == 0) return NOSTR_URI_NOTE;
if (strncmp(bech32_part, "nprofile1", 9) == 0) return NOSTR_URI_NPROFILE;
if (strncmp(bech32_part, "nevent1", 7) == 0) return NOSTR_URI_NEVENT;
if (strncmp(bech32_part, "naddr1", 6) == 0) return NOSTR_URI_NADDR;
return NOSTR_URI_INVALID;
}
// Free URI result resources
void nostr_uri_result_free(nostr_uri_result_t* result) {
if (!result) return;
switch (result->type) {
case NOSTR_URI_NPROFILE:
free_string_array(result->data.nprofile.relays, result->data.nprofile.relay_count);
break;
case NOSTR_URI_NEVENT:
free_string_array(result->data.nevent.relays, result->data.nevent.relay_count);
free(result->data.nevent.author);
free(result->data.nevent.kind);
free(result->data.nevent.created_at);
break;
case NOSTR_URI_NADDR:
free(result->data.naddr.identifier);
free_string_array(result->data.naddr.relays, result->data.naddr.relay_count);
break;
default:
break;
}
}
// Main URI parsing function
int nostr_parse_uri(const char* uri, nostr_uri_result_t* result) {
if (!uri || !result) {
return NOSTR_ERROR_INVALID_INPUT;
}
memset(result, 0, sizeof(nostr_uri_result_t));
nostr_uri_type_t type = nostr_detect_uri_type(uri);
if (type == NOSTR_URI_INVALID) {
return NOSTR_ERROR_INVALID_INPUT;
}
const char* bech32_part = uri + 6; // Skip "nostr:"
result->type = type;
int ret;
switch (type) {
case NOSTR_URI_NPUB: {
ret = nostr_decode_npub(bech32_part, result->data.pubkey);
break;
}
case NOSTR_URI_NSEC: {
ret = nostr_decode_nsec(bech32_part, result->data.privkey);
break;
}
case NOSTR_URI_NOTE: {
// Note is similar to npub but with "note" prefix
uint8_t* decoded;
size_t decoded_len;
ret = decode_structured_bech32(bech32_part, "note", &decoded, &decoded_len);
if (ret == NOSTR_SUCCESS) {
if (decoded_len == 32) {
memcpy(result->data.event_id, decoded, 32);
} else {
ret = NOSTR_ERROR_INVALID_INPUT;
}
free(decoded);
}
break;
}
case NOSTR_URI_NPROFILE: {
uint8_t* decoded;
size_t decoded_len;
ret = decode_structured_bech32(bech32_part, "nprofile", &decoded, &decoded_len);
if (ret == NOSTR_SUCCESS) {
ret = parse_nprofile_data(decoded, decoded_len, &result->data.nprofile);
free(decoded);
}
break;
}
case NOSTR_URI_NEVENT: {
uint8_t* decoded;
size_t decoded_len;
ret = decode_structured_bech32(bech32_part, "nevent", &decoded, &decoded_len);
if (ret == NOSTR_SUCCESS) {
ret = parse_nevent_data(decoded, decoded_len, &result->data.nevent);
free(decoded);
}
break;
}
case NOSTR_URI_NADDR: {
uint8_t* decoded;
size_t decoded_len;
ret = decode_structured_bech32(bech32_part, "naddr", &decoded, &decoded_len);
if (ret == NOSTR_SUCCESS) {
ret = parse_naddr_data(decoded, decoded_len, &result->data.naddr);
free(decoded);
}
break;
}
default:
ret = NOSTR_ERROR_INVALID_INPUT;
break;
}
if (ret != NOSTR_SUCCESS) {
nostr_uri_result_free(result);
memset(result, 0, sizeof(nostr_uri_result_t));
}
return ret;
}
// Parse nprofile structured data
static int parse_nprofile_data(const uint8_t* data, size_t data_len, nostr_nprofile_t* nprofile) {
size_t offset = 0;
while (offset < data_len) {
if (offset + 2 > data_len) return NOSTR_ERROR_INVALID_INPUT;
uint8_t type = data[offset];
uint8_t length = data[offset + 1];
offset += 2;
if (offset + length > data_len) return NOSTR_ERROR_INVALID_INPUT;
switch (type) {
case TLV_SPECIAL: // pubkey
if (length != 32) return NOSTR_ERROR_INVALID_INPUT;
memcpy(nprofile->pubkey, data + offset, 32);
break;
case TLV_RELAY: // relay URL
{
char* relay = malloc(length + 1);
if (!relay) return NOSTR_ERROR_MEMORY_FAILED;
memcpy(relay, data + offset, length);
relay[length] = '\0';
char** new_relays = realloc(nprofile->relays, (nprofile->relay_count + 1) * sizeof(char*));
if (!new_relays) {
free(relay);
return NOSTR_ERROR_MEMORY_FAILED;
}
nprofile->relays = new_relays;
nprofile->relays[nprofile->relay_count++] = relay;
}
break;
default:
// Ignore unknown types
break;
}
offset += length;
}
return NOSTR_SUCCESS;
}
// Parse nevent structured data
static int parse_nevent_data(const uint8_t* data, size_t data_len, nostr_nevent_t* nevent) {
size_t offset = 0;
while (offset < data_len) {
if (offset + 2 > data_len) return NOSTR_ERROR_INVALID_INPUT;
uint8_t type = data[offset];
uint8_t length = data[offset + 1];
offset += 2;
if (offset + length > data_len) return NOSTR_ERROR_INVALID_INPUT;
switch (type) {
case TLV_SPECIAL: // event ID
if (length != 32) return NOSTR_ERROR_INVALID_INPUT;
memcpy(nevent->event_id, data + offset, 32);
break;
case TLV_RELAY: // relay URL
{
char* relay = malloc(length + 1);
if (!relay) return NOSTR_ERROR_MEMORY_FAILED;
memcpy(relay, data + offset, length);
relay[length] = '\0';
char** new_relays = realloc(nevent->relays, (nevent->relay_count + 1) * sizeof(char*));
if (!new_relays) {
free(relay);
return NOSTR_ERROR_MEMORY_FAILED;
}
nevent->relays = new_relays;
nevent->relays[nevent->relay_count++] = relay;
}
break;
case TLV_AUTHOR: // author pubkey
if (length != 32) return NOSTR_ERROR_INVALID_INPUT;
nevent->author = malloc(32);
if (!nevent->author) return NOSTR_ERROR_MEMORY_FAILED;
memcpy(nevent->author, data + offset, 32);
break;
case TLV_KIND: // kind
if (length != 4) return NOSTR_ERROR_INVALID_INPUT;
nevent->kind = malloc(sizeof(int));
if (!nevent->kind) return NOSTR_ERROR_MEMORY_FAILED;
*nevent->kind = (data[offset] << 24) | (data[offset+1] << 16) | (data[offset+2] << 8) | data[offset+3];
break;
case TLV_CREATED_AT: // created_at
if (length != 8) return NOSTR_ERROR_INVALID_INPUT;
nevent->created_at = malloc(sizeof(time_t));
if (!nevent->created_at) return NOSTR_ERROR_MEMORY_FAILED;
*nevent->created_at = ((time_t)data[offset] << 56) | ((time_t)data[offset+1] << 48) |
((time_t)data[offset+2] << 40) | ((time_t)data[offset+3] << 32) |
((time_t)data[offset+4] << 24) | ((time_t)data[offset+5] << 16) |
((time_t)data[offset+6] << 8) | (time_t)data[offset+7];
break;
default:
// Ignore unknown types
break;
}
offset += length;
}
return NOSTR_SUCCESS;
}
// Parse naddr structured data
static int parse_naddr_data(const uint8_t* data, size_t data_len, nostr_naddr_t* naddr) {
size_t offset = 0;
while (offset < data_len) {
if (offset + 2 > data_len) return NOSTR_ERROR_INVALID_INPUT;
uint8_t type = data[offset];
uint8_t length = data[offset + 1];
offset += 2;
if (offset + length > data_len) return NOSTR_ERROR_INVALID_INPUT;
switch (type) {
case TLV_IDENTIFIER: // identifier
naddr->identifier = malloc(length + 1);
if (!naddr->identifier) return NOSTR_ERROR_MEMORY_FAILED;
memcpy(naddr->identifier, data + offset, length);
naddr->identifier[length] = '\0';
break;
case TLV_SPECIAL: // pubkey
if (length != 32) return NOSTR_ERROR_INVALID_INPUT;
memcpy(naddr->pubkey, data + offset, 32);
break;
case TLV_KIND: // kind
if (length != 4) return NOSTR_ERROR_INVALID_INPUT;
naddr->kind = (data[offset] << 24) | (data[offset+1] << 16) | (data[offset+2] << 8) | data[offset+3];
break;
case TLV_RELAY: // relay URL
{
char* relay = malloc(length + 1);
if (!relay) return NOSTR_ERROR_MEMORY_FAILED;
memcpy(relay, data + offset, length);
relay[length] = '\0';
char** new_relays = realloc(naddr->relays, (naddr->relay_count + 1) * sizeof(char*));
if (!new_relays) {
free(relay);
return NOSTR_ERROR_MEMORY_FAILED;
}
naddr->relays = new_relays;
naddr->relays[naddr->relay_count++] = relay;
}
break;
default:
// Ignore unknown types
break;
}
offset += length;
}
return NOSTR_SUCCESS;
}
// URI construction functions
int nostr_build_uri_npub(const unsigned char* pubkey, char* output, size_t output_size) {
if (!pubkey || !output || output_size < 70) {
return NOSTR_ERROR_INVALID_INPUT;
}
char bech32[100];
int ret = nostr_key_to_bech32(pubkey, "npub", bech32);
if (ret != NOSTR_SUCCESS) return ret;
size_t len = strlen(bech32);
if (len + 7 >= output_size) return NOSTR_ERROR_INVALID_INPUT;
strcpy(output, "nostr:");
strcpy(output + 6, bech32);
return NOSTR_SUCCESS;
}
int nostr_build_uri_nsec(const unsigned char* privkey, char* output, size_t output_size) {
if (!privkey || !output || output_size < 70) {
return NOSTR_ERROR_INVALID_INPUT;
}
char bech32[100];
int ret = nostr_key_to_bech32(privkey, "nsec", bech32);
if (ret != NOSTR_SUCCESS) return ret;
size_t len = strlen(bech32);
if (len + 7 >= output_size) return NOSTR_ERROR_INVALID_INPUT;
strcpy(output, "nostr:");
strcpy(output + 6, bech32);
return NOSTR_SUCCESS;
}
// Helper to build URI with prefix
static int build_uri_with_prefix(const char* bech32, char* output, size_t output_size) {
size_t len = strlen(bech32);
if (len + 7 >= output_size) return NOSTR_ERROR_INVALID_INPUT;
strcpy(output, "nostr:");
strcpy(output + 6, bech32);
return NOSTR_SUCCESS;
}
int nostr_build_uri_note(const unsigned char* event_id, char* output, size_t output_size) {
if (!event_id || !output || output_size < 70) {
return NOSTR_ERROR_INVALID_INPUT;
}
char bech32[100];
int ret = encode_structured_bech32("note", event_id, 32, bech32, sizeof(bech32));
if (ret != NOSTR_SUCCESS) return ret;
return build_uri_with_prefix(bech32, output, output_size);
}
int nostr_build_uri_nprofile(const unsigned char* pubkey, const char** relays, int relay_count,
char* output, size_t output_size) {
if (!pubkey || !output) return NOSTR_ERROR_INVALID_INPUT;
// Build TLV data
uint8_t* data = NULL;
size_t data_len = 0;
// Add pubkey (special)
uint8_t* pubkey_tlv;
size_t pubkey_tlv_len;
if (!tlv_encode(pubkey, 32, TLV_SPECIAL, &pubkey_tlv, &pubkey_tlv_len)) {
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + pubkey_tlv_len);
if (!data) {
free(pubkey_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, pubkey_tlv, pubkey_tlv_len);
data_len += pubkey_tlv_len;
free(pubkey_tlv);
// Add relays
for (int i = 0; i < relay_count; i++) {
size_t relay_len = strlen(relays[i]);
uint8_t* relay_tlv;
size_t relay_tlv_len;
if (!tlv_encode((uint8_t*)relays[i], relay_len, TLV_RELAY, &relay_tlv, &relay_tlv_len)) {
free(data);
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + relay_tlv_len);
if (!data) {
free(relay_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, relay_tlv, relay_tlv_len);
data_len += relay_tlv_len;
free(relay_tlv);
}
// Encode to bech32
char bech32[500];
int ret = encode_structured_bech32("nprofile", data, data_len, bech32, sizeof(bech32));
free(data);
if (ret != NOSTR_SUCCESS) return ret;
return build_uri_with_prefix(bech32, output, output_size);
}
int nostr_build_uri_nevent(const unsigned char* event_id, const char** relays, int relay_count,
const unsigned char* author, int kind, time_t created_at,
char* output, size_t output_size) {
if (!event_id || !output) return NOSTR_ERROR_INVALID_INPUT;
// Build TLV data
uint8_t* data = NULL;
size_t data_len = 0;
// Add event_id (special)
uint8_t* event_tlv;
size_t event_tlv_len;
if (!tlv_encode(event_id, 32, TLV_SPECIAL, &event_tlv, &event_tlv_len)) {
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + event_tlv_len);
if (!data) {
free(event_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, event_tlv, event_tlv_len);
data_len += event_tlv_len;
free(event_tlv);
// Add relays
for (int i = 0; i < relay_count; i++) {
size_t relay_len = strlen(relays[i]);
uint8_t* relay_tlv;
size_t relay_tlv_len;
if (!tlv_encode((uint8_t*)relays[i], relay_len, TLV_RELAY, &relay_tlv, &relay_tlv_len)) {
free(data);
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + relay_tlv_len);
if (!data) {
free(relay_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, relay_tlv, relay_tlv_len);
data_len += relay_tlv_len;
free(relay_tlv);
}
// Add author if provided
if (author) {
uint8_t* author_tlv;
size_t author_tlv_len;
if (!tlv_encode(author, 32, TLV_AUTHOR, &author_tlv, &author_tlv_len)) {
free(data);
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + author_tlv_len);
if (!data) {
free(author_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, author_tlv, author_tlv_len);
data_len += author_tlv_len;
free(author_tlv);
}
// Add kind if provided
if (kind >= 0) {
uint8_t kind_bytes[4];
kind_bytes[0] = (kind >> 24) & 0xFF;
kind_bytes[1] = (kind >> 16) & 0xFF;
kind_bytes[2] = (kind >> 8) & 0xFF;
kind_bytes[3] = kind & 0xFF;
uint8_t* kind_tlv;
size_t kind_tlv_len;
if (!tlv_encode(kind_bytes, 4, TLV_KIND, &kind_tlv, &kind_tlv_len)) {
free(data);
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + kind_tlv_len);
if (!data) {
free(kind_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, kind_tlv, kind_tlv_len);
data_len += kind_tlv_len;
free(kind_tlv);
}
// Add created_at if provided
if (created_at > 0) {
uint8_t time_bytes[8];
time_bytes[0] = (created_at >> 56) & 0xFF;
time_bytes[1] = (created_at >> 48) & 0xFF;
time_bytes[2] = (created_at >> 40) & 0xFF;
time_bytes[3] = (created_at >> 32) & 0xFF;
time_bytes[4] = (created_at >> 24) & 0xFF;
time_bytes[5] = (created_at >> 16) & 0xFF;
time_bytes[6] = (created_at >> 8) & 0xFF;
time_bytes[7] = created_at & 0xFF;
uint8_t* time_tlv;
size_t time_tlv_len;
if (!tlv_encode(time_bytes, 8, TLV_CREATED_AT, &time_tlv, &time_tlv_len)) {
free(data);
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + time_tlv_len);
if (!data) {
free(time_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, time_tlv, time_tlv_len);
data_len += time_tlv_len;
free(time_tlv);
}
// Encode to bech32
char bech32[1000];
int ret = encode_structured_bech32("nevent", data, data_len, bech32, sizeof(bech32));
free(data);
if (ret != NOSTR_SUCCESS) return ret;
return build_uri_with_prefix(bech32, output, output_size);
}
int nostr_build_uri_naddr(const char* identifier, const unsigned char* pubkey, int kind,
const char** relays, int relay_count, char* output, size_t output_size) {
if (!identifier || !pubkey || !output) return NOSTR_ERROR_INVALID_INPUT;
// Build TLV data
uint8_t* data = NULL;
size_t data_len = 0;
// Add identifier
size_t id_len = strlen(identifier);
uint8_t* id_tlv;
size_t id_tlv_len;
if (!tlv_encode((uint8_t*)identifier, id_len, TLV_IDENTIFIER, &id_tlv, &id_tlv_len)) {
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + id_tlv_len);
if (!data) {
free(id_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, id_tlv, id_tlv_len);
data_len += id_tlv_len;
free(id_tlv);
// Add pubkey (special)
uint8_t* pubkey_tlv;
size_t pubkey_tlv_len;
if (!tlv_encode(pubkey, 32, TLV_SPECIAL, &pubkey_tlv, &pubkey_tlv_len)) {
free(data);
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + pubkey_tlv_len);
if (!data) {
free(pubkey_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, pubkey_tlv, pubkey_tlv_len);
data_len += pubkey_tlv_len;
free(pubkey_tlv);
// Add kind
uint8_t kind_bytes[4];
kind_bytes[0] = (kind >> 24) & 0xFF;
kind_bytes[1] = (kind >> 16) & 0xFF;
kind_bytes[2] = (kind >> 8) & 0xFF;
kind_bytes[3] = kind & 0xFF;
uint8_t* kind_tlv;
size_t kind_tlv_len;
if (!tlv_encode(kind_bytes, 4, TLV_KIND, &kind_tlv, &kind_tlv_len)) {
free(data);
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + kind_tlv_len);
if (!data) {
free(kind_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, kind_tlv, kind_tlv_len);
data_len += kind_tlv_len;
free(kind_tlv);
// Add relays
for (int i = 0; i < relay_count; i++) {
size_t relay_len = strlen(relays[i]);
uint8_t* relay_tlv;
size_t relay_tlv_len;
if (!tlv_encode((uint8_t*)relays[i], relay_len, TLV_RELAY, &relay_tlv, &relay_tlv_len)) {
free(data);
return NOSTR_ERROR_INVALID_INPUT;
}
data = realloc(data, data_len + relay_tlv_len);
if (!data) {
free(relay_tlv);
return NOSTR_ERROR_MEMORY_FAILED;
}
memcpy(data + data_len, relay_tlv, relay_tlv_len);
data_len += relay_tlv_len;
free(relay_tlv);
}
// Encode to bech32
char bech32[1000];
int ret = encode_structured_bech32("naddr", data, data_len, bech32, sizeof(bech32));
free(data);
if (ret != NOSTR_SUCCESS) return ret;
return build_uri_with_prefix(bech32, output, output_size);
}

81
nostr_core/nip021.h Normal file
View File

@@ -0,0 +1,81 @@
/*
* NOSTR Core Library - NIP-021: nostr: URI scheme
*/
#ifndef NIP021_H
#define NIP021_H
#include <stdint.h>
#include <time.h>
#include "nip001.h"
// URI type enumeration
typedef enum {
NOSTR_URI_NPUB, // Simple 32-byte pubkey
NOSTR_URI_NSEC, // Simple 32-byte privkey
NOSTR_URI_NOTE, // Simple 32-byte event ID
NOSTR_URI_NPROFILE, // Structured: pubkey + relays
NOSTR_URI_NEVENT, // Structured: event ID + relays + metadata
NOSTR_URI_NADDR, // Structured: address + relays + metadata
NOSTR_URI_INVALID
} nostr_uri_type_t;
// Structured data types for complex URIs
typedef struct {
unsigned char pubkey[32];
char** relays;
int relay_count;
} nostr_nprofile_t;
typedef struct {
unsigned char event_id[32];
char** relays;
int relay_count;
unsigned char* author; // Optional, 32 bytes if present
int* kind; // Optional
time_t* created_at; // Optional
} nostr_nevent_t;
typedef struct {
char* identifier;
unsigned char pubkey[32];
int kind;
char** relays;
int relay_count;
} nostr_naddr_t;
// Unified URI result structure
typedef struct {
nostr_uri_type_t type;
union {
unsigned char pubkey[32]; // For NPUB
unsigned char privkey[32]; // For NSEC
unsigned char event_id[32]; // For NOTE
nostr_nprofile_t nprofile; // For NPROFILE
nostr_nevent_t nevent; // For NEVENT
nostr_naddr_t naddr; // For NADDR
} data;
} nostr_uri_result_t;
// Function declarations
// Main parsing function - unified entry point
int nostr_parse_uri(const char* uri, nostr_uri_result_t* result);
// URI construction functions
int nostr_build_uri_npub(const unsigned char* pubkey, char* output, size_t output_size);
int nostr_build_uri_nsec(const unsigned char* privkey, char* output, size_t output_size);
int nostr_build_uri_note(const unsigned char* event_id, char* output, size_t output_size);
int nostr_build_uri_nprofile(const unsigned char* pubkey, const char** relays, int relay_count,
char* output, size_t output_size);
int nostr_build_uri_nevent(const unsigned char* event_id, const char** relays, int relay_count,
const unsigned char* author, int kind, time_t created_at,
char* output, size_t output_size);
int nostr_build_uri_naddr(const char* identifier, const unsigned char* pubkey, int kind,
const char** relays, int relay_count, char* output, size_t output_size);
// Utility functions
void nostr_uri_result_free(nostr_uri_result_t* result);
nostr_uri_type_t nostr_detect_uri_type(const char* uri);
#endif // NIP021_H

628
nostr_core/nip042.c Normal file
View File

@@ -0,0 +1,628 @@
/*
* NOSTR Core Library - NIP-042: Authentication of clients to relays
*
* Implements client authentication through signed ephemeral events
*/
#include "nip042.h"
#include "nip001.h"
#include "utils.h"
#include "../cjson/cJSON.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
// Forward declarations for crypto functions
int nostr_secp256k1_get_random_bytes(unsigned char* buf, size_t len);
// =============================================================================
// CLIENT-SIDE FUNCTIONS
// =============================================================================
/**
* Create NIP-42 authentication event (kind 22242)
*/
cJSON* nostr_nip42_create_auth_event(const char* challenge,
const char* relay_url,
const unsigned char* private_key,
time_t timestamp) {
if (!challenge || !relay_url || !private_key) {
return NULL;
}
// Validate challenge format
size_t challenge_len = strlen(challenge);
if (challenge_len < NOSTR_NIP42_MIN_CHALLENGE_LENGTH ||
challenge_len >= NOSTR_NIP42_MAX_CHALLENGE_LENGTH) {
return NULL;
}
// Create tags array with relay and challenge
cJSON* tags = cJSON_CreateArray();
if (!tags) {
return NULL;
}
// Add relay tag
cJSON* relay_tag = cJSON_CreateArray();
if (!relay_tag) {
cJSON_Delete(tags);
return NULL;
}
cJSON_AddItemToArray(relay_tag, cJSON_CreateString("relay"));
cJSON_AddItemToArray(relay_tag, cJSON_CreateString(relay_url));
cJSON_AddItemToArray(tags, relay_tag);
// Add challenge tag
cJSON* challenge_tag = cJSON_CreateArray();
if (!challenge_tag) {
cJSON_Delete(tags);
return NULL;
}
cJSON_AddItemToArray(challenge_tag, cJSON_CreateString("challenge"));
cJSON_AddItemToArray(challenge_tag, cJSON_CreateString(challenge));
cJSON_AddItemToArray(tags, challenge_tag);
// Create authentication event using existing function
// Note: Empty content as per NIP-42 specification
cJSON* auth_event = nostr_create_and_sign_event(
NOSTR_NIP42_AUTH_EVENT_KIND,
"", // Empty content
tags,
private_key,
timestamp
);
cJSON_Delete(tags);
return auth_event;
}
/**
* Create AUTH message JSON for relay communication
*/
char* nostr_nip42_create_auth_message(cJSON* auth_event) {
if (!auth_event) {
return NULL;
}
// Create AUTH message array: ["AUTH", <event-json>]
cJSON* message_array = cJSON_CreateArray();
if (!message_array) {
return NULL;
}
cJSON_AddItemToArray(message_array, cJSON_CreateString("AUTH"));
cJSON_AddItemToArray(message_array, cJSON_Duplicate(auth_event, 1));
char* message_string = cJSON_PrintUnformatted(message_array);
cJSON_Delete(message_array);
return message_string;
}
/**
* Validate challenge string format and freshness
*/
int nostr_nip42_validate_challenge(const char* challenge,
time_t received_at,
int time_tolerance) {
if (!challenge) {
return NOSTR_ERROR_INVALID_INPUT;
}
size_t challenge_len = strlen(challenge);
// Check challenge length
if (challenge_len < NOSTR_NIP42_MIN_CHALLENGE_LENGTH) {
return NOSTR_ERROR_NIP42_CHALLENGE_TOO_SHORT;
}
if (challenge_len >= NOSTR_NIP42_MAX_CHALLENGE_LENGTH) {
return NOSTR_ERROR_NIP42_CHALLENGE_TOO_LONG;
}
// Check time validity if provided
if (received_at > 0) {
time_t now = time(NULL);
int tolerance = (time_tolerance > 0) ? time_tolerance : NOSTR_NIP42_DEFAULT_TIME_TOLERANCE;
if (now - received_at > tolerance) {
return NOSTR_ERROR_NIP42_CHALLENGE_EXPIRED;
}
}
return NOSTR_SUCCESS;
}
/**
* Parse AUTH challenge message from relay
*/
int nostr_nip42_parse_auth_challenge(const char* message,
char* challenge_out,
size_t challenge_size) {
if (!message || !challenge_out || challenge_size == 0) {
return NOSTR_ERROR_INVALID_INPUT;
}
cJSON* json = cJSON_Parse(message);
if (!json || !cJSON_IsArray(json)) {
if (json) cJSON_Delete(json);
return NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT;
}
// Check array has exactly 2 elements
if (cJSON_GetArraySize(json) != 2) {
cJSON_Delete(json);
return NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT;
}
// Check first element is "AUTH"
cJSON* message_type = cJSON_GetArrayItem(json, 0);
if (!message_type || !cJSON_IsString(message_type) ||
strcmp(cJSON_GetStringValue(message_type), "AUTH") != 0) {
cJSON_Delete(json);
return NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT;
}
// Get challenge string
cJSON* challenge_item = cJSON_GetArrayItem(json, 1);
if (!challenge_item || !cJSON_IsString(challenge_item)) {
cJSON_Delete(json);
return NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT;
}
const char* challenge_str = cJSON_GetStringValue(challenge_item);
if (!challenge_str || strlen(challenge_str) >= challenge_size) {
cJSON_Delete(json);
return NOSTR_ERROR_NIP42_INVALID_CHALLENGE;
}
strcpy(challenge_out, challenge_str);
cJSON_Delete(json);
return NOSTR_SUCCESS;
}
// =============================================================================
// SERVER-SIDE FUNCTIONS
// =============================================================================
/**
* Generate cryptographically secure challenge string
*/
int nostr_nip42_generate_challenge(char* challenge_out, size_t length) {
if (!challenge_out || length < NOSTR_NIP42_MIN_CHALLENGE_LENGTH ||
length > NOSTR_NIP42_MAX_CHALLENGE_LENGTH / 2) {
return NOSTR_ERROR_INVALID_INPUT;
}
// Generate random bytes
unsigned char random_bytes[NOSTR_NIP42_MAX_CHALLENGE_LENGTH / 2];
if (nostr_secp256k1_get_random_bytes(random_bytes, length) != 1) {
return NOSTR_ERROR_CRYPTO_FAILED;
}
// Convert to hex string (reusing existing function)
nostr_bytes_to_hex(random_bytes, length, challenge_out);
return NOSTR_SUCCESS;
}
/**
* Verify NIP-42 authentication event
*/
int nostr_nip42_verify_auth_event(cJSON* auth_event,
const char* expected_challenge,
const char* relay_url,
int time_tolerance) {
if (!auth_event || !expected_challenge || !relay_url) {
return NOSTR_ERROR_INVALID_INPUT;
}
// First validate basic event structure using existing function
int structure_result = nostr_validate_event_structure(auth_event);
if (structure_result != NOSTR_SUCCESS) {
return structure_result;
}
// Validate NIP-42 specific structure
int nip42_structure_result = nostr_nip42_validate_auth_event_structure(
auth_event, relay_url, expected_challenge, time_tolerance);
if (nip42_structure_result != NOSTR_SUCCESS) {
return nip42_structure_result;
}
// Finally verify cryptographic signature using existing function
return nostr_verify_event_signature(auth_event);
}
/**
* Parse AUTH message from client
*/
int nostr_nip42_parse_auth_message(const char* message, cJSON** auth_event_out) {
if (!message || !auth_event_out) {
return NOSTR_ERROR_INVALID_INPUT;
}
cJSON* json = cJSON_Parse(message);
if (!json || !cJSON_IsArray(json)) {
if (json) cJSON_Delete(json);
return NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT;
}
// Check array has exactly 2 elements
if (cJSON_GetArraySize(json) != 2) {
cJSON_Delete(json);
return NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT;
}
// Check first element is "AUTH"
cJSON* message_type = cJSON_GetArrayItem(json, 0);
if (!message_type || !cJSON_IsString(message_type) ||
strcmp(cJSON_GetStringValue(message_type), "AUTH") != 0) {
cJSON_Delete(json);
return NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT;
}
// Get event object
cJSON* event_item = cJSON_GetArrayItem(json, 1);
if (!event_item || !cJSON_IsObject(event_item)) {
cJSON_Delete(json);
return NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT;
}
// Duplicate the event for the caller
*auth_event_out = cJSON_Duplicate(event_item, 1);
cJSON_Delete(json);
if (!*auth_event_out) {
return NOSTR_ERROR_MEMORY_FAILED;
}
return NOSTR_SUCCESS;
}
/**
* Create "auth-required" error response
*/
char* nostr_nip42_create_auth_required_message(const char* subscription_id,
const char* event_id,
const char* reason) {
const char* default_reason = "authentication required";
const char* message_reason = reason ? reason : default_reason;
cJSON* response = cJSON_CreateArray();
if (!response) {
return NULL;
}
if (subscription_id) {
// CLOSED message for subscriptions
cJSON_AddItemToArray(response, cJSON_CreateString("CLOSED"));
cJSON_AddItemToArray(response, cJSON_CreateString(subscription_id));
char prefix_message[512];
snprintf(prefix_message, sizeof(prefix_message), "auth-required: %s", message_reason);
cJSON_AddItemToArray(response, cJSON_CreateString(prefix_message));
} else if (event_id) {
// OK message for events
cJSON_AddItemToArray(response, cJSON_CreateString("OK"));
cJSON_AddItemToArray(response, cJSON_CreateString(event_id));
cJSON_AddItemToArray(response, cJSON_CreateBool(0)); // false
char prefix_message[512];
snprintf(prefix_message, sizeof(prefix_message), "auth-required: %s", message_reason);
cJSON_AddItemToArray(response, cJSON_CreateString(prefix_message));
} else {
cJSON_Delete(response);
return NULL;
}
char* message_string = cJSON_PrintUnformatted(response);
cJSON_Delete(response);
return message_string;
}
/**
* Create "restricted" error response
*/
char* nostr_nip42_create_restricted_message(const char* subscription_id,
const char* event_id,
const char* reason) {
const char* default_reason = "access restricted";
const char* message_reason = reason ? reason : default_reason;
cJSON* response = cJSON_CreateArray();
if (!response) {
return NULL;
}
if (subscription_id) {
// CLOSED message for subscriptions
cJSON_AddItemToArray(response, cJSON_CreateString("CLOSED"));
cJSON_AddItemToArray(response, cJSON_CreateString(subscription_id));
char prefix_message[512];
snprintf(prefix_message, sizeof(prefix_message), "restricted: %s", message_reason);
cJSON_AddItemToArray(response, cJSON_CreateString(prefix_message));
} else if (event_id) {
// OK message for events
cJSON_AddItemToArray(response, cJSON_CreateString("OK"));
cJSON_AddItemToArray(response, cJSON_CreateString(event_id));
cJSON_AddItemToArray(response, cJSON_CreateBool(0)); // false
char prefix_message[512];
snprintf(prefix_message, sizeof(prefix_message), "restricted: %s", message_reason);
cJSON_AddItemToArray(response, cJSON_CreateString(prefix_message));
} else {
cJSON_Delete(response);
return NULL;
}
char* message_string = cJSON_PrintUnformatted(response);
cJSON_Delete(response);
return message_string;
}
// =============================================================================
// URL NORMALIZATION FUNCTIONS
// =============================================================================
/**
* Normalize relay URL for comparison
*/
char* nostr_nip42_normalize_url(const char* url) {
if (!url) {
return NULL;
}
size_t url_len = strlen(url);
char* normalized = malloc(url_len + 1);
if (!normalized) {
return NULL;
}
strcpy(normalized, url);
// Remove trailing slash
if (url_len > 1 && normalized[url_len - 1] == '/') {
normalized[url_len - 1] = '\0';
}
// Convert to lowercase for domain comparison
for (size_t i = 0; normalized[i]; i++) {
if (normalized[i] >= 'A' && normalized[i] <= 'Z') {
normalized[i] = normalized[i] + ('a' - 'A');
}
}
return normalized;
}
/**
* Check if two relay URLs match after normalization
*/
int nostr_nip42_urls_match(const char* url1, const char* url2) {
if (!url1 || !url2) {
return -1;
}
char* norm1 = nostr_nip42_normalize_url(url1);
char* norm2 = nostr_nip42_normalize_url(url2);
if (!norm1 || !norm2) {
free(norm1);
free(norm2);
return -1;
}
int result = (strcmp(norm1, norm2) == 0) ? 1 : 0;
free(norm1);
free(norm2);
return result;
}
// =============================================================================
// UTILITY FUNCTIONS
// =============================================================================
/**
* Get string description of authentication state
*/
const char* nostr_nip42_auth_state_str(nostr_auth_state_t state) {
switch (state) {
case NOSTR_AUTH_STATE_NONE:
return "none";
case NOSTR_AUTH_STATE_CHALLENGE_RECEIVED:
return "challenge_received";
case NOSTR_AUTH_STATE_AUTHENTICATING:
return "authenticating";
case NOSTR_AUTH_STATE_AUTHENTICATED:
return "authenticated";
case NOSTR_AUTH_STATE_REJECTED:
return "rejected";
default:
return "unknown";
}
}
/**
* Initialize authentication context structure
*/
int nostr_nip42_init_auth_context(nostr_auth_context_t* ctx,
const char* relay_url,
const char* challenge,
int time_tolerance) {
if (!ctx || !relay_url || !challenge) {
return NOSTR_ERROR_INVALID_INPUT;
}
memset(ctx, 0, sizeof(nostr_auth_context_t));
ctx->relay_url = malloc(strlen(relay_url) + 1);
if (!ctx->relay_url) {
return NOSTR_ERROR_MEMORY_FAILED;
}
strcpy(ctx->relay_url, relay_url);
ctx->challenge = malloc(strlen(challenge) + 1);
if (!ctx->challenge) {
free(ctx->relay_url);
ctx->relay_url = NULL;
return NOSTR_ERROR_MEMORY_FAILED;
}
strcpy(ctx->challenge, challenge);
ctx->timestamp = time(NULL);
ctx->time_tolerance = (time_tolerance > 0) ? time_tolerance : NOSTR_NIP42_DEFAULT_TIME_TOLERANCE;
return NOSTR_SUCCESS;
}
/**
* Free authentication context structure
*/
void nostr_nip42_free_auth_context(nostr_auth_context_t* ctx) {
if (!ctx) {
return;
}
free(ctx->relay_url);
free(ctx->challenge);
free(ctx->pubkey_hex);
memset(ctx, 0, sizeof(nostr_auth_context_t));
}
/**
* Validate authentication event structure (without signature verification)
*/
int nostr_nip42_validate_auth_event_structure(cJSON* auth_event,
const char* relay_url,
const char* challenge,
int time_tolerance) {
if (!auth_event || !relay_url || !challenge) {
return NOSTR_ERROR_INVALID_INPUT;
}
// Check event kind is 22242
cJSON* kind_item = cJSON_GetObjectItem(auth_event, "kind");
if (!kind_item || !cJSON_IsNumber(kind_item) ||
(int)cJSON_GetNumberValue(kind_item) != NOSTR_NIP42_AUTH_EVENT_KIND) {
return NOSTR_ERROR_NIP42_AUTH_EVENT_INVALID;
}
// Check timestamp is within tolerance
cJSON* created_at_item = cJSON_GetObjectItem(auth_event, "created_at");
if (!created_at_item || !cJSON_IsNumber(created_at_item)) {
return NOSTR_ERROR_EVENT_INVALID_CREATED_AT;
}
time_t event_time = (time_t)cJSON_GetNumberValue(created_at_item);
time_t now = time(NULL);
int tolerance = (time_tolerance > 0) ? time_tolerance : NOSTR_NIP42_DEFAULT_TIME_TOLERANCE;
if (abs((int)(now - event_time)) > tolerance) {
return NOSTR_ERROR_NIP42_TIME_TOLERANCE;
}
// Check tags contain required relay and challenge
cJSON* tags_item = cJSON_GetObjectItem(auth_event, "tags");
if (!tags_item || !cJSON_IsArray(tags_item)) {
return NOSTR_ERROR_EVENT_INVALID_TAGS;
}
int found_relay = 0, found_challenge = 0;
cJSON* tag_item;
cJSON_ArrayForEach(tag_item, tags_item) {
if (!cJSON_IsArray(tag_item) || cJSON_GetArraySize(tag_item) < 2) {
continue;
}
cJSON* tag_name = cJSON_GetArrayItem(tag_item, 0);
cJSON* tag_value = cJSON_GetArrayItem(tag_item, 1);
if (!cJSON_IsString(tag_name) || !cJSON_IsString(tag_value)) {
continue;
}
const char* name = cJSON_GetStringValue(tag_name);
const char* value = cJSON_GetStringValue(tag_value);
if (strcmp(name, "relay") == 0) {
if (nostr_nip42_urls_match(value, relay_url) == 1) {
found_relay = 1;
}
} else if (strcmp(name, "challenge") == 0) {
if (strcmp(value, challenge) == 0) {
found_challenge = 1;
}
}
}
if (!found_relay) {
return NOSTR_ERROR_NIP42_URL_MISMATCH;
}
if (!found_challenge) {
return NOSTR_ERROR_NIP42_INVALID_CHALLENGE;
}
return NOSTR_SUCCESS;
}
// =============================================================================
// WEBSOCKET CLIENT INTEGRATION STUB FUNCTIONS
// =============================================================================
// Note: These will need to be implemented when WebSocket client structure is available
int nostr_ws_authenticate(struct nostr_ws_client* client,
const unsigned char* private_key,
int time_tolerance) {
// TODO: Implement when WebSocket client structure is available
(void)client;
(void)private_key;
(void)time_tolerance;
return NOSTR_ERROR_NETWORK_FAILED; // Placeholder
}
nostr_auth_state_t nostr_ws_get_auth_state(struct nostr_ws_client* client) {
// TODO: Implement when WebSocket client structure is available
(void)client;
return NOSTR_AUTH_STATE_NONE; // Placeholder
}
int nostr_ws_has_valid_challenge(struct nostr_ws_client* client) {
// TODO: Implement when WebSocket client structure is available
(void)client;
return 0; // Placeholder
}
int nostr_ws_get_challenge(struct nostr_ws_client* client,
char* challenge_out,
size_t challenge_size) {
// TODO: Implement when WebSocket client structure is available
(void)client;
(void)challenge_out;
(void)challenge_size;
return NOSTR_ERROR_NETWORK_FAILED; // Placeholder
}
int nostr_ws_store_challenge(struct nostr_ws_client* client,
const char* challenge) {
// TODO: Implement when WebSocket client structure is available
(void)client;
(void)challenge;
return NOSTR_ERROR_NETWORK_FAILED; // Placeholder
}
int nostr_ws_clear_auth_state(struct nostr_ws_client* client) {
// TODO: Implement when WebSocket client structure is available
(void)client;
return NOSTR_ERROR_NETWORK_FAILED; // Placeholder
}

281
nostr_core/nip042.h Normal file
View File

@@ -0,0 +1,281 @@
/*
* NOSTR Core Library - NIP-042: Authentication of clients to relays
*
* Implements client authentication through signed ephemeral events
*/
#ifndef NIP042_H
#define NIP042_H
#include <stddef.h>
#include <stdint.h>
#include <time.h>
#include "../cjson/cJSON.h"
#include "nostr_common.h"
#ifdef __cplusplus
extern "C" {
#endif
// =============================================================================
// NIP-42 CONSTANTS AND DEFINITIONS
// =============================================================================
#define NOSTR_NIP42_AUTH_EVENT_KIND 22242
#define NOSTR_NIP42_DEFAULT_CHALLENGE_LENGTH 32
#define NOSTR_NIP42_DEFAULT_TIME_TOLERANCE 600 // 10 minutes in seconds
#define NOSTR_NIP42_MAX_CHALLENGE_LENGTH 256
#define NOSTR_NIP42_MIN_CHALLENGE_LENGTH 16
// Authentication states for WebSocket client integration
typedef enum {
NOSTR_AUTH_STATE_NONE = 0, // No authentication attempted
NOSTR_AUTH_STATE_CHALLENGE_RECEIVED = 1, // Challenge received from relay
NOSTR_AUTH_STATE_AUTHENTICATING = 2, // AUTH event sent, waiting for OK
NOSTR_AUTH_STATE_AUTHENTICATED = 3, // Successfully authenticated
NOSTR_AUTH_STATE_REJECTED = 4 // Authentication rejected
} nostr_auth_state_t;
// Challenge storage structure
typedef struct {
char challenge[NOSTR_NIP42_MAX_CHALLENGE_LENGTH];
time_t received_at;
int is_valid;
} nostr_auth_challenge_t;
// Authentication context for relay verification
typedef struct {
char* relay_url;
char* challenge;
time_t timestamp;
int time_tolerance;
char* pubkey_hex;
} nostr_auth_context_t;
// =============================================================================
// CLIENT-SIDE FUNCTIONS (for nostr clients)
// =============================================================================
/**
* Create NIP-42 authentication event (kind 22242)
* @param challenge Challenge string received from relay
* @param relay_url Relay URL (normalized)
* @param private_key 32-byte private key for signing
* @param timestamp Event timestamp (0 for current time)
* @return cJSON event object or NULL on error
*/
cJSON* nostr_nip42_create_auth_event(const char* challenge,
const char* relay_url,
const unsigned char* private_key,
time_t timestamp);
/**
* Create AUTH message JSON for relay communication
* @param auth_event Authentication event (kind 22242)
* @return JSON string for AUTH message or NULL on error (caller must free)
*/
char* nostr_nip42_create_auth_message(cJSON* auth_event);
/**
* Validate challenge string format and freshness
* @param challenge Challenge string to validate
* @param received_at Time when challenge was received (0 for no time check)
* @param time_tolerance Maximum age in seconds (0 for default)
* @return NOSTR_SUCCESS or error code
*/
int nostr_nip42_validate_challenge(const char* challenge,
time_t received_at,
int time_tolerance);
/**
* Parse AUTH challenge message from relay
* @param message Raw message from relay
* @param challenge_out Output buffer for challenge string
* @param challenge_size Size of challenge buffer
* @return NOSTR_SUCCESS or error code
*/
int nostr_nip42_parse_auth_challenge(const char* message,
char* challenge_out,
size_t challenge_size);
// =============================================================================
// SERVER-SIDE FUNCTIONS (for relay implementations)
// =============================================================================
/**
* Generate cryptographically secure challenge string
* @param challenge_out Output buffer for challenge (must be at least length*2+1)
* @param length Desired challenge length in bytes (16-128)
* @return NOSTR_SUCCESS or error code
*/
int nostr_nip42_generate_challenge(char* challenge_out, size_t length);
/**
* Verify NIP-42 authentication event
* @param auth_event Authentication event to verify
* @param expected_challenge Challenge that was sent to client
* @param relay_url Expected relay URL
* @param time_tolerance Maximum timestamp deviation in seconds
* @return NOSTR_SUCCESS or error code
*/
int nostr_nip42_verify_auth_event(cJSON* auth_event,
const char* expected_challenge,
const char* relay_url,
int time_tolerance);
/**
* Parse AUTH message from client
* @param message Raw AUTH message from client
* @param auth_event_out Output pointer to parsed event (caller must free)
* @return NOSTR_SUCCESS or error code
*/
int nostr_nip42_parse_auth_message(const char* message, cJSON** auth_event_out);
/**
* Create "auth-required" error response
* @param subscription_id Subscription ID (for CLOSED) or NULL (for OK)
* @param event_id Event ID (for OK) or NULL (for CLOSED)
* @param reason Human-readable reason
* @return JSON string for response or NULL on error (caller must free)
*/
char* nostr_nip42_create_auth_required_message(const char* subscription_id,
const char* event_id,
const char* reason);
/**
* Create "restricted" error response
* @param subscription_id Subscription ID (for CLOSED) or NULL (for OK)
* @param event_id Event ID (for OK) or NULL (for CLOSED)
* @param reason Human-readable reason
* @return JSON string for response or NULL on error (caller must free)
*/
char* nostr_nip42_create_restricted_message(const char* subscription_id,
const char* event_id,
const char* reason);
// =============================================================================
// URL NORMALIZATION FUNCTIONS
// =============================================================================
/**
* Normalize relay URL for comparison (removes trailing slashes, etc.)
* @param url Original URL
* @return Normalized URL string or NULL on error (caller must free)
*/
char* nostr_nip42_normalize_url(const char* url);
/**
* Check if two relay URLs match after normalization
* @param url1 First URL
* @param url2 Second URL
* @return 1 if URLs match, 0 if they don't, -1 on error
*/
int nostr_nip42_urls_match(const char* url1, const char* url2);
// =============================================================================
// UTILITY FUNCTIONS
// =============================================================================
/**
* Get string description of authentication state
* @param state Authentication state
* @return Human-readable string
*/
const char* nostr_nip42_auth_state_str(nostr_auth_state_t state);
/**
* Initialize authentication context structure
* @param ctx Context to initialize
* @param relay_url Relay URL
* @param challenge Challenge string
* @param time_tolerance Time tolerance in seconds
* @return NOSTR_SUCCESS or error code
*/
int nostr_nip42_init_auth_context(nostr_auth_context_t* ctx,
const char* relay_url,
const char* challenge,
int time_tolerance);
/**
* Free authentication context structure
* @param ctx Context to free
*/
void nostr_nip42_free_auth_context(nostr_auth_context_t* ctx);
/**
* Validate authentication event structure (without signature verification)
* @param auth_event Event to validate
* @param relay_url Expected relay URL
* @param challenge Expected challenge
* @param time_tolerance Maximum timestamp deviation in seconds
* @return NOSTR_SUCCESS or error code
*/
int nostr_nip42_validate_auth_event_structure(cJSON* auth_event,
const char* relay_url,
const char* challenge,
int time_tolerance);
// =============================================================================
// WEBSOCKET CLIENT INTEGRATION
// =============================================================================
// Forward declaration for WebSocket client
struct nostr_ws_client;
/**
* Authenticate WebSocket client with relay
* @param client WebSocket client handle
* @param private_key 32-byte private key for authentication
* @param time_tolerance Maximum timestamp deviation in seconds (0 for default)
* @return NOSTR_SUCCESS or error code
*/
int nostr_ws_authenticate(struct nostr_ws_client* client,
const unsigned char* private_key,
int time_tolerance);
/**
* Get current authentication state of WebSocket client
* @param client WebSocket client handle
* @return Current authentication state
*/
nostr_auth_state_t nostr_ws_get_auth_state(struct nostr_ws_client* client);
/**
* Check if WebSocket client has stored valid challenge
* @param client WebSocket client handle
* @return 1 if valid challenge exists, 0 otherwise
*/
int nostr_ws_has_valid_challenge(struct nostr_ws_client* client);
/**
* Get stored challenge from WebSocket client
* @param client WebSocket client handle
* @param challenge_out Output buffer for challenge
* @param challenge_size Size of output buffer
* @return NOSTR_SUCCESS or error code
*/
int nostr_ws_get_challenge(struct nostr_ws_client* client,
char* challenge_out,
size_t challenge_size);
/**
* Store challenge in WebSocket client (internal function)
* @param client WebSocket client handle
* @param challenge Challenge string to store
* @return NOSTR_SUCCESS or error code
*/
int nostr_ws_store_challenge(struct nostr_ws_client* client,
const char* challenge);
/**
* Clear authentication state in WebSocket client
* @param client WebSocket client handle
* @return NOSTR_SUCCESS or error code
*/
int nostr_ws_clear_auth_state(struct nostr_ws_client* client);
#ifdef __cplusplus
}
#endif
#endif // NIP042_H

69
nostr_core/nip044.c
View File

@@ -9,10 +9,29 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "./crypto/nostr_secp256k1.h"
// Include our ChaCha20 implementation
#include "crypto/nostr_chacha20.h"
// Forward declarations for crypto functions (private API)
// These functions are implemented in crypto/ but not exposed through public headers
int ecdh_shared_secret(const unsigned char* private_key, const unsigned char* public_key, unsigned char* shared_secret);
int nostr_secp256k1_get_random_bytes(unsigned char* buf, size_t len);
// ChaCha20 functions for NIP-44 encryption
int chacha20_encrypt(const unsigned char key[32], unsigned int counter,
const unsigned char nonce[12], const unsigned char* input,
unsigned char* output, size_t length);
// HKDF functions for NIP-44 key derivation
int nostr_hkdf_extract(const unsigned char* salt, size_t salt_len,
const unsigned char* ikm, size_t ikm_len,
unsigned char* prk);
int nostr_hkdf_expand(const unsigned char* prk, size_t prk_len,
const unsigned char* info, size_t info_len,
unsigned char* okm, size_t okm_len);
// HMAC-SHA256 function for NIP-44 authentication
int nostr_hmac_sha256(const unsigned char* key, size_t key_len,
const unsigned char* data, size_t data_len,
unsigned char* hmac);
// Forward declarations for internal functions
static size_t calc_padded_len(size_t unpadded_len);
@@ -27,6 +46,7 @@ static void memory_clear(const void *p, size_t len) {
}
}
// =============================================================================
// NIP-44 UTILITY FUNCTIONS
// =============================================================================
@@ -62,8 +82,8 @@ static unsigned char* pad_plaintext(const char* plaintext, size_t* padded_len) {
return NULL;
}
// NIP-44 allows empty messages (unpadded_len can be 0)
*padded_len = calc_padded_len(unpadded_len + 2); // +2 for length prefix
size_t padded_content_len = calc_padded_len(unpadded_len);
*padded_len = padded_content_len + 2; // Add 2 bytes for the length prefix
unsigned char* padded = malloc(*padded_len);
if (!padded) return NULL;
@@ -71,33 +91,29 @@ static unsigned char* pad_plaintext(const char* plaintext, size_t* padded_len) {
padded[0] = (unpadded_len >> 8) & 0xFF;
padded[1] = unpadded_len & 0xFF;
// Copy plaintext (if any)
if (unpadded_len > 0) {
memcpy(padded + 2, plaintext, unpadded_len);
}
// Zero-fill padding
memset(padded + 2 + unpadded_len, 0, *padded_len - 2 - unpadded_len);
// Copy plaintext and add zero-padding
memcpy(padded + 2, plaintext, unpadded_len);
memset(padded + 2 + unpadded_len, 0, padded_content_len - unpadded_len);
return padded;
}
// NIP-44 unpadding (per spec)
// NIP-44 unpadding (per spec)
static char* unpad_plaintext(const unsigned char* padded, size_t padded_len) {
if (padded_len < 2) return NULL;
// Read length prefix (big-endian u16)
if (padded_len < 4) return NULL;
size_t unpadded_len = (padded[0] << 8) | padded[1];
size_t expected_padded_len = calc_padded_len(unpadded_len);
if (padded_len != expected_padded_len + 2) {
return NULL;
}
if (unpadded_len > padded_len - 2) {
return NULL;
}
// Verify padding length matches expected
size_t expected_padded_len = calc_padded_len(unpadded_len + 2);
if (padded_len != expected_padded_len) {
return NULL;
}
char* plaintext = malloc(unpadded_len + 1);
if (!plaintext) return NULL;
@@ -129,6 +145,7 @@ int nostr_nip44_encrypt_with_nonce(const unsigned char* sender_private_key,
return NOSTR_ERROR_NIP44_BUFFER_TOO_SMALL;
}
// Step 1: Compute ECDH shared secret
unsigned char shared_secret[32];
if (ecdh_shared_secret(sender_private_key, recipient_public_key, shared_secret) != 0) {
@@ -149,6 +166,7 @@ int nostr_nip44_encrypt_with_nonce(const unsigned char* sender_private_key,
unsigned char nonce_copy[32];
memcpy(nonce_copy, nonce, 32);
// Step 4: Derive message keys (HKDF-expand with nonce as info)
unsigned char message_keys[76]; // 32 chacha_key + 12 chacha_nonce + 32 hmac_key
if (nostr_hkdf_expand(conversation_key, 32, nonce_copy, 32, message_keys, 76) != 0) {
@@ -162,6 +180,7 @@ int nostr_nip44_encrypt_with_nonce(const unsigned char* sender_private_key,
unsigned char* chacha_nonce = message_keys + 32;
unsigned char* hmac_key = message_keys + 44;
// Step 5: Pad plaintext according to NIP-44 spec
size_t padded_len;
unsigned char* padded_plaintext = pad_plaintext(plaintext, &padded_len);
@@ -339,9 +358,9 @@ int nostr_nip44_decrypt(const unsigned char* recipient_private_key,
}
unsigned char* nonce = payload + 1;
size_t ciphertext_len = payload_len - 65; // payload - version - nonce - mac
unsigned char* ciphertext = payload + 33;
unsigned char* received_mac = payload + payload_len - 32;
size_t ciphertext_len = (payload + payload_len - 32) - (payload + 33); // mac_start - ciphertext_start
// Step 3: Compute ECDH shared secret
unsigned char shared_secret[32];
@@ -402,6 +421,7 @@ int nostr_nip44_decrypt(const unsigned char* recipient_private_key,
return NOSTR_ERROR_CRYPTO_FAILED;
}
// Constant-time MAC verification
// Constant-time MAC verification
if (!constant_time_compare(received_mac, computed_mac, 32)) {
memory_clear(shared_secret, 32);
@@ -439,6 +459,7 @@ int nostr_nip44_decrypt(const unsigned char* recipient_private_key,
return NOSTR_ERROR_CRYPTO_FAILED;
}
// Step 8: Remove padding according to NIP-44 spec
// Step 8: Remove padding according to NIP-44 spec
char* plaintext = unpad_plaintext(padded_plaintext, ciphertext_len);
if (!plaintext) {

2
nostr_core/nip044.h
View File

@@ -13,7 +13,7 @@ extern "C" {
#endif
// NIP-44 constants
// #define NOSTR_NIP44_MAX_PLAINTEXT_SIZE 65535
// #define NOSTR_NIP44_MAX_PLAINTEXT_SIZE 1048576
/**
* NIP-44: Encrypt a message using ECDH + ChaCha20 + HMAC

412
nostr_core/nip059.c Normal file
View File

@@ -0,0 +1,412 @@
/*
* NIP-59: Gift Wrap Implementation
* https://github.com/nostr-protocol/nips/blob/master/59.md
*/
#include "nip059.h"
#include "nip044.h"
#include "nip001.h"
#include "utils.h"
#include "nostr_common.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
// Forward declarations for crypto functions
int nostr_secp256k1_get_random_bytes(unsigned char* buf, size_t len);
int nostr_ec_public_key_from_private_key(const unsigned char* private_key, unsigned char* public_key);
int nostr_ec_sign(const unsigned char* private_key, const unsigned char* hash, unsigned char* signature);
// Memory clearing utility
static void memory_clear(const void *p, size_t len) {
if (p && len) {
memset((void *)p, 0, len);
}
}
/**
* Create a random timestamp within max_delay_sec in the past (configurable)
*/
static time_t random_past_timestamp(long max_delay_sec) {
time_t now = time(NULL);
// If max_delay_sec is 0, return current timestamp (no randomization)
if (max_delay_sec == 0) {
return now;
}
// Random time up to max_delay_sec in the past
long random_offset = (long)(rand() % max_delay_sec);
return now - random_offset;
}
/**
* Generate a random private key for gift wrap
*/
static int generate_random_private_key(unsigned char* private_key) {
return nostr_secp256k1_get_random_bytes(private_key, 32);
}
/**
* Create event ID from event data (without signature)
*/
static int create_event_id(cJSON* event, char* event_id_hex) {
if (!event || !event_id_hex) {
return -1;
}
// Get event fields for serialization
cJSON* pubkey_item = cJSON_GetObjectItem(event, "pubkey");
cJSON* created_at_item = cJSON_GetObjectItem(event, "created_at");
cJSON* kind_item = cJSON_GetObjectItem(event, "kind");
cJSON* tags_item = cJSON_GetObjectItem(event, "tags");
cJSON* content_item = cJSON_GetObjectItem(event, "content");
if (!pubkey_item || !created_at_item || !kind_item || !tags_item || !content_item) {
return -1;
}
// Create serialization array: [0, pubkey, created_at, kind, tags, content]
cJSON* serialize_array = cJSON_CreateArray();
if (!serialize_array) {
return -1;
}
cJSON_AddItemToArray(serialize_array, cJSON_CreateNumber(0));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(pubkey_item, 1));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(created_at_item, 1));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(kind_item, 1));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(tags_item, 1));
cJSON_AddItemToArray(serialize_array, cJSON_Duplicate(content_item, 1));
char* serialize_string = cJSON_PrintUnformatted(serialize_array);
cJSON_Delete(serialize_array);
if (!serialize_string) {
return -1;
}
// Hash the serialized event
unsigned char event_hash[32];
if (nostr_sha256((const unsigned char*)serialize_string, strlen(serialize_string), event_hash) != 0) {
free(serialize_string);
return -1;
}
// Convert hash to hex
nostr_bytes_to_hex(event_hash, 32, event_id_hex);
free(serialize_string);
return 0;
}
/**
* NIP-59: Create a rumor (unsigned event)
*/
cJSON* nostr_nip59_create_rumor(int kind, const char* content, cJSON* tags,
const char* pubkey_hex, time_t created_at) {
if (!pubkey_hex || !content) {
return NULL;
}
// Use provided timestamp or random past timestamp (default to 0 for compatibility)
time_t event_time = (created_at == 0) ? random_past_timestamp(0) : created_at;
// Create event structure (without id and sig - that's what makes it a rumor)
cJSON* rumor = cJSON_CreateObject();
if (!rumor) {
return NULL;
}
cJSON_AddStringToObject(rumor, "pubkey", pubkey_hex);
cJSON_AddNumberToObject(rumor, "created_at", (double)event_time);
cJSON_AddNumberToObject(rumor, "kind", kind);
// Add tags (copy provided tags or create empty array)
if (tags) {
cJSON_AddItemToObject(rumor, "tags", cJSON_Duplicate(tags, 1));
} else {
cJSON_AddItemToObject(rumor, "tags", cJSON_CreateArray());
}
cJSON_AddStringToObject(rumor, "content", content);
// Calculate and add event ID
char event_id[65];
if (create_event_id(rumor, event_id) != 0) {
cJSON_Delete(rumor);
return NULL;
}
cJSON_AddStringToObject(rumor, "id", event_id);
return rumor;
}
/**
* NIP-59: Create a seal (kind 13) wrapping a rumor
*/
cJSON* nostr_nip59_create_seal(cJSON* rumor, const unsigned char* sender_private_key,
const unsigned char* recipient_public_key, long max_delay_sec) {
if (!rumor || !sender_private_key || !recipient_public_key) {
return NULL;
}
// Serialize the rumor to JSON
char* rumor_json = cJSON_PrintUnformatted(rumor);
if (!rumor_json) {
return NULL;
}
// Encrypt the rumor using NIP-44
char encrypted_content[4096]; // Should be large enough for most events
int encrypt_result = nostr_nip44_encrypt(sender_private_key, recipient_public_key,
rumor_json, encrypted_content, sizeof(encrypted_content));
free(rumor_json);
if (encrypt_result != NOSTR_SUCCESS) {
return NULL;
}
// Get sender's public key
unsigned char sender_public_key[32];
if (nostr_ec_public_key_from_private_key(sender_private_key, sender_public_key) != 0) {
return NULL;
}
char sender_pubkey_hex[65];
nostr_bytes_to_hex(sender_public_key, 32, sender_pubkey_hex);
// Create seal event (kind 13)
cJSON* seal = cJSON_CreateObject();
if (!seal) {
return NULL;
}
time_t seal_time = random_past_timestamp(max_delay_sec);
cJSON_AddStringToObject(seal, "pubkey", sender_pubkey_hex);
cJSON_AddNumberToObject(seal, "created_at", (double)seal_time);
cJSON_AddNumberToObject(seal, "kind", 13);
cJSON_AddItemToObject(seal, "tags", cJSON_CreateArray()); // Empty tags array
cJSON_AddStringToObject(seal, "content", encrypted_content);
// Calculate event ID
char event_id[65];
if (create_event_id(seal, event_id) != 0) {
cJSON_Delete(seal);
return NULL;
}
cJSON_AddStringToObject(seal, "id", event_id);
// Sign the seal
unsigned char event_hash[32];
if (nostr_hex_to_bytes(event_id, event_hash, 32) != 0) {
cJSON_Delete(seal);
return NULL;
}
unsigned char signature[64];
if (nostr_ec_sign(sender_private_key, event_hash, signature) != 0) {
cJSON_Delete(seal);
return NULL;
}
char sig_hex[129];
nostr_bytes_to_hex(signature, 64, sig_hex);
cJSON_AddStringToObject(seal, "sig", sig_hex);
return seal;
}
/**
* NIP-59: Create a gift wrap (kind 1059) wrapping a seal
*/
cJSON* nostr_nip59_create_gift_wrap(cJSON* seal, const char* recipient_public_key_hex, long max_delay_sec) {
if (!seal || !recipient_public_key_hex) {
return NULL;
}
// Serialize the seal to JSON
char* seal_json = cJSON_PrintUnformatted(seal);
if (!seal_json) {
return NULL;
}
// Generate random private key for gift wrap
unsigned char random_private_key[32];
if (generate_random_private_key(random_private_key) != 1) {
free(seal_json);
return NULL;
}
// Get random public key
unsigned char random_public_key[32];
if (nostr_ec_public_key_from_private_key(random_private_key, random_public_key) != 0) {
memory_clear(random_private_key, 32);
free(seal_json);
return NULL;
}
char random_pubkey_hex[65];
nostr_bytes_to_hex(random_public_key, 32, random_pubkey_hex);
// Convert recipient pubkey hex to bytes
unsigned char recipient_public_key[32];
if (nostr_hex_to_bytes(recipient_public_key_hex, recipient_public_key, 32) != 0) {
memory_clear(random_private_key, 32);
free(seal_json);
return NULL;
}
// Encrypt the seal using NIP-44
char encrypted_content[8192]; // Larger buffer for nested encryption
int encrypt_result = nostr_nip44_encrypt(random_private_key, recipient_public_key,
seal_json, encrypted_content, sizeof(encrypted_content));
free(seal_json);
if (encrypt_result != NOSTR_SUCCESS) {
memory_clear(random_private_key, 32);
return NULL;
}
// Create gift wrap event (kind 1059)
cJSON* gift_wrap = cJSON_CreateObject();
if (!gift_wrap) {
memory_clear(random_private_key, 32);
return NULL;
}
time_t wrap_time = random_past_timestamp(max_delay_sec);
cJSON_AddStringToObject(gift_wrap, "pubkey", random_pubkey_hex);
cJSON_AddNumberToObject(gift_wrap, "created_at", (double)wrap_time);
cJSON_AddNumberToObject(gift_wrap, "kind", 1059);
// Add p tag for recipient
cJSON* tags = cJSON_CreateArray();
cJSON* p_tag = cJSON_CreateArray();
cJSON_AddItemToArray(p_tag, cJSON_CreateString("p"));
cJSON_AddItemToArray(p_tag, cJSON_CreateString(recipient_public_key_hex));
cJSON_AddItemToArray(tags, p_tag);
cJSON_AddItemToObject(gift_wrap, "tags", tags);
cJSON_AddStringToObject(gift_wrap, "content", encrypted_content);
// Calculate event ID
char event_id[65];
if (create_event_id(gift_wrap, event_id) != 0) {
memory_clear(random_private_key, 32);
cJSON_Delete(gift_wrap);
return NULL;
}
cJSON_AddStringToObject(gift_wrap, "id", event_id);
// Sign the gift wrap
unsigned char event_hash[32];
if (nostr_hex_to_bytes(event_id, event_hash, 32) != 0) {
memory_clear(random_private_key, 32);
cJSON_Delete(gift_wrap);
return NULL;
}
unsigned char signature[64];
if (nostr_ec_sign(random_private_key, event_hash, signature) != 0) {
memory_clear(random_private_key, 32);
cJSON_Delete(gift_wrap);
return NULL;
}
char sig_hex[129];
nostr_bytes_to_hex(signature, 64, sig_hex);
cJSON_AddStringToObject(gift_wrap, "sig", sig_hex);
// Clear the random private key from memory
memory_clear(random_private_key, 32);
return gift_wrap;
}
/**
* NIP-59: Unwrap a gift wrap to get the seal
*/
cJSON* nostr_nip59_unwrap_gift(cJSON* gift_wrap, const unsigned char* recipient_private_key) {
if (!gift_wrap || !recipient_private_key) {
return NULL;
}
// Get the encrypted content
cJSON* content_item = cJSON_GetObjectItem(gift_wrap, "content");
if (!content_item || !cJSON_IsString(content_item)) {
return NULL;
}
const char* encrypted_content = cJSON_GetStringValue(content_item);
// Get the sender's public key (gift wrap pubkey)
cJSON* pubkey_item = cJSON_GetObjectItem(gift_wrap, "pubkey");
if (!pubkey_item || !cJSON_IsString(pubkey_item)) {
return NULL;
}
const char* sender_pubkey_hex = cJSON_GetStringValue(pubkey_item);
// Convert sender pubkey hex to bytes
unsigned char sender_public_key[32];
if (nostr_hex_to_bytes(sender_pubkey_hex, sender_public_key, 32) != 0) {
return NULL;
}
// Decrypt the content using NIP-44
char decrypted_json[8192];
int decrypt_result = nostr_nip44_decrypt(recipient_private_key, sender_public_key,
encrypted_content, decrypted_json, sizeof(decrypted_json));
if (decrypt_result != NOSTR_SUCCESS) {
return NULL;
}
// Parse the decrypted JSON as the seal event
cJSON* seal = cJSON_Parse(decrypted_json);
if (!seal) {
return NULL;
}
return seal;
}
/**
* NIP-59: Unseal a seal to get the rumor
*/
cJSON* nostr_nip59_unseal_rumor(cJSON* seal, const unsigned char* sender_public_key,
const unsigned char* recipient_private_key) {
if (!seal || !sender_public_key || !recipient_private_key) {
return NULL;
}
// Get the encrypted content
cJSON* content_item = cJSON_GetObjectItem(seal, "content");
if (!content_item || !cJSON_IsString(content_item)) {
return NULL;
}
const char* encrypted_content = cJSON_GetStringValue(content_item);
// Decrypt the content using NIP-44
char decrypted_json[4096];
int decrypt_result = nostr_nip44_decrypt(recipient_private_key, sender_public_key,
encrypted_content, decrypted_json, sizeof(decrypted_json));
if (decrypt_result != NOSTR_SUCCESS) {
return NULL;
}
// Parse the decrypted JSON as the rumor event
cJSON* rumor = cJSON_Parse(decrypted_json);
if (!rumor) {
return NULL;
}
return rumor;
}

76
nostr_core/nip059.h Normal file
View File

@@ -0,0 +1,76 @@
/*
* NIP-59: Gift Wrap
* https://github.com/nostr-protocol/nips/blob/master/59.md
*/
#ifndef NOSTR_NIP059_H
#define NOSTR_NIP059_H
#include <stddef.h>
#include <time.h>
#include "../cjson/cJSON.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* NIP-59: Create a rumor (unsigned event)
*
* @param kind Event kind
* @param content Event content
* @param tags Event tags (cJSON array, can be NULL)
* @param pubkey_hex Sender's public key in hex format
* @param created_at Event timestamp (0 for current time)
* @return cJSON object representing the rumor, or NULL on error
*/
cJSON* nostr_nip59_create_rumor(int kind, const char* content, cJSON* tags,
const char* pubkey_hex, time_t created_at);
/**
* NIP-59: Create a seal (kind 13) wrapping a rumor
*
* @param rumor The rumor event to seal (cJSON object)
* @param sender_private_key 32-byte sender private key
* @param recipient_public_key 32-byte recipient public key (x-only)
* @param max_delay_sec Maximum random timestamp delay in seconds (0 = no randomization)
* @return cJSON object representing the seal event, or NULL on error
*/
cJSON* nostr_nip59_create_seal(cJSON* rumor, const unsigned char* sender_private_key,
const unsigned char* recipient_public_key, long max_delay_sec);
/**
* NIP-59: Create a gift wrap (kind 1059) wrapping a seal
*
* @param seal The seal event to wrap (cJSON object)
* @param recipient_public_key_hex Recipient's public key in hex format
* @param max_delay_sec Maximum random timestamp delay in seconds (0 = no randomization)
* @return cJSON object representing the gift wrap event, or NULL on error
*/
cJSON* nostr_nip59_create_gift_wrap(cJSON* seal, const char* recipient_public_key_hex, long max_delay_sec);
/**
* NIP-59: Unwrap a gift wrap to get the seal
*
* @param gift_wrap The gift wrap event (cJSON object)
* @param recipient_private_key 32-byte recipient private key
* @return cJSON object representing the seal event, or NULL on error
*/
cJSON* nostr_nip59_unwrap_gift(cJSON* gift_wrap, const unsigned char* recipient_private_key);
/**
* NIP-59: Unseal a seal to get the rumor
*
* @param seal The seal event (cJSON object)
* @param sender_public_key 32-byte sender public key (x-only)
* @param recipient_private_key 32-byte recipient private key
* @return cJSON object representing the rumor event, or NULL on error
*/
cJSON* nostr_nip59_unseal_rumor(cJSON* seal, const unsigned char* sender_public_key,
const unsigned char* recipient_private_key);
#ifdef __cplusplus
}
#endif
#endif // NOSTR_NIP059_H

22
nostr_core/nostr_common.c
View File

@@ -30,6 +30,28 @@ const char* nostr_strerror(int error_code) {
case NOSTR_ERROR_NIP05_JSON_PARSE_FAILED: return "NIP-05: JSON parsing failed";
case NOSTR_ERROR_NIP05_NAME_NOT_FOUND: return "NIP-05: Name not found in .well-known";
case NOSTR_ERROR_NIP05_PUBKEY_MISMATCH: return "NIP-05: Public key mismatch";
case NOSTR_ERROR_EVENT_INVALID_STRUCTURE: return "Event has invalid structure";
case NOSTR_ERROR_EVENT_INVALID_ID: return "Event has invalid ID";
case NOSTR_ERROR_EVENT_INVALID_PUBKEY: return "Event has invalid public key";
case NOSTR_ERROR_EVENT_INVALID_SIGNATURE: return "Event has invalid signature";
case NOSTR_ERROR_EVENT_INVALID_CREATED_AT: return "Event has invalid timestamp";
case NOSTR_ERROR_EVENT_INVALID_KIND: return "Event has invalid kind";
case NOSTR_ERROR_EVENT_INVALID_TAGS: return "Event has invalid tags";
case NOSTR_ERROR_EVENT_INVALID_CONTENT: return "Event has invalid content";
case NOSTR_ERROR_NIP13_INSUFFICIENT: return "NIP-13: Insufficient PoW difficulty";
case NOSTR_ERROR_NIP13_NO_NONCE_TAG: return "NIP-13: Missing nonce tag";
case NOSTR_ERROR_NIP13_INVALID_NONCE_TAG: return "NIP-13: Invalid nonce tag format";
case NOSTR_ERROR_NIP13_TARGET_MISMATCH: return "NIP-13: Target difficulty mismatch";
case NOSTR_ERROR_NIP13_CALCULATION: return "NIP-13: PoW calculation error";
case NOSTR_ERROR_NIP42_INVALID_CHALLENGE: return "NIP-42: Invalid challenge";
case NOSTR_ERROR_NIP42_CHALLENGE_EXPIRED: return "NIP-42: Challenge expired";
case NOSTR_ERROR_NIP42_AUTH_EVENT_INVALID: return "NIP-42: Authentication event invalid";
case NOSTR_ERROR_NIP42_URL_MISMATCH: return "NIP-42: Relay URL mismatch";
case NOSTR_ERROR_NIP42_TIME_TOLERANCE: return "NIP-42: Timestamp outside tolerance";
case NOSTR_ERROR_NIP42_NOT_AUTHENTICATED: return "NIP-42: Client not authenticated";
case NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT: return "NIP-42: Invalid message format";
case NOSTR_ERROR_NIP42_CHALLENGE_TOO_SHORT: return "NIP-42: Challenge too short";
case NOSTR_ERROR_NIP42_CHALLENGE_TOO_LONG: return "NIP-42: Challenge too long";
default: return "Unknown error";
}
}

96
nostr_core/nostr_common.h
View File

@@ -27,7 +27,40 @@
#define NOSTR_ERROR_NIP05_JSON_PARSE_FAILED -18
#define NOSTR_ERROR_NIP05_NAME_NOT_FOUND -19
#define NOSTR_ERROR_NIP05_PUBKEY_MISMATCH -20
#define NOSTR_ERROR_EVENT_INVALID_STRUCTURE -30
#define NOSTR_ERROR_EVENT_INVALID_ID -31
#define NOSTR_ERROR_EVENT_INVALID_PUBKEY -32
#define NOSTR_ERROR_EVENT_INVALID_SIGNATURE -33
#define NOSTR_ERROR_EVENT_INVALID_CREATED_AT -34
#define NOSTR_ERROR_EVENT_INVALID_KIND -35
#define NOSTR_ERROR_EVENT_INVALID_TAGS -36
#define NOSTR_ERROR_EVENT_INVALID_CONTENT -37
// Authentication Rules System Error Codes
#define NOSTR_ERROR_AUTH_RULES_DISABLED -50
#define NOSTR_ERROR_AUTH_RULES_DENIED -51
#define NOSTR_ERROR_AUTH_RULES_DB_FAILED -52
#define NOSTR_ERROR_AUTH_RULES_INVALID_RULE -53
#define NOSTR_ERROR_AUTH_RULES_CACHE_FAILED -54
#define NOSTR_ERROR_AUTH_RULES_BACKEND_NOT_FOUND -55
// NIP-13 PoW-specific error codes
#define NOSTR_ERROR_NIP13_INSUFFICIENT -100
#define NOSTR_ERROR_NIP13_NO_NONCE_TAG -101
#define NOSTR_ERROR_NIP13_INVALID_NONCE_TAG -102
#define NOSTR_ERROR_NIP13_TARGET_MISMATCH -103
#define NOSTR_ERROR_NIP13_CALCULATION -104
// NIP-42 Authentication-specific error codes
#define NOSTR_ERROR_NIP42_INVALID_CHALLENGE -200
#define NOSTR_ERROR_NIP42_CHALLENGE_EXPIRED -201
#define NOSTR_ERROR_NIP42_AUTH_EVENT_INVALID -202
#define NOSTR_ERROR_NIP42_URL_MISMATCH -203
#define NOSTR_ERROR_NIP42_TIME_TOLERANCE -204
#define NOSTR_ERROR_NIP42_NOT_AUTHENTICATED -205
#define NOSTR_ERROR_NIP42_INVALID_MESSAGE_FORMAT -206
#define NOSTR_ERROR_NIP42_CHALLENGE_TOO_SHORT -207
#define NOSTR_ERROR_NIP42_CHALLENGE_TOO_LONG -208
// Constants
#define NOSTR_PRIVATE_KEY_SIZE 32
@@ -39,75 +72,20 @@
#define NIP05_DEFAULT_TIMEOUT 10
// NIP-04 Constants
#define NOSTR_NIP04_MAX_PLAINTEXT_SIZE 16777216 // 16MB
#define NOSTR_NIP04_MAX_PLAINTEXT_SIZE 1048576 // 1MB
#define NOSTR_NIP04_MAX_ENCRYPTED_SIZE 22369621 // ~21.3MB (accounts for base64 overhead + IV)
// NIP-44 Constants
#define NOSTR_NIP44_MAX_PLAINTEXT_SIZE 65536 // 64KB max plaintext (matches crypto header)
// NIP-44 Constants
#define NOSTR_NIP44_MAX_PLAINTEXT_SIZE 65535 // 64KB - 1 (NIP-44 spec compliant)
// Forward declaration for cJSON (to avoid requiring cJSON.h in header)
struct cJSON;
// Relay query modes
typedef enum {
RELAY_QUERY_FIRST_RESULT, // Return as soon as first event is received
RELAY_QUERY_MOST_RECENT, // Return the most recent event from all relays
RELAY_QUERY_ALL_RESULTS // Return all unique events from all relays
} relay_query_mode_t;
// Publish result types
typedef enum {
PUBLISH_SUCCESS, // Event was accepted by relay
PUBLISH_REJECTED, // Event was rejected by relay
PUBLISH_TIMEOUT, // No response within timeout
PUBLISH_ERROR // Connection or other error
} publish_result_t;
// Progress callback function types
typedef void (*relay_progress_callback_t)(
const char* relay_url,
const char* status,
const char* event_id,
int events_received,
int total_relays,
int completed_relays,
void* user_data);
typedef void (*publish_progress_callback_t)(
const char* relay_url,
const char* status,
const char* message,
int success_count,
int total_relays,
int completed_relays,
void* user_data);
// Function declarations
const char* nostr_strerror(int error_code);
// Library initialization functions
// Library initialization functions
int nostr_init(void);
void nostr_cleanup(void);
// Relay query functions
struct cJSON** synchronous_query_relays_with_progress(
const char** relay_urls,
int relay_count,
struct cJSON* filter,
relay_query_mode_t mode,
int* result_count,
int relay_timeout_seconds,
relay_progress_callback_t callback,
void* user_data);
// Relay publish functions
publish_result_t* synchronous_publish_event_with_progress(
const char** relay_urls,
int relay_count,
struct cJSON* event,
int* success_count,
int relay_timeout_seconds,
publish_progress_callback_t callback,
void* user_data);
#endif // NOSTR_COMMON_H

400
nostr_core/nostr_core.h Normal file
View File

@@ -0,0 +1,400 @@
#ifndef NOSTR_CORE_H
#define NOSTR_CORE_H
// Version information (auto-updated by increment_and_push.sh)
#define VERSION "v0.4.8"
#define VERSION_MAJOR 0
#define VERSION_MINOR 4
#define VERSION_PATCH 8
/*
* NOSTR Core Library - Complete API Reference
*
* This header includes ALL library functionality. For modular includes,
* use individual headers instead.
*
* ============================================================================
* QUICK FUNCTION REFERENCE - Find what you need fast!
* ============================================================================
*
* EVENT OPERATIONS (NIP-01):
* - nostr_create_and_sign_event() -> Create and sign new Nostr events
* - nostr_validate_event() -> Validate complete Nostr event
* - nostr_validate_event_structure() -> Check event structure only
* - nostr_verify_event_signature() -> Verify cryptographic signature
*
* CRYPTOGRAPHIC HASHING:
* - nostr_sha256() -> Single-call SHA-256 hash
* - nostr_sha256_init() -> Initialize streaming SHA-256 context
* - nostr_sha256_update() -> Process data chunks incrementally
* - nostr_sha256_final() -> Finalize hash and clear context
* - nostr_sha256_file_stream() -> Hash large files efficiently (NEW!)
* - nostr_sha512() -> SHA-512 hash function
* - nostr_hmac_sha256() -> HMAC with SHA-256
* - nostr_hmac_sha512() -> HMAC with SHA-512
*
* DIGITAL SIGNATURES & KEYS:
* - nostr_schnorr_sign() -> Create Schnorr signatures
* - nostr_ec_public_key_from_private_key() -> Generate public keys
* - nostr_ec_private_key_verify() -> Validate private key format
* - nostr_ec_sign() -> ECDSA signature creation
* - nostr_rfc6979_generate_k() -> Deterministic nonce generation
*
* NIP-04 ENCRYPTION (Legacy):
* - nostr_nip04_encrypt() -> Encrypt messages (AES-256-CBC)
* - nostr_nip04_decrypt() -> Decrypt messages (AES-256-CBC)
*
* NIP-44 ENCRYPTION (Modern - Recommended):
* - nostr_nip44_encrypt() -> Encrypt with ChaCha20 + HMAC
* - nostr_nip44_encrypt_with_nonce() -> Encrypt with specific nonce (testing)
* - nostr_nip44_decrypt() -> Decrypt ChaCha20 + HMAC messages
*
* NIP-59 GIFT WRAP:
* - nostr_nip59_create_rumor() -> Create unsigned event (rumor)
* - nostr_nip59_create_seal() -> Seal rumor with sender's key (kind 13)
* - nostr_nip59_create_gift_wrap() -> Wrap seal with random key (kind 1059)
* - nostr_nip59_unwrap_gift() -> Unwrap gift wrap to get seal
* - nostr_nip59_unseal_rumor() -> Unseal to get original rumor
*
* NIP-17 PRIVATE DIRECT MESSAGES:
* - nostr_nip17_create_chat_event() -> Create chat message (kind 14)
* - nostr_nip17_create_file_event() -> Create file message (kind 15)
* - nostr_nip17_create_relay_list_event() -> Create DM relay list (kind 10050)
* - nostr_nip17_send_dm() -> Send DM to multiple recipients
* - nostr_nip17_receive_dm() -> Receive and decrypt DM
* - nostr_nip17_extract_dm_relays() -> Extract relay URLs from kind 10050
*
* NIP-42 AUTHENTICATION:
* - nostr_nip42_create_auth_event() -> Create authentication event (kind 22242)
* - nostr_nip42_verify_auth_event() -> Verify authentication event (relay-side)
* - nostr_nip42_generate_challenge() -> Generate challenge string (relay-side)
* - nostr_ws_authenticate() -> Authenticate WebSocket client
* - nostr_ws_get_auth_state() -> Get client authentication state
*
* BIP39 MNEMONICS:
* - nostr_bip39_mnemonic_from_bytes() -> Generate mnemonic from entropy
* - nostr_bip39_mnemonic_validate() -> Validate mnemonic phrase
* - nostr_bip39_mnemonic_to_seed() -> Convert mnemonic to seed
*
* BIP32 HD WALLETS:
* - nostr_bip32_key_from_seed() -> Create master key from seed
* - nostr_bip32_derive_child() -> Derive child key from parent
* - nostr_bip32_derive_path() -> Derive keys from derivation path
*
* KEY DERIVATION:
* - nostr_hkdf() -> HKDF key derivation (full)
* - nostr_hkdf_extract() -> HKDF extract step only
* - nostr_hkdf_expand() -> HKDF expand step only
* - nostr_pbkdf2_hmac_sha512() -> PBKDF2 with HMAC-SHA512
* - ecdh_shared_secret() -> ECDH shared secret computation
*
* UTILITIES & ENCODING:
* - nostr_bytes_to_hex() -> Convert bytes to hex string
* - nostr_hex_to_bytes() -> Convert hex string to bytes
* - base64_encode() -> Base64 encoding
* - base64_decode() -> Base64 decoding
*
* REQUEST VALIDATION & AUTHENTICATION:
* - nostr_validate_request() -> Unified request validation (events + auth rules)
* - nostr_request_validator_init() -> Initialize authentication system
* - nostr_auth_check_upload() -> Validate file upload requests
* - nostr_auth_check_delete() -> Validate file delete requests
* - nostr_auth_check_publish() -> Validate event publish requests
* - nostr_auth_rule_add() -> Add authentication rule
* - nostr_auth_rule_remove() -> Remove authentication rule
*
* RELAY OPERATIONS:
* - synchronous_query_relays_with_progress() -> One-off query from multiple relays
* - synchronous_publish_event_with_progress() -> One-off publish to multiple relays
* *
* RELAY POOL OPERATIONS:
* - nostr_relay_pool_create() -> Create relay pool for persistent connections
* - nostr_relay_pool_subscribe() -> Subscribe to events with callbacks
* - nostr_relay_pool_run() -> Run event loop for receiving events
* SYSTEM FUNCTIONS:
* - nostr_crypto_init() -> Initialize crypto subsystem
* - nostr_crypto_cleanup() -> Cleanup crypto subsystem
*
* ============================================================================
* USAGE EXAMPLES:
* ============================================================================
*
* Basic Event Creation:
* cJSON* event = nostr_create_and_sign_event(1, "Hello Nostr!", NULL, private_key, time(NULL));
* if (nostr_validate_event(event) == NOSTR_SUCCESS) { ... }
*
* Streaming SHA-256 (for large files):
* nostr_sha256_ctx_t ctx;
* nostr_sha256_init(&ctx);
* // Process data in chunks...
* nostr_sha256_update(&ctx, data, data_size);
* nostr_sha256_final(&ctx, hash_output);
*
* File Hashing:
* unsigned char file_hash[32];
* nostr_sha256_file_stream("large_video.mp4", file_hash);
*
* Modern Encryption (NIP-44):
* nostr_nip44_encrypt(sender_key, recipient_pubkey, "secret message", output, sizeof(output));
*
* HD Wallet Derivation:
* nostr_bip32_key_from_seed(seed, 64, &master_key);
* uint32_t path[] = {44, 1237, 0, 0, 0}; // m/44'/1237'/0'/0/0
* nostr_bip32_derive_path(&master_key, path, 5, &derived_key);
*
* Client Authentication (NIP-42):
* cJSON* auth_event = nostr_nip42_create_auth_event(challenge, relay_url, private_key, 0);
* nostr_ws_authenticate(client, private_key, 600); // Auto-authenticate WebSocket
*
* Private Direct Messages (NIP-17):
* // Create and send a DM
* cJSON* dm_event = nostr_nip17_create_chat_event("Hello!", &recipient_pubkey, 1, NULL, NULL, NULL, sender_pubkey);
* cJSON* gift_wraps[10];
* int count = nostr_nip17_send_dm(dm_event, &recipient_pubkey, 1, sender_privkey, gift_wraps, 10);
* // Publish gift_wraps[0] to recipient's relays
*
* // Receive a DM
* cJSON* decrypted_dm = nostr_nip17_receive_dm(received_gift_wrap, recipient_privkey);
*
* ============================================================================
*/
#ifdef __cplusplus
extern "C" {
#endif
// Core common definitions and utilities
#include "nostr_common.h"
#include "utils.h"
// NIP implementations
#include "nip001.h" // Basic Protocol
#include "nip004.h" // Encryption (legacy)
#include "nip005.h" // DNS-based identifiers
#include "nip006.h" // Key derivation from mnemonic
#include "nip011.h" // Relay information document
#include "nip013.h" // Proof of Work
#include "nip017.h" // Private Direct Messages
#include "nip019.h" // Bech32 encoding (nsec/npub)
#include "nip021.h" // nostr: URI scheme
#include "nip042.h" // Authentication of clients to relays
#include "nip044.h" // Encryption (modern)
#include "nip059.h" // Gift Wrap
// Authentication and request validation system
#include "request_validator.h" // Request validation and authentication rules
// Relay pool types and functions
typedef enum {
NOSTR_POOL_RELAY_DISCONNECTED = 0,
NOSTR_POOL_RELAY_CONNECTING = 1,
NOSTR_POOL_RELAY_CONNECTED = 2,
NOSTR_POOL_RELAY_ERROR = -1
} nostr_pool_relay_status_t;
// EOSE result mode for subscriptions
typedef enum {
NOSTR_POOL_EOSE_FULL_SET, // Wait for all relays, return all events
NOSTR_POOL_EOSE_MOST_RECENT, // Wait for all relays, return most recent event
NOSTR_POOL_EOSE_FIRST // Return results on first EOSE (fastest response)
} nostr_pool_eose_result_mode_t;
typedef struct {
int connection_attempts;
int connection_failures;
int events_received;
int events_published;
int events_published_ok;
int events_published_failed;
time_t last_event_time;
time_t connection_uptime_start;
double ping_latency_avg;
double ping_latency_min;
double ping_latency_max;
double ping_latency_current;
int ping_samples;
double query_latency_avg;
double query_latency_min;
double query_latency_max;
int query_samples;
double publish_latency_avg;
int publish_samples;
} nostr_relay_stats_t;
typedef struct nostr_relay_pool nostr_relay_pool_t;
typedef struct nostr_pool_subscription nostr_pool_subscription_t;
// Reconnection configuration
typedef struct {
int enable_auto_reconnect; // 1 = enable, 0 = disable
int max_reconnect_attempts; // Max attempts per relay
int initial_reconnect_delay_ms; // Initial delay between attempts
int max_reconnect_delay_ms; // Max delay (cap exponential backoff)
int reconnect_backoff_multiplier; // Delay multiplier
int ping_interval_seconds; // How often to ping (0 = disable)
int pong_timeout_seconds; // How long to wait for pong before reconnecting
} nostr_pool_reconnect_config_t;
// Relay pool management functions
nostr_relay_pool_t* nostr_relay_pool_create(nostr_pool_reconnect_config_t* config);
nostr_pool_reconnect_config_t* nostr_pool_reconnect_config_default(void);
int nostr_relay_pool_add_relay(nostr_relay_pool_t* pool, const char* relay_url);
int nostr_relay_pool_remove_relay(nostr_relay_pool_t* pool, const char* relay_url);
void nostr_relay_pool_destroy(nostr_relay_pool_t* pool);
// Subscription management
nostr_pool_subscription_t* nostr_relay_pool_subscribe(
nostr_relay_pool_t* pool,
const char** relay_urls,
int relay_count,
cJSON* filter,
void (*on_event)(cJSON* event, const char* relay_url, void* user_data),
void (*on_eose)(cJSON** events, int event_count, void* user_data),
void* user_data,
int close_on_eose,
int enable_deduplication,
nostr_pool_eose_result_mode_t result_mode,
int relay_timeout_seconds,
int eose_timeout_seconds);
int nostr_pool_subscription_close(nostr_pool_subscription_t* subscription);
// Backward compatibility wrapper
nostr_pool_subscription_t* nostr_relay_pool_subscribe_compat(
nostr_relay_pool_t* pool,
const char** relay_urls,
int relay_count,
cJSON* filter,
void (*on_event)(cJSON* event, const char* relay_url, void* user_data),
void (*on_eose)(void* user_data),
void* user_data,
int close_on_eose);
// Event loop functions
int nostr_relay_pool_run(nostr_relay_pool_t* pool, int timeout_ms);
int nostr_relay_pool_poll(nostr_relay_pool_t* pool, int timeout_ms);
// Synchronous query/publish functions
cJSON** nostr_relay_pool_query_sync(
nostr_relay_pool_t* pool,
const char** relay_urls,
int relay_count,
cJSON* filter,
int* event_count,
int timeout_ms);
cJSON* nostr_relay_pool_get_event(
nostr_relay_pool_t* pool,
const char** relay_urls,
int relay_count,
cJSON* filter,
int timeout_ms);
// Async publish callback typedef
typedef void (*publish_response_callback_t)(
const char* relay_url,
const char* event_id,
int success, // 1 for OK, 0 for rejection
const char* message, // Error message if rejected, NULL if success
void* user_data
);
// Async publish function (only async version available)
int nostr_relay_pool_publish_async(
nostr_relay_pool_t* pool,
const char** relay_urls,
int relay_count,
cJSON* event,
publish_response_callback_t callback,
void* user_data);
// Status and statistics functions
nostr_pool_relay_status_t nostr_relay_pool_get_relay_status(
nostr_relay_pool_t* pool,
const char* relay_url);
int nostr_relay_pool_list_relays(
nostr_relay_pool_t* pool,
char*** relay_urls,
nostr_pool_relay_status_t** statuses);
const nostr_relay_stats_t* nostr_relay_pool_get_relay_stats(
nostr_relay_pool_t* pool,
const char* relay_url);
int nostr_relay_pool_reset_relay_stats(
nostr_relay_pool_t* pool,
const char* relay_url);
double nostr_relay_pool_get_relay_query_latency(
nostr_relay_pool_t* pool,
const char* relay_url);
const char* nostr_relay_pool_get_relay_last_publish_error(
nostr_relay_pool_t* pool,
const char* relay_url);
const char* nostr_relay_pool_get_relay_last_connection_error(
nostr_relay_pool_t* pool,
const char* relay_url);
double nostr_relay_pool_get_relay_ping_latency(
nostr_relay_pool_t* pool,
const char* relay_url);
// Synchronous relay operations (one-off queries/publishes)
typedef enum {
RELAY_QUERY_FIRST_RESULT, // Return as soon as first event is received
RELAY_QUERY_MOST_RECENT, // Return the most recent event from all relays
RELAY_QUERY_ALL_RESULTS // Return all unique events from all relays
} relay_query_mode_t;
typedef enum {
PUBLISH_SUCCESS, // Event was accepted by relay
PUBLISH_REJECTED, // Event was rejected by relay
PUBLISH_TIMEOUT, // No response within timeout
PUBLISH_ERROR // Connection or other error
} publish_result_t;
typedef void (*relay_progress_callback_t)(
const char* relay_url,
const char* status,
const char* event_id,
int events_received,
int total_relays,
int completed_relays,
void* user_data);
typedef void (*publish_progress_callback_t)(
const char* relay_url,
const char* status,
const char* message,
int success_count,
int total_relays,
int completed_relays,
void* user_data);
// Synchronous relay query functions
struct cJSON** synchronous_query_relays_with_progress(
const char** relay_urls,
int relay_count,
struct cJSON* filter,
relay_query_mode_t mode,
int* result_count,
int relay_timeout_seconds,
relay_progress_callback_t callback,
void* user_data,
int nip42_enabled,
const unsigned char* private_key);
// Synchronous relay publish functions
publish_result_t* synchronous_publish_event_with_progress(
const char** relay_urls,
int relay_count,
struct cJSON* event,
int* success_count,
int relay_timeout_seconds,
publish_progress_callback_t callback,
void* user_data,
int nip42_enabled,
const unsigned char* private_key);
// Relay communication functions are defined in nostr_common.h
// WebSocket functions are defined in nostr_common.h
#ifdef __cplusplus
}
#endif
#endif /* NOSTR_CORE_H */

1230
nostr_core/request_validator.c Normal file
View File

File diff suppressed because it is too large Load Diff

274
nostr_core/request_validator.h Normal file
View File

@@ -0,0 +1,274 @@
/*
* NOSTR Core Library - Request Validator
*
* Unified authentication and authorization system for NOSTR applications.
* Provides rule-based validation for requests with pluggable database backends.
*
* This module combines basic NOSTR event validation with sophisticated
* authentication rules to provide a single entry point for request validation
* across different NOSTR applications (ginxsom, c-relay, etc.).
*/
#ifndef NOSTR_REQUEST_VALIDATOR_H
#define NOSTR_REQUEST_VALIDATOR_H
#include "nostr_common.h"
#include <time.h>
#include <sqlite3.h>
#ifdef __cplusplus
extern "C" {
#endif
// Forward declaration for cJSON
struct cJSON;
// Authentication rule types
typedef enum {
NOSTR_AUTH_RULE_PUBKEY_WHITELIST,
NOSTR_AUTH_RULE_PUBKEY_BLACKLIST,
NOSTR_AUTH_RULE_HASH_BLACKLIST,
NOSTR_AUTH_RULE_MIME_WHITELIST,
NOSTR_AUTH_RULE_MIME_BLACKLIST,
NOSTR_AUTH_RULE_SIZE_LIMIT,
NOSTR_AUTH_RULE_RATE_LIMIT,
NOSTR_AUTH_RULE_CUSTOM
} nostr_auth_rule_type_t;
// Authentication request context
typedef struct {
const char* operation; // Operation type ("upload", "delete", "list", "publish")
const char* auth_header; // Raw authorization header (optional)
struct cJSON* event; // NOSTR event for validation (optional)
// Resource context (for file/blob operations)
const char* resource_hash; // Resource hash (SHA-256, optional)
const char* mime_type; // MIME type (optional)
long file_size; // File size (optional)
// Client context
const char* client_ip; // Client IP for rate limiting (optional)
void* app_context; // Application-specific context (optional)
} nostr_request_t;
// Authentication result
typedef struct {
int valid; // 0 = invalid/denied, 1 = valid/allowed
int error_code; // NOSTR_SUCCESS or specific error code
char reason[256]; // Human-readable reason for denial
char pubkey[65]; // Extracted pubkey from validated event (if available)
int rule_id; // Rule ID that made the decision (0 if no rule)
int priority; // Priority of the rule that matched
time_t cached_until; // Cache expiration time
} nostr_request_result_t;
// Authentication rule definition
typedef struct {
int rule_id; // Unique rule identifier
nostr_auth_rule_type_t type; // Rule type
char operation[32]; // Target operation ("*", "upload", "delete", "publish", etc.)
char target[256]; // Rule target (pubkey, hash, mime pattern, etc.)
char value[256]; // Rule value (size limit, rate limit, custom data)
int priority; // Rule priority (lower number = higher priority)
int enabled; // 1 = enabled, 0 = disabled
time_t expires_at; // Expiration timestamp (0 = never expires)
char description[512]; // Human-readable description
time_t created_at; // Creation timestamp
} nostr_auth_rule_t;
// Database backend interface (pluggable)
typedef struct nostr_auth_db_interface {
const char* name; // Backend name ("sqlite", "redis", etc.)
// Database lifecycle
int (*init)(const char* db_path, const char* app_name);
void (*cleanup)(void);
// Configuration management
int (*get_config)(const char* key, char* value, size_t value_size);
int (*set_config)(const char* key, const char* value);
// Rule querying and management
int (*query_rules)(const nostr_request_t* request, nostr_auth_rule_t** rules, int* count);
int (*rule_add)(const nostr_auth_rule_t* rule);
int (*rule_remove)(int rule_id);
int (*rule_update)(const nostr_auth_rule_t* rule);
int (*rule_list)(const char* operation, nostr_auth_rule_t** rules, int* count);
// Caching operations
int (*cache_get)(const char* cache_key, nostr_request_result_t* result);
int (*cache_set)(const char* cache_key, const nostr_request_result_t* result, int ttl);
int (*cache_clear)(void);
} nostr_auth_db_interface_t;
//=============================================================================
// CORE API FUNCTIONS
//=============================================================================
/**
* Initialize the request validator system with application database
*
* @param app_db_path Path to application's SQLite database
* @param app_name Application name for logging/identification
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_request_validator_init(const char* app_db_path, const char* app_name);
/**
* Initialize with shared database (future use)
*
* @param shared_db_path Path to shared authentication database
* @param app_name Application name for logging/identification
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_request_validator_init_shared(const char* shared_db_path, const char* app_name);
/**
* Main request validation function - validates both NOSTR events and authentication rules
*
* @param request Request context with operation, auth header, and resource details
* @param result Result structure with validation outcome and details
* @return NOSTR_SUCCESS on successful validation processing, error code on system failure
*/
int nostr_validate_request(const nostr_request_t* request, nostr_request_result_t* result);
/**
* Check if authentication rules system is enabled
*
* @return 1 if enabled, 0 if disabled
*/
int nostr_auth_rules_enabled(void);
/**
* Cleanup request validator resources
*/
void nostr_request_validator_cleanup(void);
//=============================================================================
// CONVENIENCE FUNCTIONS
//=============================================================================
/**
* Convenience function for upload validation (ginxsom integration)
*
* @param pubkey Uploader public key (optional, extracted from auth if NULL)
* @param auth_header Authorization header with NOSTR event
* @param hash File hash (SHA-256)
* @param mime_type File MIME type
* @param file_size File size in bytes
* @return NOSTR_SUCCESS if allowed, error code if denied
*/
int nostr_auth_check_upload(const char* pubkey, const char* auth_header,
const char* hash, const char* mime_type, long file_size);
/**
* Convenience function for delete validation (ginxsom integration)
*
* @param pubkey Requester public key
* @param auth_header Authorization header with NOSTR event
* @param hash File hash to delete
* @return NOSTR_SUCCESS if allowed, error code if denied
*/
int nostr_auth_check_delete(const char* pubkey, const char* auth_header, const char* hash);
/**
* Convenience function for publish validation (c-relay integration)
*
* @param pubkey Publisher public key
* @param event NOSTR event to publish
* @return NOSTR_SUCCESS if allowed, error code if denied
*/
int nostr_auth_check_publish(const char* pubkey, struct cJSON* event);
//=============================================================================
// RULE MANAGEMENT FUNCTIONS
//=============================================================================
/**
* Add a new authentication rule
*
* @param rule Rule definition to add
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_auth_rule_add(const nostr_auth_rule_t* rule);
/**
* Remove an authentication rule by ID
*
* @param rule_id Rule ID to remove
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_auth_rule_remove(int rule_id);
/**
* Update an existing authentication rule
*
* @param rule Updated rule definition
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_auth_rule_update(const nostr_auth_rule_t* rule);
/**
* List authentication rules for a specific operation
*
* @param operation Target operation ("*" for all operations)
* @param rules Pointer to receive allocated array of rules
* @param count Pointer to receive number of rules returned
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_auth_rule_list(const char* operation, nostr_auth_rule_t** rules, int* count);
/**
* Free rule array allocated by nostr_auth_rule_list
*
* @param rules Rule array to free
* @param count Number of rules in array
*/
void nostr_auth_rules_free(nostr_auth_rule_t* rules, int count);
//=============================================================================
// DATABASE BACKEND MANAGEMENT
//=============================================================================
/**
* Register a database backend implementation
*
* @param backend Backend interface implementation
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_auth_register_db_backend(const nostr_auth_db_interface_t* backend);
/**
* Set active database backend by name
*
* @param backend_name Name of backend to activate
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_auth_set_db_backend(const char* backend_name);
//=============================================================================
// CACHE MANAGEMENT
//=============================================================================
/**
* Clear authentication decision cache
*
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_auth_cache_clear(void);
/**
* Get cache statistics
*
* @param hit_count Pointer to receive cache hit count
* @param miss_count Pointer to receive cache miss count
* @param entries Pointer to receive current number of cache entries
* @return NOSTR_SUCCESS on success, error code on failure
*/
int nostr_auth_cache_stats(int* hit_count, int* miss_count, int* entries);
#ifdef __cplusplus
}
#endif
#endif /* NOSTR_REQUEST_VALIDATOR_H */

211
nostr_core/utils.c
View File

@@ -9,14 +9,28 @@
#include <stdlib.h>
#include <string.h>
// Include our secp256k1 wrapper for elliptic curve operations
#include "crypto/nostr_secp256k1.h"
// Forward declarations for crypto functions (private API)
// These functions are implemented in crypto/ but not exposed through public headers
// Include our self-contained AES implementation for NIP-04
#include "crypto/nostr_aes.h"
// secp256k1 functions
typedef struct {
unsigned char data[64];
} nostr_secp256k1_pubkey;
// Include our ChaCha20 implementation for NIP-44
#include "crypto/nostr_chacha20.h"
typedef struct {
unsigned char data[96];
} nostr_secp256k1_keypair;
int nostr_secp256k1_context_create(void);
void nostr_secp256k1_context_destroy(void);
int nostr_secp256k1_ec_pubkey_parse(nostr_secp256k1_pubkey* pubkey, const unsigned char* input, size_t inputlen);
int nostr_secp256k1_ecdh(unsigned char* output, const nostr_secp256k1_pubkey* pubkey, const unsigned char* privkey, void* hashfp, void* data);
int nostr_secp256k1_ec_seckey_verify(const unsigned char* seckey);
int nostr_secp256k1_ec_pubkey_create(nostr_secp256k1_pubkey* pubkey, const unsigned char* privkey);
int nostr_secp256k1_ec_pubkey_serialize_compressed(unsigned char* output, const nostr_secp256k1_pubkey* pubkey);
int nostr_secp256k1_keypair_create(nostr_secp256k1_keypair* keypair, const unsigned char* privkey);
int nostr_secp256k1_schnorrsig_sign32(unsigned char* sig, const unsigned char* msg32, const nostr_secp256k1_keypair* keypair, const unsigned char* aux_rand32);
int nostr_secp256k1_ec_seckey_tweak_add(unsigned char* seckey, const unsigned char* tweak);
// =============================================================================
@@ -155,36 +169,64 @@ static int ecdh_hash_function_copy_x(unsigned char* output, const unsigned char*
int ecdh_shared_secret(const unsigned char* private_key,
const unsigned char* public_key_x,
unsigned char* shared_secret) {
if (!private_key || !public_key_x || !shared_secret) return -1;
/*
* WARNING: This function requires proper library initialization!
*
* Before calling this function, you must call nostr_init() to initialize
* the secp256k1 global context. All secp256k1 wrapper functions will fail
* with error code 0 if the global context g_ctx is not initialized.
*
* Example usage:
* if (nostr_init() != NOSTR_SUCCESS) {
* // Handle initialization error
* return -1;
* }
* // Now you can safely call ecdh_shared_secret() and other crypto functions
* int result = ecdh_shared_secret(private_key, public_key_x, shared_secret);
*
* // Don't forget to cleanup when done:
* nostr_cleanup();
*/
if (!private_key || !public_key_x || !shared_secret) {
return -1;
}
// NIP-04 ECDH: The key insight from the specification is that NOSTR requires
// "only the X coordinate of the shared point is used as the secret and it is NOT hashed"
//
// libsecp256k1's default ECDH hashes the shared point with SHA256.
// We need to use a custom hash function that just copies the X coordinate.
//
// This matches exactly what @noble/curves getSharedSecret() does:
// 1. Always use 0x02 prefix (compressed format)
// 2. Perform ECDH scalar multiplication
// 3. Extract only the X coordinate (bytes 1-33 from the compressed point)
// The issue was that we can't just assume the y-coordinate parity.
// We need to try both possible y-coordinate parities (0x02 and 0x03).
unsigned char compressed_pubkey[33];
compressed_pubkey[0] = 0x02; // Always use 0x02 prefix like nostr-tools
nostr_secp256k1_pubkey pubkey;
// Try with 0x02 prefix first (even y-coordinate)
compressed_pubkey[0] = 0x02;
memcpy(compressed_pubkey + 1, public_key_x, 32);
// Parse the public key
nostr_secp256k1_pubkey pubkey;
if (nostr_secp256k1_ec_pubkey_parse(&pubkey, compressed_pubkey, 33) != 1) {
return -1;
if (nostr_secp256k1_ec_pubkey_parse(&pubkey, compressed_pubkey, 33) == 1) {
// Perform ECDH with our custom hash function that copies the X coordinate
if (nostr_secp256k1_ecdh(shared_secret, &pubkey, private_key, ecdh_hash_function_copy_x, NULL) == 1) {
return 0;
}
}
// Perform ECDH with our custom hash function that copies the X coordinate
// This is the crucial fix: we pass ecdh_hash_function_copy_x instead of NULL
if (nostr_secp256k1_ecdh(shared_secret, &pubkey, private_key, ecdh_hash_function_copy_x, NULL) != 1) {
return -1;
}
// Try with 0x03 prefix (odd y-coordinate)
compressed_pubkey[0] = 0x03;
// public_key_x is already copied above
return 0;
if (nostr_secp256k1_ec_pubkey_parse(&pubkey, compressed_pubkey, 33) == 1) {
// Perform ECDH with our custom hash function that copies the X coordinate
if (nostr_secp256k1_ecdh(shared_secret, &pubkey, private_key, ecdh_hash_function_copy_x, NULL) == 1) {
return 0;
}
}
return -1;
}
// =============================================================================
@@ -300,6 +342,125 @@ int nostr_sha256(const unsigned char* data, size_t len, unsigned char* hash) {
return 0;
}
// =============================================================================
// STREAMING SHA-256 IMPLEMENTATION
// =============================================================================
int nostr_sha256_init(nostr_sha256_ctx_t* ctx) {
if (!ctx) return -1;
// Initialize SHA-256 state
ctx->state[0] = 0x6a09e667;
ctx->state[1] = 0xbb67ae85;
ctx->state[2] = 0x3c6ef372;
ctx->state[3] = 0xa54ff53a;
ctx->state[4] = 0x510e527f;
ctx->state[5] = 0x9b05688c;
ctx->state[6] = 0x1f83d9ab;
ctx->state[7] = 0x5be0cd19;
// Initialize counters and buffer
ctx->bitlen = 0;
ctx->buflen = 0;
return 0;
}
int nostr_sha256_update(nostr_sha256_ctx_t* ctx, const unsigned char* data, size_t len) {
if (!ctx || !data) return -1;
for (size_t i = 0; i < len; i++) {
ctx->buffer[ctx->buflen] = data[i];
ctx->buflen++;
// Process complete blocks
if (ctx->buflen == 64) {
sha256_transform(ctx->state, ctx->buffer);
ctx->bitlen += 512; // 64 bytes * 8 bits
ctx->buflen = 0;
}
}
return 0;
}
int nostr_sha256_final(nostr_sha256_ctx_t* ctx, unsigned char* hash) {
if (!ctx || !hash) return -1;
// Calculate final bit length
uint64_t final_bitlen = ctx->bitlen + (ctx->buflen * 8);
// Pad the message
ctx->buffer[ctx->buflen] = 0x80;
ctx->buflen++;
// If not enough space for length, pad and process another block
if (ctx->buflen > 56) {
while (ctx->buflen < 64) {
ctx->buffer[ctx->buflen] = 0x00;
ctx->buflen++;
}
sha256_transform(ctx->state, ctx->buffer);
ctx->buflen = 0;
}
// Pad with zeros up to 56 bytes
while (ctx->buflen < 56) {
ctx->buffer[ctx->buflen] = 0x00;
ctx->buflen++;
}
// Append length as big-endian 64-bit integer
for (int i = 0; i < 8; i++) {
ctx->buffer[56 + i] = (final_bitlen >> (56 - i * 8)) & 0xff;
}
// Process final block
sha256_transform(ctx->state, ctx->buffer);
// Convert state to output bytes
for (int i = 0; i < 8; i++) {
hash[i * 4] = (ctx->state[i] >> 24) & 0xff;
hash[i * 4 + 1] = (ctx->state[i] >> 16) & 0xff;
hash[i * 4 + 2] = (ctx->state[i] >> 8) & 0xff;
hash[i * 4 + 3] = ctx->state[i] & 0xff;
}
// Clear sensitive data
memory_clear(ctx, sizeof(nostr_sha256_ctx_t));
return 0;
}
int nostr_sha256_file_stream(const char* filename, unsigned char* hash) {
if (!filename || !hash) return -1;
FILE* file = fopen(filename, "rb");
if (!file) return -1;
nostr_sha256_ctx_t ctx;
if (nostr_sha256_init(&ctx) != 0) {
fclose(file);
return -1;
}
// Process file in 4KB chunks for memory efficiency
unsigned char buffer[4096];
size_t bytes_read;
while ((bytes_read = fread(buffer, 1, sizeof(buffer), file)) > 0) {
if (nostr_sha256_update(&ctx, buffer, bytes_read) != 0) {
fclose(file);
return -1;
}
}
fclose(file);
// Finalize and return result
return nostr_sha256_final(&ctx, hash);
}
// =============================================================================
// HMAC IMPLEMENTATION
// =============================================================================

24
nostr_core/utils.h
View File

@@ -45,6 +45,30 @@ void nostr_crypto_cleanup(void);
// SHA-256 hash function
int nostr_sha256(const unsigned char *data, size_t len, unsigned char *hash);
// =============================================================================
// STREAMING SHA-256 FUNCTIONS
// =============================================================================
// SHA-256 streaming context
typedef struct {
uint32_t state[8]; // Current hash state
unsigned char buffer[64]; // Input buffer for incomplete blocks
uint64_t bitlen; // Total bits processed
size_t buflen; // Current buffer length
} nostr_sha256_ctx_t;
// Initialize SHA-256 streaming context
int nostr_sha256_init(nostr_sha256_ctx_t* ctx);
// Update SHA-256 context with new data
int nostr_sha256_update(nostr_sha256_ctx_t* ctx, const unsigned char* data, size_t len);
// Finalize SHA-256 and output hash
int nostr_sha256_final(nostr_sha256_ctx_t* ctx, unsigned char* hash);
// Stream SHA-256 hash of a file
int nostr_sha256_file_stream(const char* filename, unsigned char* hash);
// HMAC-SHA256
int nostr_hmac_sha256(const unsigned char *key, size_t key_len,
const unsigned char *data, size_t data_len,

10
nostr_core_lib.code-workspace Normal file
View File

@@ -0,0 +1,10 @@
{
"folders": [
{
"path": "."
}
],
"settings": {
"git.ignoreLimitWarning": true
}
}

27
nostr_websocket/nostr_websocket_openssl.c
View File

@@ -131,7 +131,7 @@ static void init_openssl(void) {
nostr_ws_client_t* nostr_ws_connect(const char* url) {
if (!url) return NULL;
// Initialize OpenSSL
init_openssl();
@@ -781,32 +781,35 @@ static int ws_perform_handshake(nostr_ws_client_t* client, const char* key) {
// Read response
char response[MAX_HEADER_SIZE];
int total_received = 0;
while ((size_t)total_received < sizeof(response) - 1) {
int received = client->transport->recv(&client->transport_ctx,
response + total_received,
sizeof(response) - total_received - 1,
client->timeout_ms);
int received = client->transport->recv(&client->transport_ctx,
response + total_received,
sizeof(response) - total_received - 1,
client->timeout_ms);
if (received <= 0) {
return -1;
}
total_received += received;
response[total_received] = '\0';
// Check if we have complete headers
if (strstr(response, "\r\n\r\n")) break;
if (strstr(response, "\r\n\r\n")) {
break;
}
}
// Check if response starts with the correct HTTP status line
if (strncmp(response, "HTTP/1.1 101 Switching Protocols\r\n", 34) != 0) {
return -1;
}
if (!strstr(response, "Upgrade: websocket") && !strstr(response, "upgrade: websocket")) {
if (!strstr(response, "Upgrade: websocket") && !strstr(response, "upgrade: websocket") &&
!strstr(response, "Upgrade: WebSocket") && !strstr(response, "upgrade: WebSocket")) {
return -1;
}
return 0;
}

2
package.json
View File

@@ -13,7 +13,7 @@
"keywords": [],
"author": "",
"license": "ISC",
"type": "commonjs",
"type": "module",
"dependencies": {
"nostr-tools": "^2.16.1"
}

47
pool.log Normal file
View File

@@ -0,0 +1,47 @@
[Tue Oct 7 05:51:04 2025] 🚀 Pool test started
[Tue Oct 7 05:51:07 2025] 🏊 Pool started with default relay
[Tue Oct 7 05:52:03 2025] 🔍 New subscription created (ID: 1)
Filter: {
"limit": 10
}
[Tue Oct 7 05:52:03 2025] 📨 EVENT from ws://localhost:7555
├── ID: 8433206a6e00...
├── Pubkey: 17323141f3a9...
├── Kind: 1
├── Created: 1759687410
└── Content: Test post at 2025-10-05 14:03:30
[Tue Oct 7 05:52:03 2025] 📨 EVENT from ws://localhost:7555
├── ID: ec98292f5700...
├── Pubkey: aa3b44608a9e...
├── Kind: 1
├── Created: 1759687283
└── Content: Test post at 2025-10-05 14:01:23
[Tue Oct 7 05:52:03 2025] 📨 EVENT from ws://localhost:7555
├── ID: c70d6c5c8745...
├── Pubkey: 2a0c81450868...
├── Kind: 1
├── Created: 1759687249
└── Content: Test post at 2025-10-05 14:00:49
[Tue Oct 7 05:52:03 2025] 📨 EVENT from ws://localhost:7555
├── ID: 15dbe2cfe923...
├── Pubkey: 7c2065299249...
├── Kind: 1
├── Created: 1759687219
└── Content: Test post at 2025-10-05 14:00:19
[Tue Oct 7 05:52:03 2025] 📋 EOSE received - 0 events collected
[Tue Oct 7 05:52:31 2025] 🔍 New subscription created (ID: 2)
Filter: {
"since": 1759830747,
"limit": 10
}
[Tue Oct 7 05:52:31 2025] 📋 EOSE received - 0 events collected

2579
rfc8439.txt
View File

File diff suppressed because it is too large Load Diff

2
secp256k1.depreciated/.gitattributes vendored
View File

@@ -1,2 +0,0 @@
src/precomputed_ecmult.c linguist-generated
src/precomputed_ecmult_gen.c linguist-generated

33
secp256k1.depreciated/.github/actions/install-homebrew-valgrind/action.yml vendored
View File

@@ -1,33 +0,0 @@
name: "Install Valgrind"
description: "Install Homebrew's Valgrind package and cache it."
runs:
using: "composite"
steps:
- run: |
brew tap LouisBrunner/valgrind
brew fetch --HEAD LouisBrunner/valgrind/valgrind
echo "CI_HOMEBREW_CELLAR_VALGRIND=$(brew --cellar valgrind)" >> "$GITHUB_ENV"
shell: bash
- run: |
sw_vers > valgrind_fingerprint
brew --version >> valgrind_fingerprint
git -C "$(brew --cache)/valgrind--git" rev-parse HEAD >> valgrind_fingerprint
cat valgrind_fingerprint
shell: bash
- uses: actions/cache@v4
id: cache
with:
path: ${{ env.CI_HOMEBREW_CELLAR_VALGRIND }}
key: ${{ github.job }}-valgrind-${{ hashFiles('valgrind_fingerprint') }}
- if: steps.cache.outputs.cache-hit != 'true'
run: |
brew install --HEAD LouisBrunner/valgrind/valgrind
shell: bash
- if: steps.cache.outputs.cache-hit == 'true'
run: |
brew link valgrind
shell: bash

34
secp256k1.depreciated/.github/actions/print-logs/action.yml vendored
View File

@@ -1,34 +0,0 @@
name: "Print logs"
description: "Print the log files produced by ci/ci.sh"
runs:
using: "composite"
steps:
- shell: bash
run: |
# Print the log files produced by ci/ci.sh
# Helper functions
group() {
title=$1
echo "::group::$title"
}
endgroup() {
echo "::endgroup::"
}
cat_file() {
file=$1
group "$file"
cat "$file"
endgroup
}
# Print all *.log files
shopt -s nullglob
for file in *.log; do
cat_file "$file"
done
# Print environment
group "CI env"
env
endgroup

54
secp256k1.depreciated/.github/actions/run-in-docker-action/action.yml vendored
View File

@@ -1,54 +0,0 @@
name: 'Run in Docker with environment'
description: 'Run a command in a Docker container, while passing explicitly set environment variables into the container.'
inputs:
dockerfile:
description: 'A Dockerfile that defines an image'
required: true
tag:
description: 'A tag of an image'
required: true
command:
description: 'A command to run in a container'
required: false
default: ./ci/ci.sh
runs:
using: "composite"
steps:
- uses: docker/setup-buildx-action@v3
- uses: docker/build-push-action@v5
id: main_builder
continue-on-error: true
with:
context: .
file: ${{ inputs.dockerfile }}
tags: ${{ inputs.tag }}
load: true
cache-from: type=gha
- uses: docker/build-push-action@v5
id: retry_builder
if: steps.main_builder.outcome == 'failure'
with:
context: .
file: ${{ inputs.dockerfile }}
tags: ${{ inputs.tag }}
load: true
cache-from: type=gha
- # Workaround for https://github.com/google/sanitizers/issues/1614 .
# The underlying issue has been fixed in clang 18.1.3.
run: sudo sysctl -w vm.mmap_rnd_bits=28
shell: bash
- # Tell Docker to pass environment variables in `env` into the container.
run: >
docker run \
$(echo '${{ toJSON(env) }}' | jq -r 'keys[] | "--env \(.) "') \
--volume ${{ github.workspace }}:${{ github.workspace }} \
--workdir ${{ github.workspace }} \
${{ inputs.tag }} bash -c "
git config --global --add safe.directory ${{ github.workspace }}
${{ inputs.command }}
"
shell: bash

771
secp256k1.depreciated/.github/workflows/ci.yml vendored
View File

@@ -1,771 +0,0 @@
name: CI
on:
pull_request:
push:
branches:
- '**'
tags-ignore:
- '**'
concurrency:
group: ${{ github.event_name != 'pull_request' && github.run_id || github.ref }}
cancel-in-progress: true
env:
### compiler options
HOST:
WRAPPER_CMD:
# Specific warnings can be disabled with -Wno-error=foo.
# -pedantic-errors is not equivalent to -Werror=pedantic and thus not implied by -Werror according to the GCC manual.
WERROR_CFLAGS: '-Werror -pedantic-errors'
MAKEFLAGS: '-j4'
BUILD: 'check'
### secp256k1 config
ECMULTWINDOW: 15
ECMULTGENKB: 86
ASM: 'no'
WIDEMUL: 'auto'
WITH_VALGRIND: 'yes'
EXTRAFLAGS:
### secp256k1 modules
EXPERIMENTAL: 'no'
ECDH: 'no'
RECOVERY: 'no'
EXTRAKEYS: 'no'
SCHNORRSIG: 'no'
MUSIG: 'no'
ELLSWIFT: 'no'
### test options
SECP256K1_TEST_ITERS: 64
BENCH: 'yes'
SECP256K1_BENCH_ITERS: 2
CTIMETESTS: 'yes'
SYMBOL_CHECK: 'yes'
# Compile and run the examples.
EXAMPLES: 'yes'
jobs:
docker_cache:
name: "Build ${{ matrix.arch }} Docker image"
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
include:
- arch: x64
runner: ubuntu-latest
- arch: arm64
runner: ubuntu-24.04-arm
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# See: https://github.com/moby/buildkit/issues/3969.
driver-opts: |
network=host
- name: Build container
uses: docker/build-push-action@v5
with:
file: ./ci/linux-debian.Dockerfile
tags: ${{ matrix.arch }}-debian-image
cache-from: type=gha
cache-to: type=gha,mode=min
x86_64-debian:
name: "x86_64: Linux (Debian stable)"
runs-on: ubuntu-latest
needs: docker_cache
strategy:
fail-fast: false
matrix:
configuration:
- env_vars: { WIDEMUL: 'int64', RECOVERY: 'yes' }
- env_vars: { WIDEMUL: 'int64', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' }
- env_vars: { WIDEMUL: 'int128' }
- env_vars: { WIDEMUL: 'int128_struct', ELLSWIFT: 'yes' }
- env_vars: { WIDEMUL: 'int128', RECOVERY: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' }
- env_vars: { WIDEMUL: 'int128', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes' }
- env_vars: { WIDEMUL: 'int128', ASM: 'x86_64', ELLSWIFT: 'yes' }
- env_vars: { RECOVERY: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes' }
- env_vars: { CTIMETESTS: 'no', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', CPPFLAGS: '-DVERIFY' }
- env_vars: { BUILD: 'distcheck', WITH_VALGRIND: 'no', CTIMETESTS: 'no', BENCH: 'no' }
- env_vars: { CPPFLAGS: '-DDETERMINISTIC' }
- env_vars: { CFLAGS: '-O0', CTIMETESTS: 'no' }
- env_vars: { CFLAGS: '-O1', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' }
- env_vars: { ECMULTGENKB: 2, ECMULTWINDOW: 2 }
- env_vars: { ECMULTGENKB: 86, ECMULTWINDOW: 4 }
cc:
- 'gcc'
- 'clang'
- 'gcc-snapshot'
- 'clang-snapshot'
env:
CC: ${{ matrix.cc }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
env: ${{ matrix.configuration.env_vars }}
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
i686_debian:
name: "i686: Linux (Debian stable)"
runs-on: ubuntu-latest
needs: docker_cache
strategy:
fail-fast: false
matrix:
cc:
- 'i686-linux-gnu-gcc'
- 'clang --target=i686-pc-linux-gnu -isystem /usr/i686-linux-gnu/include'
env:
HOST: 'i686-linux-gnu'
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
CC: ${{ matrix.cc }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
s390x_debian:
name: "s390x (big-endian): Linux (Debian stable, QEMU)"
runs-on: ubuntu-latest
needs: docker_cache
env:
WRAPPER_CMD: 'qemu-s390x'
SECP256K1_TEST_ITERS: 16
HOST: 's390x-linux-gnu'
WITH_VALGRIND: 'no'
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
CTIMETESTS: 'no'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
arm32_debian:
name: "ARM32: Linux (Debian stable, QEMU)"
runs-on: ubuntu-latest
needs: docker_cache
strategy:
fail-fast: false
matrix:
configuration:
- env_vars: {}
- env_vars: { EXPERIMENTAL: 'yes', ASM: 'arm32' }
env:
WRAPPER_CMD: 'qemu-arm'
SECP256K1_TEST_ITERS: 16
HOST: 'arm-linux-gnueabihf'
WITH_VALGRIND: 'no'
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
CTIMETESTS: 'no'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
env: ${{ matrix.configuration.env_vars }}
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
arm64-debian:
name: "arm64: Linux (Debian stable)"
runs-on: ubuntu-24.04-arm
needs: docker_cache
env:
SECP256K1_TEST_ITERS: 16
WITH_VALGRIND: 'no'
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
CTIMETESTS: 'no'
CC: ${{ matrix.cc }}
strategy:
fail-fast: false
matrix:
cc:
- 'gcc'
- 'clang'
- 'gcc-snapshot'
- 'clang-snapshot'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: arm64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
ppc64le_debian:
name: "ppc64le: Linux (Debian stable, QEMU)"
runs-on: ubuntu-latest
needs: docker_cache
env:
WRAPPER_CMD: 'qemu-ppc64le'
SECP256K1_TEST_ITERS: 16
HOST: 'powerpc64le-linux-gnu'
WITH_VALGRIND: 'no'
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
CTIMETESTS: 'no'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
valgrind_debian:
name: "Valgrind ${{ matrix.binary_arch }} (memcheck)"
runs-on: ${{ matrix.runner }}
needs: docker_cache
strategy:
fail-fast: false
matrix:
include:
- docker_arch: x64
runner: ubuntu-latest
binary_arch: x64
env_vars: { CC: 'clang', ASM: 'auto' }
- docker_arch: x64
runner: ubuntu-latest
binary_arch: i686
env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'auto' }
- docker_arch: arm64
runner: ubuntu-24.04-arm
binary_arch: arm64
env_vars: { CC: 'clang', ASM: 'auto' }
- docker_arch: x64
runner: ubuntu-latest
binary_arch: x64
env_vars: { CC: 'clang', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 }
- docker_arch: x64
runner: ubuntu-latest
binary_arch: i686
env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 }
- docker_arch: arm64
runner: ubuntu-24.04-arm
binary_arch: arm64
env_vars: { CC: 'clang', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 }
env:
# The `--error-exitcode` is required to make the test fail if valgrind found errors,
# otherwise it will return 0 (https://www.valgrind.org/docs/manual/manual-core.html).
WRAPPER_CMD: 'valgrind --error-exitcode=42'
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
CTIMETESTS: 'no'
SECP256K1_TEST_ITERS: 2
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
env: ${{ matrix.env_vars }}
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: ${{ matrix.docker_arch }}-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
sanitizers_debian:
name: "UBSan, ASan, LSan"
runs-on: ubuntu-latest
needs: docker_cache
strategy:
fail-fast: false
matrix:
configuration:
- env_vars: { CC: 'clang', ASM: 'auto' }
- env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'auto' }
- env_vars: { CC: 'clang', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 }
- env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 }
env:
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
CTIMETESTS: 'no'
CFLAGS: '-fsanitize=undefined,address -g'
UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1'
ASAN_OPTIONS: 'strict_string_checks=1:detect_stack_use_after_return=1:detect_leaks=1'
LSAN_OPTIONS: 'use_unaligned=1'
SECP256K1_TEST_ITERS: 32
SYMBOL_CHECK: 'no'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
env: ${{ matrix.configuration.env_vars }}
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
msan_debian:
name: "MSan"
runs-on: ubuntu-latest
needs: docker_cache
strategy:
fail-fast: false
matrix:
configuration:
- env_vars:
CTIMETESTS: 'yes'
CFLAGS: '-fsanitize=memory -fsanitize-recover=memory -g'
- env_vars:
ECMULTGENKB: 2
ECMULTWINDOW: 2
CTIMETESTS: 'yes'
CFLAGS: '-fsanitize=memory -fsanitize-recover=memory -g -O3'
- env_vars:
# -fsanitize-memory-param-retval is clang's default, but our build system disables it
# when ctime_tests when enabled.
CFLAGS: '-fsanitize=memory -fsanitize-recover=memory -fsanitize-memory-param-retval -g'
CTIMETESTS: 'no'
env:
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
CC: 'clang'
SECP256K1_TEST_ITERS: 32
ASM: 'no'
WITH_VALGRIND: 'no'
SYMBOL_CHECK: 'no'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
env: ${{ matrix.configuration.env_vars }}
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
mingw_debian:
name: ${{ matrix.configuration.job_name }}
runs-on: ubuntu-latest
needs: docker_cache
env:
WRAPPER_CMD: 'wine'
WITH_VALGRIND: 'no'
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
CTIMETESTS: 'no'
strategy:
fail-fast: false
matrix:
configuration:
- job_name: 'x86_64 (mingw32-w64): Windows (Debian stable, Wine)'
env_vars:
HOST: 'x86_64-w64-mingw32'
- job_name: 'i686 (mingw32-w64): Windows (Debian stable, Wine)'
env_vars:
HOST: 'i686-w64-mingw32'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
env: ${{ matrix.configuration.env_vars }}
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
x86_64-macos-native:
name: "x86_64: macOS Ventura, Valgrind"
# See: https://github.com/actions/runner-images#available-images.
runs-on: macos-13
env:
CC: 'clang'
HOMEBREW_NO_AUTO_UPDATE: 1
HOMEBREW_NO_INSTALL_CLEANUP: 1
SYMBOL_CHECK: 'no'
strategy:
fail-fast: false
matrix:
env_vars:
- { WIDEMUL: 'int64', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' }
- { WIDEMUL: 'int128_struct', ECMULTGENKB: 2, ECMULTWINDOW: 4 }
- { WIDEMUL: 'int128', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' }
- { WIDEMUL: 'int128', RECOVERY: 'yes' }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', CC: 'gcc' }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', WRAPPER_CMD: 'valgrind --error-exitcode=42', SECP256K1_TEST_ITERS: 2 }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', CC: 'gcc', WRAPPER_CMD: 'valgrind --error-exitcode=42', SECP256K1_TEST_ITERS: 2 }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', CPPFLAGS: '-DVERIFY', CTIMETESTS: 'no' }
- BUILD: 'distcheck'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Homebrew packages
run: |
brew install --quiet automake libtool gcc
ln -s $(brew --prefix gcc)/bin/gcc-?? /usr/local/bin/gcc
- name: Install and cache Valgrind
uses: ./.github/actions/install-homebrew-valgrind
- name: CI script
env: ${{ matrix.env_vars }}
run: ./ci/ci.sh
- name: Symbol check
run: |
python3 --version
python3 -m pip install lief
python3 ./tools/symbol-check.py .libs/libsecp256k1.dylib
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
arm64-macos-native:
name: "ARM64: macOS Sonoma"
# See: https://github.com/actions/runner-images#available-images.
runs-on: macos-14
env:
CC: 'clang'
HOMEBREW_NO_AUTO_UPDATE: 1
HOMEBREW_NO_INSTALL_CLEANUP: 1
WITH_VALGRIND: 'no'
CTIMETESTS: 'no'
SYMBOL_CHECK: 'no'
strategy:
fail-fast: false
matrix:
env_vars:
- { WIDEMUL: 'int64', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' }
- { WIDEMUL: 'int128_struct', ECMULTGENPRECISION: 2, ECMULTWINDOW: 4 }
- { WIDEMUL: 'int128', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' }
- { WIDEMUL: 'int128', RECOVERY: 'yes' }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', CC: 'gcc' }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', CPPFLAGS: '-DVERIFY' }
- BUILD: 'distcheck'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Homebrew packages
run: |
brew install --quiet automake libtool gcc
ln -s $(brew --prefix gcc)/bin/gcc-?? /usr/local/bin/gcc
- name: CI script
env: ${{ matrix.env_vars }}
run: ./ci/ci.sh
- name: Symbol check
env:
VIRTUAL_ENV: '${{ github.workspace }}/venv'
run: |
python3 --version
python3 -m venv $VIRTUAL_ENV
export PATH="$VIRTUAL_ENV/bin:$PATH"
python3 -m pip install lief
python3 ./tools/symbol-check.py .libs/libsecp256k1.dylib
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
win64-native:
name: ${{ matrix.configuration.job_name }}
# See: https://github.com/actions/runner-images#available-images.
runs-on: windows-2022
strategy:
fail-fast: false
matrix:
configuration:
- job_name: 'x64 (MSVC): Windows (VS 2022, shared)'
cmake_options: '-A x64 -DBUILD_SHARED_LIBS=ON'
symbol_check: 'true'
- job_name: 'x64 (MSVC): Windows (VS 2022, static)'
cmake_options: '-A x64 -DBUILD_SHARED_LIBS=OFF'
- job_name: 'x64 (MSVC): Windows (VS 2022, int128_struct)'
cmake_options: '-A x64 -DSECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY=int128_struct'
- job_name: 'x64 (MSVC): Windows (VS 2022, int128_struct with __(u)mulh)'
cmake_options: '-A x64 -DSECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY=int128_struct'
cpp_flags: '/DSECP256K1_MSVC_MULH_TEST_OVERRIDE'
- job_name: 'x86 (MSVC): Windows (VS 2022)'
cmake_options: '-A Win32'
- job_name: 'x64 (MSVC): Windows (clang-cl)'
cmake_options: '-T ClangCL'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Generate buildsystem
run: cmake -E env CFLAGS="/WX ${{ matrix.configuration.cpp_flags }}" cmake -B build -DSECP256K1_ENABLE_MODULE_RECOVERY=ON -DSECP256K1_BUILD_EXAMPLES=ON ${{ matrix.configuration.cmake_options }}
- name: Build
run: cmake --build build --config RelWithDebInfo -- /p:UseMultiToolTask=true /maxCpuCount
- name: Binaries info
# Use the bash shell included with Git for Windows.
shell: bash
run: |
cd build/bin/RelWithDebInfo && file *tests.exe bench*.exe libsecp256k1-*.dll || true
- name: Symbol check
if: ${{ matrix.configuration.symbol_check }}
shell: bash
run: |
py -3 --version
py -3 -m pip install lief
py -3 ./tools/symbol-check.py build/bin/RelWithDebInfo/libsecp256k1-*.dll
- name: Check
run: |
ctest -C RelWithDebInfo --test-dir build -j ([int]$env:NUMBER_OF_PROCESSORS + 1)
build\bin\RelWithDebInfo\bench_ecmult.exe
build\bin\RelWithDebInfo\bench_internal.exe
build\bin\RelWithDebInfo\bench.exe
win64-native-headers:
name: "x64 (MSVC): C++ (public headers)"
# See: https://github.com/actions/runner-images#available-images.
runs-on: windows-2022
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Add cl.exe to PATH
uses: ilammy/msvc-dev-cmd@v1
- name: C++ (public headers)
run: |
cl.exe -c -WX -TP include/*.h
cxx_fpermissive_debian:
name: "C++ -fpermissive (entire project)"
runs-on: ubuntu-latest
needs: docker_cache
env:
CC: 'g++'
CFLAGS: '-fpermissive -g'
CPPFLAGS: '-DSECP256K1_CPLUSPLUS_TEST_OVERRIDE'
WERROR_CFLAGS:
ECDH: 'yes'
RECOVERY: 'yes'
EXTRAKEYS: 'yes'
SCHNORRSIG: 'yes'
MUSIG: 'yes'
ELLSWIFT: 'yes'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
- name: Print logs
uses: ./.github/actions/print-logs
if: ${{ !cancelled() }}
cxx_headers_debian:
name: "C++ (public headers)"
runs-on: ubuntu-latest
needs: docker_cache
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
uses: ./.github/actions/run-in-docker-action
with:
dockerfile: ./ci/linux-debian.Dockerfile
tag: x64-debian-image
command: |
g++ -Werror include/*.h
clang -Werror -x c++-header include/*.h
sage:
name: "SageMath prover"
runs-on: ubuntu-latest
container:
image: sagemath/sagemath:latest
options: --user root
steps:
- name: Checkout
uses: actions/checkout@v4
- name: CI script
run: |
cd sage
sage prove_group_implementations.sage
release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- run: ./autogen.sh && ./configure --enable-dev-mode && make distcheck
- name: Check installation with Autotools
env:
CI_INSTALL: ${{ runner.temp }}/${{ github.run_id }}${{ github.action }}/install
run: |
./autogen.sh && ./configure --prefix=${{ env.CI_INSTALL }} && make clean && make install && ls -RlAh ${{ env.CI_INSTALL }}
gcc -o ecdsa examples/ecdsa.c $(PKG_CONFIG_PATH=${{ env.CI_INSTALL }}/lib/pkgconfig pkg-config --cflags --libs libsecp256k1) -Wl,-rpath,"${{ env.CI_INSTALL }}/lib" && ./ecdsa
- name: Check installation with CMake
env:
CI_BUILD: ${{ runner.temp }}/${{ github.run_id }}${{ github.action }}/build
CI_INSTALL: ${{ runner.temp }}/${{ github.run_id }}${{ github.action }}/install
run: |
cmake -B ${{ env.CI_BUILD }} -DCMAKE_INSTALL_PREFIX=${{ env.CI_INSTALL }} && cmake --build ${{ env.CI_BUILD }} && cmake --install ${{ env.CI_BUILD }} && ls -RlAh ${{ env.CI_INSTALL }}
gcc -o ecdsa examples/ecdsa.c -I ${{ env.CI_INSTALL }}/include -L ${{ env.CI_INSTALL }}/lib*/ -l secp256k1 -Wl,-rpath,"${{ env.CI_INSTALL }}/lib",-rpath,"${{ env.CI_INSTALL }}/lib64" && ./ecdsa

71
secp256k1.depreciated/.gitignore vendored
View File

@@ -1,71 +0,0 @@
bench
bench_ecmult
bench_internal
noverify_tests
tests
exhaustive_tests
precompute_ecmult_gen
precompute_ecmult
ctime_tests
ecdh_example
ecdsa_example
schnorr_example
ellswift_example
musig_example
*.exe
*.so
*.a
*.csv
*.log
*.trs
*.sage.py
Makefile
configure
.libs/
Makefile.in
aclocal.m4
autom4te.cache/
config.log
config.status
conftest*
*.tar.gz
*.la
libtool
.deps/
.dirstamp
*.lo
*.o
*~
coverage/
coverage.html
coverage.*.html
*.gcda
*.gcno
*.gcov
build-aux/ar-lib
build-aux/config.guess
build-aux/config.sub
build-aux/depcomp
build-aux/install-sh
build-aux/ltmain.sh
build-aux/m4/libtool.m4
build-aux/m4/lt~obsolete.m4
build-aux/m4/ltoptions.m4
build-aux/m4/ltsugar.m4
build-aux/m4/ltversion.m4
build-aux/missing
build-aux/compile
build-aux/test-driver
libsecp256k1.pc
### CMake
/CMakeUserPresets.json
# Default CMake build directory.
/build
### Python
__pycache__/
*.py[oc]

201
secp256k1.depreciated/CHANGELOG.md
View File

@@ -1,201 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [0.7.0] - 2025-07-21
#### Added
- CMake: Added `secp256k1_objs` interface library to allow parent projects to embed libsecp256k1 object files into their own static libraries.
- build: Added `SECP256K1_NO_API_VISIBILITY_ATTRIBUTES` preprocessor flag (CMake option: `SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES`) that disables explicit "visibility" attributes for API symbols. Defining this macro enables the user to control the visibility of the API symbols via `-fvisibility=<value>` when building libsecp256k1. (All non-API declarations will always have hidden visibility, even with `SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES` defined.) For instance, `-fvisibility=hidden` can be useful even for the API symbols, e.g., when building a static libsecp256k1 which is linked into a shared library, and the latter should not re-export the libsecp256k1 API.
#### Changed
- The pointers `secp256k1_context_static` and `secp256k1_context_no_precomp` to the constant context objects are now `const`.
- Removed `SECP256K1_WARN_UNUSED_RESULT` attribute (defined as `__attribute__ ((__warn_unused_result__))`) from several API functions that always return 1. Compilers will no longer warn if the return value is unused.
- CMake: Building with CMake is no longer considered experimental.
- CMake: The minimum required CMake version was increased to 3.22.
- CMake: Shared libraries built with CMake on FreeBSD now create the full versioned filename and symlink chain, matching the behavior of autotools builds.
#### Removed
- Removed previously deprecated function aliases `secp256k1_ec_privkey_negate`, `secp256k1_ec_privkey_tweak_add` and
`secp256k1_ec_privkey_tweak_mul`. Use `secp256k1_ec_seckey_negate`, `secp256k1_ec_seckey_tweak_add` and
`secp256k1_ec_seckey_tweak_mul` instead.
#### ABI Compatibility
The symbols `secp256k1_ec_privkey_negate`, `secp256k1_ec_privkey_tweak_add`, and `secp256k1_ec_privkey_tweak_mul` were removed.
The pointers `secp256k1_context_static` and `secp256k1_context_no_precomp` have been made `const`.
Otherwise, the library maintains backward compatibility with version 0.6.0.
## [0.6.0] - 2024-11-04
#### Added
- New module `musig` implements the MuSig2 multisignature scheme according to the [BIP 327 specification](https://github.com/bitcoin/bips/blob/master/bip-0327.mediawiki). See:
- Header file `include/secp256k1_musig.h` which defines the new API.
- Document `doc/musig.md` for further notes on API usage.
- Usage example `examples/musig.c`.
- New CMake variable `SECP256K1_APPEND_LDFLAGS` for appending linker flags to the build command.
#### Changed
- API functions now use a significantly more robust method to clear secrets from the stack before returning. However, secret clearing remains a best-effort security measure and cannot guarantee complete removal.
- Any type `secp256k1_foo` can now be forward-declared using `typedef struct secp256k1_foo secp256k1_foo;` (or also `struct secp256k1_foo;` in C++).
- Organized CMake build artifacts into dedicated directories (`bin/` for executables, `lib/` for libraries) to improve build output structure and Windows shared library compatibility.
#### Removed
- Removed the `secp256k1_scratch_space` struct and its associated functions `secp256k1_scratch_space_create` and `secp256k1_scratch_space_destroy` because the scratch space was unused in the API.
#### ABI Compatibility
The symbols `secp256k1_scratch_space_create` and `secp256k1_scratch_space_destroy` were removed.
Otherwise, the library maintains backward compatibility with versions 0.3.x through 0.5.x.
## [0.5.1] - 2024-08-01
#### Added
- Added usage example for an ElligatorSwift key exchange.
#### Changed
- The default size of the precomputed table for signing was changed from 22 KiB to 86 KiB. The size can be changed with the configure option `--ecmult-gen-kb` (`SECP256K1_ECMULT_GEN_KB` for CMake).
- "auto" is no longer an accepted value for the `--with-ecmult-window` and `--with-ecmult-gen-kb` configure options (this also applies to `SECP256K1_ECMULT_WINDOW_SIZE` and `SECP256K1_ECMULT_GEN_KB` in CMake). To achieve the same configuration as previously provided by the "auto" value, omit setting the configure option explicitly.
#### Fixed
- Fixed compilation when the extrakeys module is disabled.
#### ABI Compatibility
The ABI is backward compatible with versions 0.5.0, 0.4.x and 0.3.x.
## [0.5.0] - 2024-05-06
#### Added
- New function `secp256k1_ec_pubkey_sort` that sorts public keys using lexicographic (of compressed serialization) order.
#### Changed
- The implementation of the point multiplication algorithm used for signing and public key generation was changed, resulting in improved performance for those operations.
- The related configure option `--ecmult-gen-precision` was replaced with `--ecmult-gen-kb` (`SECP256K1_ECMULT_GEN_KB` for CMake).
- This changes the supported precomputed table sizes for these operations. The new supported sizes are 2 KiB, 22 KiB, or 86 KiB (while the old supported sizes were 32 KiB, 64 KiB, or 512 KiB).
#### ABI Compatibility
The ABI is backward compatible with versions 0.4.x and 0.3.x.
## [0.4.1] - 2023-12-21
#### Changed
- The point multiplication algorithm used for ECDH operations (module `ecdh`) was replaced with a slightly faster one.
- Optional handwritten x86_64 assembly for field operations was removed because modern C compilers are able to output more efficient assembly. This change results in a significant speedup of some library functions when handwritten x86_64 assembly is enabled (`--with-asm=x86_64` in GNU Autotools, `-DSECP256K1_ASM=x86_64` in CMake), which is the default on x86_64. Benchmarks with GCC 10.5.0 show a 10% speedup for `secp256k1_ecdsa_verify` and `secp256k1_schnorrsig_verify`.
#### ABI Compatibility
The ABI is backward compatible with versions 0.4.0 and 0.3.x.
## [0.4.0] - 2023-09-04
#### Added
- New module `ellswift` implements ElligatorSwift encoding for public keys and x-only Diffie-Hellman key exchange for them.
ElligatorSwift permits representing secp256k1 public keys as 64-byte arrays which cannot be distinguished from uniformly random. See:
- Header file `include/secp256k1_ellswift.h` which defines the new API.
- Document `doc/ellswift.md` which explains the mathematical background of the scheme.
- The [paper](https://eprint.iacr.org/2022/759) on which the scheme is based.
- We now test the library with unreleased development snapshots of GCC and Clang. This gives us an early chance to catch miscompilations and constant-time issues introduced by the compiler (such as those that led to the previous two releases).
#### Fixed
- Fixed symbol visibility in Windows DLL builds, where three internal library symbols were wrongly exported.
#### Changed
- When consuming libsecp256k1 as a static library on Windows, the user must now define the `SECP256K1_STATIC` macro before including `secp256k1.h`.
#### ABI Compatibility
This release is backward compatible with the ABI of 0.3.0, 0.3.1, and 0.3.2. Symbol visibility is now believed to be handled properly on supported platforms and is now considered to be part of the ABI. Please report any improperly exported symbols as a bug.
## [0.3.2] - 2023-05-13
We strongly recommend updating to 0.3.2 if you use or plan to use GCC >=13 to compile libsecp256k1. When in doubt, check the GCC version using `gcc -v`.
#### Security
- Module `ecdh`: Fix "constant-timeness" issue with GCC 13.1 (and potentially future versions of GCC) that could leave applications using libsecp256k1's ECDH module vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow during ECDH computations when libsecp256k1 is compiled with GCC 13.1.
#### Fixed
- Fixed an old bug that permitted compilers to potentially output bad assembly code on x86_64. In theory, it could lead to a crash or a read of unrelated memory, but this has never been observed on any compilers so far.
#### Changed
- Various improvements and changes to CMake builds. CMake builds remain experimental.
- Made API versioning consistent with GNU Autotools builds.
- Switched to `BUILD_SHARED_LIBS` variable for controlling whether to build a static or a shared library.
- Added `SECP256K1_INSTALL` variable for the controlling whether to install the build artefacts.
- Renamed asm build option `arm` to `arm32`. Use `--with-asm=arm32` instead of `--with-asm=arm` (GNU Autotools), and `-DSECP256K1_ASM=arm32` instead of `-DSECP256K1_ASM=arm` (CMake).
#### ABI Compatibility
The ABI is compatible with versions 0.3.0 and 0.3.1.
## [0.3.1] - 2023-04-10
We strongly recommend updating to 0.3.1 if you use or plan to use Clang >=14 to compile libsecp256k1, e.g., Xcode >=14 on macOS has Clang >=14. When in doubt, check the Clang version using `clang -v`.
#### Security
- Fix "constant-timeness" issue with Clang >=14 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow and secret-dependent memory accesses in conditional moves of memory objects when libsecp256k1 is compiled with Clang >=14.
#### Added
- Added tests against [Project Wycheproof's](https://github.com/C2SP/wycheproof/) set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases.
#### Changed
- Increased minimum required CMake version to 3.13. CMake builds remain experimental.
#### ABI Compatibility
The ABI is compatible with version 0.3.0.
## [0.3.0] - 2023-03-08
#### Added
- Added experimental support for CMake builds. Traditional GNU Autotools builds (`./configure` and `make`) remain fully supported.
- Usage examples: Added a recommended method for securely clearing sensitive data, e.g., secret keys, from memory.
- Tests: Added a new test binary `noverify_tests`. This binary runs the tests without some additional checks present in the ordinary `tests` binary and is thereby closer to production binaries. The `noverify_tests` binary is automatically run as part of the `make check` target.
#### Fixed
- Fixed declarations of API variables for MSVC (`__declspec(dllimport)`). This fixes MSVC builds of programs which link against a libsecp256k1 DLL dynamically and use API variables (and not only API functions). Unfortunately, the MSVC linker now will emit warning `LNK4217` when trying to link against libsecp256k1 statically. Pass `/ignore:4217` to the linker to suppress this warning.
#### Changed
- Forbade cloning or destroying `secp256k1_context_static`. Create a new context instead of cloning the static context. (If this change breaks your code, your code is probably wrong.)
- Forbade randomizing (copies of) `secp256k1_context_static`. Randomizing a copy of `secp256k1_context_static` did not have any effect and did not provide defense-in-depth protection against side-channel attacks. Create a new context if you want to benefit from randomization.
#### Removed
- Removed the configuration header `src/libsecp256k1-config.h`. We recommend passing flags to `./configure` or `cmake` to set configuration options (see `./configure --help` or `cmake -LH`). If you cannot or do not want to use one of the supported build systems, pass configuration flags such as `-DSECP256K1_ENABLE_MODULE_SCHNORRSIG` manually to the compiler (see the file `configure.ac` for supported flags).
#### ABI Compatibility
Due to changes in the API regarding `secp256k1_context_static` described above, the ABI is *not* compatible with previous versions.
## [0.2.0] - 2022-12-12
#### Added
- Added usage examples for common use cases in a new `examples/` directory.
- Added `secp256k1_selftest`, to be used in conjunction with `secp256k1_context_static`.
- Added support for 128-bit wide multiplication on MSVC for x86_64 and arm64, giving roughly a 20% speedup on those platforms.
#### Changed
- Enabled modules `schnorrsig`, `extrakeys` and `ecdh` by default in `./configure`.
- The `secp256k1_nonce_function_rfc6979` nonce function, used by default by `secp256k1_ecdsa_sign`, now reduces the message hash modulo the group order to match the specification. This only affects improper use of ECDSA signing API.
#### Deprecated
- Deprecated context flags `SECP256K1_CONTEXT_VERIFY` and `SECP256K1_CONTEXT_SIGN`. Use `SECP256K1_CONTEXT_NONE` instead.
- Renamed `secp256k1_context_no_precomp` to `secp256k1_context_static`.
- Module `schnorrsig`: renamed `secp256k1_schnorrsig_sign` to `secp256k1_schnorrsig_sign32`.
#### ABI Compatibility
Since this is the first release, we do not compare application binary interfaces.
However, there are earlier unreleased versions of libsecp256k1 that are *not* ABI compatible with this version.
## [0.1.0] - 2013-03-05 to 2021-12-25
This version was in fact never released.
The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf0c04f9cc955b2966b614f5f378c6f6).
Therefore, this version number does not uniquely identify a set of source files.
[unreleased]: https://github.com/bitcoin-core/secp256k1/compare/v0.7.0...HEAD
[0.7.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.6.0...v0.7.0
[0.6.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.5.1...v0.6.0
[0.5.1]: https://github.com/bitcoin-core/secp256k1/compare/v0.5.0...v0.5.1
[0.5.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.4.1...v0.5.0
[0.4.1]: https://github.com/bitcoin-core/secp256k1/compare/v0.4.0...v0.4.1
[0.4.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.3.2...v0.4.0
[0.3.2]: https://github.com/bitcoin-core/secp256k1/compare/v0.3.1...v0.3.2
[0.3.1]: https://github.com/bitcoin-core/secp256k1/compare/v0.3.0...v0.3.1
[0.3.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.2.0...v0.3.0
[0.2.0]: https://github.com/bitcoin-core/secp256k1/compare/423b6d19d373f1224fd671a982584d7e7900bc93..v0.2.0
[0.1.0]: https://github.com/bitcoin-core/secp256k1/commit/423b6d19d373f1224fd671a982584d7e7900bc93

364
secp256k1.depreciated/CMakeLists.txt
View File

@@ -1,364 +0,0 @@
cmake_minimum_required(VERSION 3.22)
#=============================
# Project / Package metadata
#=============================
project(libsecp256k1
# The package (a.k.a. release) version is based on semantic versioning 2.0.0 of
# the API. All changes in experimental modules are treated as
# backwards-compatible and therefore at most increase the minor version.
VERSION 0.7.1
DESCRIPTION "Optimized C library for ECDSA signatures and secret/public key operations on curve secp256k1."
HOMEPAGE_URL "https://github.com/bitcoin-core/secp256k1"
LANGUAGES C
)
enable_testing()
include(CTestUseLaunchers) # Allow users to set CTEST_USE_LAUNCHERS in custom `ctest -S` scripts.
list(APPEND CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake)
# The library version is based on libtool versioning of the ABI. The set of
# rules for updating the version can be found here:
# https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
# All changes in experimental modules are treated as if they don't affect the
# interface and therefore only increase the revision.
set(${PROJECT_NAME}_LIB_VERSION_CURRENT 6)
set(${PROJECT_NAME}_LIB_VERSION_REVISION 1)
set(${PROJECT_NAME}_LIB_VERSION_AGE 0)
#=============================
# Language setup
#=============================
set(CMAKE_C_STANDARD 90)
set(CMAKE_C_EXTENSIONS OFF)
#=============================
# Configurable options
#=============================
if(libsecp256k1_IS_TOP_LEVEL)
option(BUILD_SHARED_LIBS "Build shared libraries." ON)
endif()
option(SECP256K1_INSTALL "Enable installation." ${PROJECT_IS_TOP_LEVEL})
option(SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES "Enable visibility attributes in the API." ON)
## Modules
# We declare all options before processing them, to make sure we can express
# dependencies while processing.
option(SECP256K1_ENABLE_MODULE_ECDH "Enable ECDH module." ON)
option(SECP256K1_ENABLE_MODULE_RECOVERY "Enable ECDSA pubkey recovery module." OFF)
option(SECP256K1_ENABLE_MODULE_EXTRAKEYS "Enable extrakeys module." ON)
option(SECP256K1_ENABLE_MODULE_SCHNORRSIG "Enable schnorrsig module." ON)
option(SECP256K1_ENABLE_MODULE_MUSIG "Enable musig module." ON)
option(SECP256K1_ENABLE_MODULE_ELLSWIFT "Enable ElligatorSwift module." ON)
option(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS "Enable external default callback functions." OFF)
if(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS)
add_compile_definitions(USE_EXTERNAL_DEFAULT_CALLBACKS=1)
endif()
set(SECP256K1_ECMULT_WINDOW_SIZE 15 CACHE STRING "Window size for ecmult precomputation for verification, specified as integer in range [2..24]. The default value is a reasonable setting for desktop machines (currently 15). [default=15]")
set_property(CACHE SECP256K1_ECMULT_WINDOW_SIZE PROPERTY STRINGS 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24)
include(CheckStringOptionValue)
check_string_option_value(SECP256K1_ECMULT_WINDOW_SIZE)
add_compile_definitions(ECMULT_WINDOW_SIZE=${SECP256K1_ECMULT_WINDOW_SIZE})
set(SECP256K1_ECMULT_GEN_KB 86 CACHE STRING "The size of the precomputed table for signing in multiples of 1024 bytes (on typical platforms). Larger values result in possibly better signing or key generation performance at the cost of a larger table. Valid choices are 2, 22, 86. The default value is a reasonable setting for desktop machines (currently 86). [default=86]")
set_property(CACHE SECP256K1_ECMULT_GEN_KB PROPERTY STRINGS 2 22 86)
check_string_option_value(SECP256K1_ECMULT_GEN_KB)
if(SECP256K1_ECMULT_GEN_KB EQUAL 2)
add_compile_definitions(COMB_BLOCKS=2)
add_compile_definitions(COMB_TEETH=5)
elseif(SECP256K1_ECMULT_GEN_KB EQUAL 22)
add_compile_definitions(COMB_BLOCKS=11)
add_compile_definitions(COMB_TEETH=6)
elseif(SECP256K1_ECMULT_GEN_KB EQUAL 86)
add_compile_definitions(COMB_BLOCKS=43)
add_compile_definitions(COMB_TEETH=6)
endif()
set(SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY "OFF" CACHE STRING "Test-only override of the (autodetected by the C code) \"widemul\" setting. Legal values are: \"OFF\", \"int128_struct\", \"int128\" or \"int64\". [default=OFF]")
set_property(CACHE SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY PROPERTY STRINGS "OFF" "int128_struct" "int128" "int64")
check_string_option_value(SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY)
if(SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY)
string(TOUPPER "${SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY}" widemul_upper_value)
add_compile_definitions(USE_FORCE_WIDEMUL_${widemul_upper_value}=1)
endif()
mark_as_advanced(FORCE SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY)
set(SECP256K1_ASM "AUTO" CACHE STRING "Assembly to use: \"AUTO\", \"OFF\", \"x86_64\" or \"arm32\" (experimental). [default=AUTO]")
set_property(CACHE SECP256K1_ASM PROPERTY STRINGS "AUTO" "OFF" "x86_64" "arm32")
check_string_option_value(SECP256K1_ASM)
if(SECP256K1_ASM STREQUAL "arm32")
enable_language(ASM)
include(CheckArm32Assembly)
check_arm32_assembly()
if(HAVE_ARM32_ASM)
add_compile_definitions(USE_EXTERNAL_ASM=1)
else()
message(FATAL_ERROR "ARM32 assembly requested but not available.")
endif()
elseif(SECP256K1_ASM)
include(CheckX86_64Assembly)
check_x86_64_assembly()
if(HAVE_X86_64_ASM)
set(SECP256K1_ASM "x86_64")
add_compile_definitions(USE_ASM_X86_64=1)
elseif(SECP256K1_ASM STREQUAL "AUTO")
set(SECP256K1_ASM "OFF")
else()
message(FATAL_ERROR "x86_64 assembly requested but not available.")
endif()
endif()
option(SECP256K1_EXPERIMENTAL "Allow experimental configuration options." OFF)
if(NOT SECP256K1_EXPERIMENTAL)
if(SECP256K1_ASM STREQUAL "arm32")
message(FATAL_ERROR "ARM32 assembly is experimental. Use -DSECP256K1_EXPERIMENTAL=ON to allow.")
endif()
endif()
set(SECP256K1_VALGRIND "AUTO" CACHE STRING "Build with extra checks for running inside Valgrind. [default=AUTO]")
set_property(CACHE SECP256K1_VALGRIND PROPERTY STRINGS "AUTO" "OFF" "ON")
check_string_option_value(SECP256K1_VALGRIND)
if(SECP256K1_VALGRIND)
find_package(Valgrind MODULE)
if(Valgrind_FOUND)
set(SECP256K1_VALGRIND ON)
include_directories(${Valgrind_INCLUDE_DIR})
add_compile_definitions(VALGRIND)
elseif(SECP256K1_VALGRIND STREQUAL "AUTO")
set(SECP256K1_VALGRIND OFF)
else()
message(FATAL_ERROR "Valgrind support requested but valgrind/memcheck.h header not available.")
endif()
endif()
option(SECP256K1_BUILD_BENCHMARK "Build benchmarks." ON)
option(SECP256K1_BUILD_TESTS "Build tests." ON)
option(SECP256K1_BUILD_EXHAUSTIVE_TESTS "Build exhaustive tests." ON)
option(SECP256K1_BUILD_CTIME_TESTS "Build constant-time tests." ${SECP256K1_VALGRIND})
option(SECP256K1_BUILD_EXAMPLES "Build examples." OFF)
# Redefine configuration flags.
# We leave assertions on, because they are only used in the examples, and we want them always on there.
if(MSVC)
string(REGEX REPLACE "/DNDEBUG[ \t\r\n]*" "" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
string(REGEX REPLACE "/DNDEBUG[ \t\r\n]*" "" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
string(REGEX REPLACE "/DNDEBUG[ \t\r\n]*" "" CMAKE_C_FLAGS_MINSIZEREL "${CMAKE_C_FLAGS_MINSIZEREL}")
else()
string(REGEX REPLACE "-DNDEBUG[ \t\r\n]*" "" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
string(REGEX REPLACE "-DNDEBUG[ \t\r\n]*" "" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
string(REGEX REPLACE "-DNDEBUG[ \t\r\n]*" "" CMAKE_C_FLAGS_MINSIZEREL "${CMAKE_C_FLAGS_MINSIZEREL}")
# Prefer -O2 optimization level. (-O3 is CMake's default for Release for many compilers.)
string(REGEX REPLACE "-O3( |$)" "-O2\\1" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
endif()
# Define custom "Coverage" build type.
set(CMAKE_C_FLAGS_COVERAGE "${CMAKE_C_FLAGS_RELWITHDEBINFO} -O0 -DCOVERAGE=1 --coverage" CACHE STRING
"Flags used by the C compiler during \"Coverage\" builds."
FORCE
)
set(CMAKE_EXE_LINKER_FLAGS_COVERAGE "${CMAKE_EXE_LINKER_FLAGS_RELWITHDEBINFO} --coverage" CACHE STRING
"Flags used for linking binaries during \"Coverage\" builds."
FORCE
)
set(CMAKE_SHARED_LINKER_FLAGS_COVERAGE "${CMAKE_SHARED_LINKER_FLAGS_RELWITHDEBINFO} --coverage" CACHE STRING
"Flags used by the shared libraries linker during \"Coverage\" builds."
FORCE
)
mark_as_advanced(
CMAKE_C_FLAGS_COVERAGE
CMAKE_EXE_LINKER_FLAGS_COVERAGE
CMAKE_SHARED_LINKER_FLAGS_COVERAGE
)
if(PROJECT_IS_TOP_LEVEL)
get_property(is_multi_config GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
set(default_build_type "RelWithDebInfo")
if(is_multi_config)
set(CMAKE_CONFIGURATION_TYPES "${default_build_type}" "Release" "Debug" "MinSizeRel" "Coverage" CACHE STRING
"Supported configuration types."
FORCE
)
else()
set_property(CACHE CMAKE_BUILD_TYPE PROPERTY
STRINGS "${default_build_type}" "Release" "Debug" "MinSizeRel" "Coverage"
)
if(NOT CMAKE_BUILD_TYPE)
message(STATUS "Setting build type to \"${default_build_type}\" as none was specified")
set(CMAKE_BUILD_TYPE "${default_build_type}" CACHE STRING
"Choose the type of build."
FORCE
)
endif()
endif()
endif()
include(TryAppendCFlags)
if(MSVC)
# For both cl and clang-cl compilers.
try_append_c_flags(/W3) # Production quality warning level.
# Eliminate deprecation warnings for the older, less secure functions.
add_compile_definitions(_CRT_SECURE_NO_WARNINGS)
else()
try_append_c_flags(-Wall) # GCC >= 2.95 and probably many other compilers.
endif()
if(CMAKE_C_COMPILER_ID STREQUAL "MSVC")
# Keep the following commands ordered lexicographically.
try_append_c_flags(/wd4146) # Disable warning C4146 "unary minus operator applied to unsigned type, result still unsigned".
try_append_c_flags(/wd4244) # Disable warning C4244 "'conversion' conversion from 'type1' to 'type2', possible loss of data".
try_append_c_flags(/wd4267) # Disable warning C4267 "'var' : conversion from 'size_t' to 'type', possible loss of data".
else()
# Keep the following commands ordered lexicographically.
try_append_c_flags(-pedantic)
try_append_c_flags(-Wcast-align) # GCC >= 2.95.
try_append_c_flags(-Wcast-align=strict) # GCC >= 8.0.
try_append_c_flags(-Wconditional-uninitialized) # Clang >= 3.0 only.
try_append_c_flags(-Wextra) # GCC >= 3.4, this is the newer name of -W, which we don't use because older GCCs will warn about unused functions.
try_append_c_flags(-Wnested-externs)
try_append_c_flags(-Wno-long-long) # GCC >= 3.0, -Wlong-long is implied by -pedantic.
try_append_c_flags(-Wno-overlength-strings) # GCC >= 4.2, -Woverlength-strings is implied by -pedantic.
try_append_c_flags(-Wno-unused-function) # GCC >= 3.0, -Wunused-function is implied by -Wall.
try_append_c_flags(-Wreserved-identifier) # Clang >= 13.0 only.
try_append_c_flags(-Wshadow)
try_append_c_flags(-Wstrict-prototypes)
try_append_c_flags(-Wundef)
endif()
set(print_msan_notice)
if(SECP256K1_BUILD_CTIME_TESTS)
include(CheckMemorySanitizer)
check_memory_sanitizer(msan_enabled)
if(msan_enabled)
try_append_c_flags(-fno-sanitize-memory-param-retval)
set(print_msan_notice YES)
endif()
unset(msan_enabled)
endif()
set(SECP256K1_APPEND_CFLAGS "" CACHE STRING "Compiler flags that are appended to the command line after all other flags added by the build system. This variable is intended for debugging and special builds.")
if(SECP256K1_APPEND_CFLAGS)
# Appending to this low-level rule variable is the only way to
# guarantee that the flags appear at the end of the command line.
string(APPEND CMAKE_C_COMPILE_OBJECT " ${SECP256K1_APPEND_CFLAGS}")
endif()
set(SECP256K1_APPEND_LDFLAGS "" CACHE STRING "Linker flags that are appended to the command line after all other flags added by the build system. This variable is intended for debugging and special builds.")
if(SECP256K1_APPEND_LDFLAGS)
# Appending to this low-level rule variable is the only way to
# guarantee that the flags appear at the end of the command line.
string(APPEND CMAKE_C_CREATE_SHARED_LIBRARY " ${SECP256K1_APPEND_LDFLAGS}")
string(APPEND CMAKE_C_LINK_EXECUTABLE " ${SECP256K1_APPEND_LDFLAGS}")
endif()
if(NOT CMAKE_RUNTIME_OUTPUT_DIRECTORY)
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin)
endif()
if(NOT CMAKE_LIBRARY_OUTPUT_DIRECTORY)
set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/lib)
endif()
if(NOT CMAKE_ARCHIVE_OUTPUT_DIRECTORY)
set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/lib)
endif()
add_subdirectory(src)
if(SECP256K1_BUILD_EXAMPLES)
add_subdirectory(examples)
endif()
message("\n")
message("secp256k1 configure summary")
message("===========================")
message("Build artifacts:")
if(BUILD_SHARED_LIBS)
set(library_type "Shared")
else()
set(library_type "Static")
endif()
message(" library type ........................ ${library_type}")
message("Optional modules:")
message(" ECDH ................................ ${SECP256K1_ENABLE_MODULE_ECDH}")
message(" ECDSA pubkey recovery ............... ${SECP256K1_ENABLE_MODULE_RECOVERY}")
message(" extrakeys ........................... ${SECP256K1_ENABLE_MODULE_EXTRAKEYS}")
message(" schnorrsig .......................... ${SECP256K1_ENABLE_MODULE_SCHNORRSIG}")
message(" musig ............................... ${SECP256K1_ENABLE_MODULE_MUSIG}")
message(" ElligatorSwift ...................... ${SECP256K1_ENABLE_MODULE_ELLSWIFT}")
message("Parameters:")
message(" ecmult window size .................. ${SECP256K1_ECMULT_WINDOW_SIZE}")
message(" ecmult gen table size ............... ${SECP256K1_ECMULT_GEN_KB} KiB")
message("Optional features:")
message(" assembly ............................ ${SECP256K1_ASM}")
message(" external callbacks .................. ${SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS}")
if(SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY)
message(" wide multiplication (test-only) ..... ${SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY}")
endif()
message("Optional binaries:")
message(" benchmark ........................... ${SECP256K1_BUILD_BENCHMARK}")
message(" noverify_tests ...................... ${SECP256K1_BUILD_TESTS}")
set(tests_status "${SECP256K1_BUILD_TESTS}")
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
set(tests_status OFF)
endif()
message(" tests ............................... ${tests_status}")
message(" exhaustive tests .................... ${SECP256K1_BUILD_EXHAUSTIVE_TESTS}")
message(" ctime_tests ......................... ${SECP256K1_BUILD_CTIME_TESTS}")
message(" examples ............................ ${SECP256K1_BUILD_EXAMPLES}")
message("")
if(CMAKE_CROSSCOMPILING)
set(cross_status "TRUE, for ${CMAKE_SYSTEM_NAME}, ${CMAKE_SYSTEM_PROCESSOR}")
else()
set(cross_status "FALSE")
endif()
message("Cross compiling ....................... ${cross_status}")
message("API visibility attributes ............. ${SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES}")
message("Valgrind .............................. ${SECP256K1_VALGRIND}")
get_directory_property(definitions COMPILE_DEFINITIONS)
string(REPLACE ";" " " definitions "${definitions}")
message("Preprocessor defined macros ........... ${definitions}")
message("C compiler ............................ ${CMAKE_C_COMPILER_ID} ${CMAKE_C_COMPILER_VERSION}, ${CMAKE_C_COMPILER}")
message("CFLAGS ................................ ${CMAKE_C_FLAGS}")
get_directory_property(compile_options COMPILE_OPTIONS)
string(REPLACE ";" " " compile_options "${compile_options}")
message("Compile options ....................... " ${compile_options})
if(NOT is_multi_config)
message("Build type:")
message(" - CMAKE_BUILD_TYPE ................... ${CMAKE_BUILD_TYPE}")
string(TOUPPER "${CMAKE_BUILD_TYPE}" build_type)
message(" - CFLAGS ............................. ${CMAKE_C_FLAGS_${build_type}}")
message(" - LDFLAGS for executables ............ ${CMAKE_EXE_LINKER_FLAGS_${build_type}}")
message(" - LDFLAGS for shared libraries ....... ${CMAKE_SHARED_LINKER_FLAGS_${build_type}}")
else()
message("Supported configurations .............. ${CMAKE_CONFIGURATION_TYPES}")
message("RelWithDebInfo configuration:")
message(" - CFLAGS ............................. ${CMAKE_C_FLAGS_RELWITHDEBINFO}")
message(" - LDFLAGS for executables ............ ${CMAKE_EXE_LINKER_FLAGS_RELWITHDEBINFO}")
message(" - LDFLAGS for shared libraries ....... ${CMAKE_SHARED_LINKER_FLAGS_RELWITHDEBINFO}")
message("Debug configuration:")
message(" - CFLAGS ............................. ${CMAKE_C_FLAGS_DEBUG}")
message(" - LDFLAGS for executables ............ ${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
message(" - LDFLAGS for shared libraries ....... ${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
endif()
if(SECP256K1_APPEND_CFLAGS)
message("SECP256K1_APPEND_CFLAGS ............... ${SECP256K1_APPEND_CFLAGS}")
endif()
if(SECP256K1_APPEND_LDFLAGS)
message("SECP256K1_APPEND_LDFLAGS .............. ${SECP256K1_APPEND_LDFLAGS}")
endif()
message("")
if(print_msan_notice)
message(
"Note:\n"
" MemorySanitizer detected, tried to add -fno-sanitize-memory-param-retval to compile options\n"
" to avoid false positives in ctime_tests. Pass -DSECP256K1_BUILD_CTIME_TESTS=OFF to avoid this.\n"
)
endif()
if(SECP256K1_EXPERIMENTAL)
message(
" ******\n"
" WARNING: experimental build\n"
" Experimental features do not have stable APIs or properties, and may not be safe for production use.\n"
" ******\n"
)
endif()

18
secp256k1.depreciated/CMakePresets.json
View File

@@ -1,18 +0,0 @@
{
"version": 3,
"configurePresets": [
{
"name": "dev-mode",
"displayName": "Development mode (intended only for developers of the library)",
"cacheVariables": {
"SECP256K1_EXPERIMENTAL": "ON",
"SECP256K1_ENABLE_MODULE_RECOVERY": "ON",
"SECP256K1_BUILD_EXAMPLES": "ON"
},
"warnings": {
"dev": true,
"uninitialized": true
}
}
]
}

109
secp256k1.depreciated/CONTRIBUTING.md
View File

@@ -1,109 +0,0 @@
# Contributing to libsecp256k1
## Scope
libsecp256k1 is a library for elliptic curve cryptography on the curve secp256k1, not a general-purpose cryptography library.
The library primarily serves the needs of the Bitcoin Core project but provides additional functionality for the benefit of the wider Bitcoin ecosystem.
## Adding new functionality or modules
The libsecp256k1 project welcomes contributions in the form of new functionality or modules, provided they are within the project's scope.
It is the responsibility of the contributors to convince the maintainers that the proposed functionality is within the project's scope, high-quality and maintainable.
Contributors are recommended to provide the following in addition to the new code:
* **Specification:**
A specification can help significantly in reviewing the new code as it provides documentation and context.
It may justify various design decisions, give a motivation and outline security goals.
If the specification contains pseudocode, a reference implementation or test vectors, these can be used to compare with the proposed libsecp256k1 code.
* **Security Arguments:**
In addition to a defining the security goals, it should be argued that the new functionality meets these goals.
Depending on the nature of the new functionality, a wide range of security arguments are acceptable, ranging from being "obviously secure" to rigorous proofs of security.
* **Relevance Arguments:**
The relevance of the new functionality for the Bitcoin ecosystem should be argued by outlining clear use cases.
These are not the only factors taken into account when considering to add new functionality.
The proposed new libsecp256k1 code must be of high quality, including API documentation and tests, as well as featuring a misuse-resistant API design.
We recommend reaching out to other contributors (see [Communication Channels](#communication-channels)) and get feedback before implementing new functionality.
## Communication channels
Most communication about libsecp256k1 occurs on the GitHub repository: in issues, pull request or on the discussion board.
Additionally, there is an IRC channel dedicated to libsecp256k1, with biweekly meetings (see channel topic).
The channel is `#secp256k1` on Libera Chat.
The easiest way to participate on IRC is with the web client, [web.libera.chat](https://web.libera.chat/#secp256k1).
Chat history logs can be found at https://gnusha.org/secp256k1/.
## Contributor workflow & peer review
The Contributor Workflow & Peer Review in libsecp256k1 are similar to Bitcoin Core's workflow and review processes described in its [CONTRIBUTING.md](https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md).
### Coding conventions
In addition, libsecp256k1 tries to maintain the following coding conventions:
* No runtime heap allocation (e.g., no `malloc`) unless explicitly requested by the caller (via `secp256k1_context_create` or `secp256k1_scratch_space_create`, for example). Moreover, it should be possible to use the library without any heap allocations.
* The tests should cover all lines and branches of the library (see [Test coverage](#coverage)).
* Operations involving secret data should be tested for being constant time with respect to the secrets (see [src/ctime_tests.c](src/ctime_tests.c)).
* Local variables containing secret data should be cleared explicitly to try to delete secrets from memory.
* Use `secp256k1_memcmp_var` instead of `memcmp` (see [#823](https://github.com/bitcoin-core/secp256k1/issues/823)).
* As a rule of thumb, the default values for configuration options should target standard desktop machines and align with Bitcoin Core's defaults, and the tests should mostly exercise the default configuration (see [#1549](https://github.com/bitcoin-core/secp256k1/issues/1549#issuecomment-2200559257)).
#### Style conventions
* Commits should be atomic and diffs should be easy to read. For this reason, do not mix any formatting fixes or code moves with actual code changes. Make sure each individual commit is hygienic: that it builds successfully on its own without warnings, errors, regressions, or test failures.
* New code should adhere to the style of existing, in particular surrounding, code. Other than that, we do not enforce strict rules for code formatting.
* The code conforms to C89. Most notably, that means that only `/* ... */` comments are allowed (no `//` line comments). Moreover, any declarations in a `{ ... }` block (e.g., a function) must appear at the beginning of the block before any statements. When you would like to declare a variable in the middle of a block, you can open a new block:
```C
void secp256k_foo(void) {
unsigned int x; /* declaration */
int y = 2*x; /* declaration */
x = 17; /* statement */
{
int a, b; /* declaration */
a = x + y; /* statement */
secp256k_bar(x, &b); /* statement */
}
}
```
* Use `unsigned int` instead of just `unsigned`.
* Use `void *ptr` instead of `void* ptr`.
* Arguments of the publicly-facing API must have a specific order defined in [include/secp256k1.h](include/secp256k1.h).
* User-facing comment lines in headers should be limited to 80 chars if possible.
* All identifiers in file scope should start with `secp256k1_`.
* Avoid trailing whitespace.
* Use the constants `EXIT_SUCCESS`/`EXIT_FAILURE` (defined in `stdlib.h`) to indicate program execution status for examples and other binaries.
### Tests
#### Coverage
This library aims to have full coverage of reachable lines and branches.
To create a test coverage report, configure with `--enable-coverage` (use of GCC is necessary):
$ ./configure --enable-coverage
Run the tests:
$ make check
To create a report, `gcovr` is recommended, as it includes branch coverage reporting:
$ gcovr --exclude 'src/bench*' --print-summary
To create a HTML report with coloured and annotated source code:
$ mkdir -p coverage
$ gcovr --exclude 'src/bench*' --html --html-details -o coverage/coverage.html
#### Exhaustive tests
There are tests of several functions in which a small group replaces secp256k1.
These tests are *exhaustive* since they provide all elements and scalars of the small group as input arguments (see [src/tests_exhaustive.c](src/tests_exhaustive.c)).
### Benchmarks
See `src/bench*.c` for examples of benchmarks.

19
secp256k1.depreciated/COPYING
View File

@@ -1,19 +0,0 @@
Copyright (c) 2013 Pieter Wuille
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

313
secp256k1.depreciated/Makefile.am
View File

@@ -1,313 +0,0 @@
ACLOCAL_AMFLAGS = -I build-aux/m4
# AM_CFLAGS will be automatically prepended to CFLAGS by Automake when compiling some foo
# which does not have an explicit foo_CFLAGS variable set.
AM_CFLAGS = $(SECP_CFLAGS)
lib_LTLIBRARIES = libsecp256k1.la
include_HEADERS = include/secp256k1.h
include_HEADERS += include/secp256k1_preallocated.h
noinst_HEADERS =
noinst_HEADERS += src/scalar.h
noinst_HEADERS += src/scalar_4x64.h
noinst_HEADERS += src/scalar_8x32.h
noinst_HEADERS += src/scalar_low.h
noinst_HEADERS += src/scalar_impl.h
noinst_HEADERS += src/scalar_4x64_impl.h
noinst_HEADERS += src/scalar_8x32_impl.h
noinst_HEADERS += src/scalar_low_impl.h
noinst_HEADERS += src/group.h
noinst_HEADERS += src/group_impl.h
noinst_HEADERS += src/ecdsa.h
noinst_HEADERS += src/ecdsa_impl.h
noinst_HEADERS += src/eckey.h
noinst_HEADERS += src/eckey_impl.h
noinst_HEADERS += src/ecmult.h
noinst_HEADERS += src/ecmult_impl.h
noinst_HEADERS += src/ecmult_compute_table.h
noinst_HEADERS += src/ecmult_compute_table_impl.h
noinst_HEADERS += src/ecmult_const.h
noinst_HEADERS += src/ecmult_const_impl.h
noinst_HEADERS += src/ecmult_gen.h
noinst_HEADERS += src/ecmult_gen_impl.h
noinst_HEADERS += src/ecmult_gen_compute_table.h
noinst_HEADERS += src/ecmult_gen_compute_table_impl.h
noinst_HEADERS += src/field_10x26.h
noinst_HEADERS += src/field_10x26_impl.h
noinst_HEADERS += src/field_5x52.h
noinst_HEADERS += src/field_5x52_impl.h
noinst_HEADERS += src/field_5x52_int128_impl.h
noinst_HEADERS += src/modinv32.h
noinst_HEADERS += src/modinv32_impl.h
noinst_HEADERS += src/modinv64.h
noinst_HEADERS += src/modinv64_impl.h
noinst_HEADERS += src/precomputed_ecmult.h
noinst_HEADERS += src/precomputed_ecmult_gen.h
noinst_HEADERS += src/assumptions.h
noinst_HEADERS += src/checkmem.h
noinst_HEADERS += src/testutil.h
noinst_HEADERS += src/util.h
noinst_HEADERS += src/util_local_visibility.h
noinst_HEADERS += src/int128.h
noinst_HEADERS += src/int128_impl.h
noinst_HEADERS += src/int128_native.h
noinst_HEADERS += src/int128_native_impl.h
noinst_HEADERS += src/int128_struct.h
noinst_HEADERS += src/int128_struct_impl.h
noinst_HEADERS += src/scratch.h
noinst_HEADERS += src/scratch_impl.h
noinst_HEADERS += src/selftest.h
noinst_HEADERS += src/testrand.h
noinst_HEADERS += src/testrand_impl.h
noinst_HEADERS += src/hash.h
noinst_HEADERS += src/hash_impl.h
noinst_HEADERS += src/field.h
noinst_HEADERS += src/field_impl.h
noinst_HEADERS += src/bench.h
noinst_HEADERS += src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h
noinst_HEADERS += src/hsort.h
noinst_HEADERS += src/hsort_impl.h
noinst_HEADERS += contrib/lax_der_parsing.h
noinst_HEADERS += contrib/lax_der_parsing.c
noinst_HEADERS += contrib/lax_der_privatekey_parsing.h
noinst_HEADERS += contrib/lax_der_privatekey_parsing.c
noinst_HEADERS += examples/examples_util.h
PRECOMPUTED_LIB = libsecp256k1_precomputed.la
noinst_LTLIBRARIES = $(PRECOMPUTED_LIB)
libsecp256k1_precomputed_la_SOURCES = src/precomputed_ecmult.c src/precomputed_ecmult_gen.c
# We need `-I$(top_srcdir)/src` in VPATH builds if libsecp256k1_precomputed_la_SOURCES have been recreated in the build tree.
# This helps users and packagers who insist on recreating the precomputed files (e.g., Gentoo).
libsecp256k1_precomputed_la_CPPFLAGS = -I$(top_srcdir)/src $(SECP_CONFIG_DEFINES)
if USE_EXTERNAL_ASM
COMMON_LIB = libsecp256k1_common.la
else
COMMON_LIB =
endif
noinst_LTLIBRARIES += $(COMMON_LIB)
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libsecp256k1.pc
if USE_EXTERNAL_ASM
if USE_ASM_ARM
libsecp256k1_common_la_SOURCES = src/asm/field_10x26_arm.s
endif
endif
libsecp256k1_la_SOURCES = src/secp256k1.c
libsecp256k1_la_CPPFLAGS = $(SECP_CONFIG_DEFINES)
libsecp256k1_la_LIBADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
libsecp256k1_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE)
noinst_PROGRAMS =
if USE_BENCHMARK
noinst_PROGRAMS += bench bench_internal bench_ecmult
bench_SOURCES = src/bench.c
bench_LDADD = libsecp256k1.la
bench_CPPFLAGS = $(SECP_CONFIG_DEFINES)
bench_internal_SOURCES = src/bench_internal.c
bench_internal_LDADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
bench_internal_CPPFLAGS = $(SECP_CONFIG_DEFINES)
bench_ecmult_SOURCES = src/bench_ecmult.c
bench_ecmult_LDADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
bench_ecmult_CPPFLAGS = $(SECP_CONFIG_DEFINES)
endif
TESTS =
if USE_TESTS
TESTS += noverify_tests
noinst_PROGRAMS += noverify_tests
noverify_tests_SOURCES = src/tests.c
noverify_tests_CPPFLAGS = $(SECP_CONFIG_DEFINES)
noverify_tests_LDADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
noverify_tests_LDFLAGS = -static
if !ENABLE_COVERAGE
TESTS += tests
noinst_PROGRAMS += tests
tests_SOURCES = $(noverify_tests_SOURCES)
tests_CPPFLAGS = $(noverify_tests_CPPFLAGS) -DVERIFY
tests_LDADD = $(noverify_tests_LDADD)
tests_LDFLAGS = $(noverify_tests_LDFLAGS)
endif
endif
if USE_CTIME_TESTS
noinst_PROGRAMS += ctime_tests
ctime_tests_SOURCES = src/ctime_tests.c
ctime_tests_LDADD = libsecp256k1.la
ctime_tests_CPPFLAGS = $(SECP_CONFIG_DEFINES)
endif
if USE_EXHAUSTIVE_TESTS
noinst_PROGRAMS += exhaustive_tests
exhaustive_tests_SOURCES = src/tests_exhaustive.c
exhaustive_tests_CPPFLAGS = $(SECP_CONFIG_DEFINES)
if !ENABLE_COVERAGE
exhaustive_tests_CPPFLAGS += -DVERIFY
endif
# Note: do not include $(PRECOMPUTED_LIB) in exhaustive_tests (it uses runtime-generated tables).
exhaustive_tests_LDADD = $(COMMON_LIB)
exhaustive_tests_LDFLAGS = -static
TESTS += exhaustive_tests
endif
if USE_EXAMPLES
noinst_PROGRAMS += ecdsa_example
ecdsa_example_SOURCES = examples/ecdsa.c
ecdsa_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
ecdsa_example_LDADD = libsecp256k1.la
ecdsa_example_LDFLAGS = -static
if BUILD_WINDOWS
ecdsa_example_LDFLAGS += -lbcrypt
endif
TESTS += ecdsa_example
if ENABLE_MODULE_ECDH
noinst_PROGRAMS += ecdh_example
ecdh_example_SOURCES = examples/ecdh.c
ecdh_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
ecdh_example_LDADD = libsecp256k1.la
ecdh_example_LDFLAGS = -static
if BUILD_WINDOWS
ecdh_example_LDFLAGS += -lbcrypt
endif
TESTS += ecdh_example
endif
if ENABLE_MODULE_SCHNORRSIG
noinst_PROGRAMS += schnorr_example
schnorr_example_SOURCES = examples/schnorr.c
schnorr_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
schnorr_example_LDADD = libsecp256k1.la
schnorr_example_LDFLAGS = -static
if BUILD_WINDOWS
schnorr_example_LDFLAGS += -lbcrypt
endif
TESTS += schnorr_example
endif
if ENABLE_MODULE_ELLSWIFT
noinst_PROGRAMS += ellswift_example
ellswift_example_SOURCES = examples/ellswift.c
ellswift_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
ellswift_example_LDADD = libsecp256k1.la
ellswift_example_LDFLAGS = -static
if BUILD_WINDOWS
ellswift_example_LDFLAGS += -lbcrypt
endif
TESTS += ellswift_example
endif
if ENABLE_MODULE_MUSIG
noinst_PROGRAMS += musig_example
musig_example_SOURCES = examples/musig.c
musig_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
musig_example_LDADD = libsecp256k1.la
musig_example_LDFLAGS = -static
if BUILD_WINDOWS
musig_example_LDFLAGS += -lbcrypt
endif
TESTS += musig_example
endif
endif
### Precomputed tables
EXTRA_PROGRAMS = precompute_ecmult precompute_ecmult_gen
CLEANFILES = $(EXTRA_PROGRAMS)
precompute_ecmult_SOURCES = src/precompute_ecmult.c
precompute_ecmult_CPPFLAGS = $(SECP_CONFIG_DEFINES) -DVERIFY
precompute_ecmult_LDADD = $(COMMON_LIB)
precompute_ecmult_gen_SOURCES = src/precompute_ecmult_gen.c
precompute_ecmult_gen_CPPFLAGS = $(SECP_CONFIG_DEFINES) -DVERIFY
precompute_ecmult_gen_LDADD = $(COMMON_LIB)
# See Automake manual, Section "Errors with distclean".
# We don't list any dependencies for the prebuilt files here because
# otherwise make's decision whether to rebuild them (even in the first
# build by a normal user) depends on mtimes, and thus is very fragile.
# This means that rebuilds of the prebuilt files always need to be
# forced by deleting them.
src/precomputed_ecmult.c:
$(MAKE) $(AM_MAKEFLAGS) precompute_ecmult$(EXEEXT)
./precompute_ecmult$(EXEEXT)
src/precomputed_ecmult_gen.c:
$(MAKE) $(AM_MAKEFLAGS) precompute_ecmult_gen$(EXEEXT)
./precompute_ecmult_gen$(EXEEXT)
PRECOMP = src/precomputed_ecmult_gen.c src/precomputed_ecmult.c
precomp: $(PRECOMP)
# Ensure the prebuilt files will be build first (only if they don't exist,
# e.g., after `make maintainer-clean`).
BUILT_SOURCES = $(PRECOMP)
.PHONY: clean-precomp
clean-precomp:
rm -f $(PRECOMP)
maintainer-clean-local: clean-precomp
### Pregenerated test vectors
### (see the comments in the previous section for detailed rationale)
TESTVECTORS = src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h
if ENABLE_MODULE_ECDH
TESTVECTORS += src/wycheproof/ecdh_secp256k1_test.h
endif
src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h:
mkdir -p $(@D)
python3 $(top_srcdir)/tools/tests_wycheproof_generate_ecdsa.py $(top_srcdir)/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json > $@
src/wycheproof/ecdh_secp256k1_test.h:
mkdir -p $(@D)
python3 $(top_srcdir)/tools/tests_wycheproof_generate_ecdh.py $(top_srcdir)/src/wycheproof/ecdh_secp256k1_test.json > $@
testvectors: $(TESTVECTORS)
BUILT_SOURCES += $(TESTVECTORS)
.PHONY: clean-testvectors
clean-testvectors:
rm -f $(TESTVECTORS)
maintainer-clean-local: clean-testvectors
### Additional files to distribute
EXTRA_DIST = autogen.sh CHANGELOG.md SECURITY.md
EXTRA_DIST += doc/release-process.md doc/safegcd_implementation.md
EXTRA_DIST += doc/ellswift.md doc/musig.md
EXTRA_DIST += examples/EXAMPLES_COPYING
EXTRA_DIST += sage/gen_exhaustive_groups.sage
EXTRA_DIST += sage/gen_split_lambda_constants.sage
EXTRA_DIST += sage/group_prover.sage
EXTRA_DIST += sage/prove_group_implementations.sage
EXTRA_DIST += sage/secp256k1_params.sage
EXTRA_DIST += sage/weierstrass_prover.sage
EXTRA_DIST += src/wycheproof/WYCHEPROOF_COPYING
EXTRA_DIST += src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json
EXTRA_DIST += src/wycheproof/ecdh_secp256k1_test.json
EXTRA_DIST += tools/tests_wycheproof_generate_ecdsa.py
EXTRA_DIST += tools/tests_wycheproof_generate_ecdh.py
if ENABLE_MODULE_ECDH
include src/modules/ecdh/Makefile.am.include
endif
if ENABLE_MODULE_RECOVERY
include src/modules/recovery/Makefile.am.include
endif
if ENABLE_MODULE_EXTRAKEYS
include src/modules/extrakeys/Makefile.am.include
endif
if ENABLE_MODULE_SCHNORRSIG
include src/modules/schnorrsig/Makefile.am.include
endif
if ENABLE_MODULE_MUSIG
include src/modules/musig/Makefile.am.include
endif
if ENABLE_MODULE_ELLSWIFT
include src/modules/ellswift/Makefile.am.include
endif

178
secp256k1.depreciated/README.md
View File

@@ -1,178 +0,0 @@
libsecp256k1
============
![Dependencies: None](https://img.shields.io/badge/dependencies-none-success)
[![irc.libera.chat #secp256k1](https://img.shields.io/badge/irc.libera.chat-%23secp256k1-success)](https://web.libera.chat/#secp256k1)
High-performance high-assurance C library for digital signatures and other cryptographic primitives on the secp256k1 elliptic curve.
This library is intended to be the highest quality publicly available library for cryptography on the secp256k1 curve. However, the primary focus of its development has been for usage in the Bitcoin system and usage unlike Bitcoin's may be less well tested, verified, or suffer from a less well thought out interface. Correct usage requires some care and consideration that the library is fit for your application's purpose.
Features:
* secp256k1 ECDSA signing/verification and key generation.
* Additive and multiplicative tweaking of secret/public keys.
* Serialization/parsing of secret keys, public keys, signatures.
* Constant time, constant memory access signing and public key generation.
* Derandomized ECDSA (via RFC6979 or with a caller provided function.)
* Very efficient implementation.
* Suitable for embedded systems.
* No runtime dependencies.
* Optional module for public key recovery.
* Optional module for ECDH key exchange.
* Optional module for Schnorr signatures according to [BIP-340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki).
* Optional module for ElligatorSwift key exchange according to [BIP-324](https://github.com/bitcoin/bips/blob/master/bip-0324.mediawiki).
* Optional module for MuSig2 Schnorr multi-signatures according to [BIP-327](https://github.com/bitcoin/bips/blob/master/bip-0327.mediawiki).
Implementation details
----------------------
* General
* No runtime heap allocation.
* Extensive testing infrastructure.
* Structured to facilitate review and analysis.
* Intended to be portable to any system with a C89 compiler and uint64_t support.
* No use of floating types.
* Expose only higher level interfaces to minimize the API surface and improve application security. ("Be difficult to use insecurely.")
* Field operations
* Optimized implementation of arithmetic modulo the curve's field size (2^256 - 0x1000003D1).
* Using 5 52-bit limbs
* Using 10 26-bit limbs (including hand-optimized assembly for 32-bit ARM, by Wladimir J. van der Laan).
* This is an experimental feature that has not received enough scrutiny to satisfy the standard of quality of this library but is made available for testing and review by the community.
* Scalar operations
* Optimized implementation without data-dependent branches of arithmetic modulo the curve's order.
* Using 4 64-bit limbs (relying on __int128 support in the compiler).
* Using 8 32-bit limbs.
* Modular inverses (both field elements and scalars) based on [safegcd](https://gcd.cr.yp.to/index.html) with some modifications, and a variable-time variant (by Peter Dettman).
* Group operations
* Point addition formula specifically simplified for the curve equation (y^2 = x^3 + 7).
* Use addition between points in Jacobian and affine coordinates where possible.
* Use a unified addition/doubling formula where necessary to avoid data-dependent branches.
* Point/x comparison without a field inversion by comparison in the Jacobian coordinate space.
* Point multiplication for verification (a*P + b*G).
* Use wNAF notation for point multiplicands.
* Use a much larger window for multiples of G, using precomputed multiples.
* Use Shamir's trick to do the multiplication with the public key and the generator simultaneously.
* Use secp256k1's efficiently-computable endomorphism to split the P multiplicand into 2 half-sized ones.
* Point multiplication for signing
* Use a precomputed table of multiples of powers of 16 multiplied with the generator, so general multiplication becomes a series of additions.
* Intended to be completely free of timing sidechannels for secret-key operations (on reasonable hardware/toolchains)
* Access the table with branch-free conditional moves so memory access is uniform.
* No data-dependent branches
* Optional runtime blinding which attempts to frustrate differential power analysis.
* The precomputed tables add and eventually subtract points for which no known scalar (secret key) is known, preventing even an attacker with control over the secret key used to control the data internally.
Obtaining and verifying
-----------------------
The git tag for each release (e.g. `v0.6.0`) is GPG-signed by one of the maintainers.
For a fully verified build of this project, it is recommended to obtain this repository
via git, obtain the GPG keys of the signing maintainer(s), and then verify the release
tag's signature using git.
This can be done with the following steps:
1. Obtain the GPG keys listed in [SECURITY.md](./SECURITY.md).
2. If possible, cross-reference these key IDs with another source controlled by its owner (e.g.
social media, personal website). This is to mitigate the unlikely case that incorrect
content is being presented by this repository.
3. Clone the repository:
```
git clone https://github.com/bitcoin-core/secp256k1
```
4. Check out the latest release tag, e.g.
```
git checkout v0.6.0
```
5. Use git to verify the GPG signature:
```
% git tag -v v0.6.0 | grep -C 3 'Good signature'
gpg: Signature made Mon 04 Nov 2024 12:14:44 PM EST
gpg: using RSA key 4BBB845A6F5A65A69DFAEC234861DBF262123605
gpg: Good signature from "Jonas Nick <jonas@n-ck.net>" [unknown]
gpg: aka "Jonas Nick <jonasd.nick@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366
Subkey fingerprint: 4BBB 845A 6F5A 65A6 9DFA EC23 4861 DBF2 6212 3605
```
Building with Autotools
-----------------------
$ ./autogen.sh # Generate a ./configure script
$ ./configure # Generate a build system
$ make # Run the actual build process
$ make check # Run the test suite
$ sudo make install # Install the library into the system (optional)
To compile optional modules (such as Schnorr signatures), you need to run `./configure` with additional flags (such as `--enable-module-schnorrsig`). Run `./configure --help` to see the full list of available flags.
Building with CMake
-------------------
To maintain a pristine source tree, CMake encourages to perform an out-of-source build by using a separate dedicated build tree.
### Building on POSIX systems
$ cmake -B build # Generate a build system in subdirectory "build"
$ cmake --build build # Run the actual build process
$ ctest --test-dir build # Run the test suite
$ sudo cmake --install build # Install the library into the system (optional)
To compile optional modules (such as Schnorr signatures), you need to run `cmake` with additional flags (such as `-DSECP256K1_ENABLE_MODULE_SCHNORRSIG=ON`). Run `cmake -B build -LH` or `ccmake -B build` to see the full list of available flags.
### Cross compiling
To alleviate issues with cross compiling, preconfigured toolchain files are available in the `cmake` directory.
For example, to cross compile for Windows:
$ cmake -B build -DCMAKE_TOOLCHAIN_FILE=cmake/x86_64-w64-mingw32.toolchain.cmake
To cross compile for Android with [NDK](https://developer.android.com/ndk/guides/cmake) (using NDK's toolchain file, and assuming the `ANDROID_NDK_ROOT` environment variable has been set):
$ cmake -B build -DCMAKE_TOOLCHAIN_FILE="${ANDROID_NDK_ROOT}/build/cmake/android.toolchain.cmake" -DANDROID_ABI=arm64-v8a -DANDROID_PLATFORM=28
### Building on Windows
To build on Windows with Visual Studio, a proper [generator](https://cmake.org/cmake/help/latest/manual/cmake-generators.7.html#visual-studio-generators) must be specified for a new build tree.
The following example assumes using of Visual Studio 2022 and CMake v3.21+.
In "Developer Command Prompt for VS 2022":
>cmake -G "Visual Studio 17 2022" -A x64 -B build
>cmake --build build --config RelWithDebInfo
Usage examples
-----------
Usage examples can be found in the [examples](examples) directory. To compile them you need to configure with `--enable-examples`.
* [ECDSA example](examples/ecdsa.c)
* [Schnorr signatures example](examples/schnorr.c)
* [Deriving a shared secret (ECDH) example](examples/ecdh.c)
* [ElligatorSwift key exchange example](examples/ellswift.c)
* [MuSig2 Schnorr multi-signatures example](examples/musig.c)
To compile the examples, make sure the corresponding modules are enabled.
Benchmark
------------
If configured with `--enable-benchmark` (which is the default), binaries for benchmarking the libsecp256k1 functions will be present in the root directory after the build.
To print the benchmark result to the command line:
$ ./bench_name
To create a CSV file for the benchmark result :
$ ./bench_name | sed '2d;s/ \{1,\}//g' > bench_name.csv
Reporting a vulnerability
------------
See [SECURITY.md](SECURITY.md)
Contributing to libsecp256k1
------------
See [CONTRIBUTING.md](CONTRIBUTING.md)

15
secp256k1.depreciated/SECURITY.md
View File

@@ -1,15 +0,0 @@
# Security Policy
## Reporting a Vulnerability
To report security issues send an email to secp256k1-security@bitcoincore.org (not for support).
The following keys may be used to communicate sensitive information to developers:
| Name | Fingerprint |
|------|-------------|
| Pieter Wuille | 133E AC17 9436 F14A 5CF1 B794 860F EB80 4E66 9320 |
| Jonas Nick | 36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366 |
| Tim Ruffing | 09E0 3F87 1092 E40E 106E 902B 33BC 86AB 80FF 5516 |
You can import a key by running the following command with that individuals fingerprint: `gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>"` Ensure that you put quotes around fingerprints containing spaces.

3
secp256k1.depreciated/autogen.sh
View File

@@ -1,3 +0,0 @@
#!/bin/sh
set -e
autoreconf -if --warnings=all

91
secp256k1.depreciated/build-aux/m4/bitcoin_secp.m4
View File

@@ -1,91 +0,0 @@
dnl escape "$0x" below using the m4 quadrigaph @S|@, and escape it again with a \ for the shell.
AC_DEFUN([SECP_X86_64_ASM_CHECK],[
AC_MSG_CHECKING(for x86_64 assembly availability)
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdint.h>]],[[
uint64_t a = 11, tmp;
__asm__ __volatile__("movq \@S|@0x100000000,%1; mulq %%rsi" : "+a"(a) : "S"(tmp) : "cc", "%rdx");
]])], [has_x86_64_asm=yes], [has_x86_64_asm=no])
AC_MSG_RESULT([$has_x86_64_asm])
])
AC_DEFUN([SECP_ARM32_ASM_CHECK], [
AC_MSG_CHECKING(for ARM32 assembly availability)
SECP_ARM32_ASM_CHECK_CFLAGS_saved_CFLAGS="$CFLAGS"
CFLAGS="-x assembler"
AC_LINK_IFELSE([AC_LANG_SOURCE([[
.syntax unified
.eabi_attribute 24, 1
.eabi_attribute 25, 1
.text
.global main
main:
ldr r0, =0x002A
mov r7, #1
swi 0
]])], [has_arm32_asm=yes], [has_arm32_asm=no])
AC_MSG_RESULT([$has_arm32_asm])
CFLAGS="$SECP_ARM32_ASM_CHECK_CFLAGS_saved_CFLAGS"
])
AC_DEFUN([SECP_VALGRIND_CHECK],[
AC_MSG_CHECKING([for valgrind support])
if test x"$has_valgrind" != x"yes"; then
CPPFLAGS_TEMP="$CPPFLAGS"
CPPFLAGS="$VALGRIND_CPPFLAGS $CPPFLAGS"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <valgrind/memcheck.h>
]], [[
#if defined(NVALGRIND)
# error "Valgrind does not support this platform."
#endif
]])], [has_valgrind=yes])
CPPFLAGS="$CPPFLAGS_TEMP"
fi
AC_MSG_RESULT($has_valgrind)
])
AC_DEFUN([SECP_MSAN_CHECK], [
AC_MSG_CHECKING(whether MemorySanitizer is enabled)
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
#if defined(__has_feature)
# if __has_feature(memory_sanitizer)
/* MemorySanitizer is enabled. */
# elif
# error "MemorySanitizer is disabled."
# endif
#else
# error "__has_feature is not defined."
#endif
]])], [msan_enabled=yes], [msan_enabled=no])
AC_MSG_RESULT([$msan_enabled])
])
dnl SECP_TRY_APPEND_CFLAGS(flags, VAR)
dnl Append flags to VAR if CC accepts them.
AC_DEFUN([SECP_TRY_APPEND_CFLAGS], [
AC_MSG_CHECKING([if ${CC} supports $1])
SECP_TRY_APPEND_CFLAGS_saved_CFLAGS="$CFLAGS"
CFLAGS="$1 $CFLAGS"
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], [flag_works=yes], [flag_works=no])
AC_MSG_RESULT($flag_works)
CFLAGS="$SECP_TRY_APPEND_CFLAGS_saved_CFLAGS"
if test x"$flag_works" = x"yes"; then
$2="$$2 $1"
fi
unset flag_works
AC_SUBST($2)
])
dnl SECP_SET_DEFAULT(VAR, default, default-dev-mode)
dnl Set VAR to default or default-dev-mode, depending on whether dev mode is enabled
AC_DEFUN([SECP_SET_DEFAULT], [
if test "${enable_dev_mode+set}" != set; then
AC_MSG_ERROR([[Set enable_dev_mode before calling SECP_SET_DEFAULT]])
fi
if test x"$enable_dev_mode" = x"yes"; then
$1="$3"
else
$1="$2"
fi
])

163
secp256k1.depreciated/ci/ci.sh
View File

@@ -1,163 +0,0 @@
#!/bin/sh
set -eux
export LC_ALL=C
# Print commit and relevant CI environment to allow reproducing the job outside of CI.
git show --no-patch
print_environment() {
# Turn off -x because it messes up the output
set +x
# There are many ways to print variable names and their content. This one
# does not rely on bash.
for var in WERROR_CFLAGS MAKEFLAGS BUILD \
ECMULTWINDOW ECMULTGENKB ASM WIDEMUL WITH_VALGRIND EXTRAFLAGS \
EXPERIMENTAL ECDH RECOVERY EXTRAKEYS MUSIG SCHNORRSIG ELLSWIFT \
SECP256K1_TEST_ITERS BENCH SECP256K1_BENCH_ITERS CTIMETESTS SYMBOL_CHECK \
EXAMPLES \
HOST WRAPPER_CMD \
CC CFLAGS CPPFLAGS AR NM \
UBSAN_OPTIONS ASAN_OPTIONS LSAN_OPTIONS
do
eval "isset=\${$var+x}"
if [ -n "$isset" ]; then
eval "val=\${$var}"
# shellcheck disable=SC2154
printf '%s="%s" ' "$var" "$val"
fi
done
echo "$0"
set -x
}
print_environment
env >> test_env.log
# If gcc is requested, assert that it's in fact gcc (and not some symlinked Apple clang).
case "${CC:-undefined}" in
*gcc*)
$CC -v 2>&1 | grep -q "gcc version" || exit 1;
;;
esac
if [ -n "${CC+x}" ]; then
# The MSVC compiler "cl" doesn't understand "-v"
$CC -v || true
fi
if [ "$WITH_VALGRIND" = "yes" ]; then
valgrind --version
fi
if [ -n "$WRAPPER_CMD" ]; then
$WRAPPER_CMD --version
fi
# Workaround for https://bugs.kde.org/show_bug.cgi?id=452758 (fixed in valgrind 3.20.0).
case "${CC:-undefined}" in
clang*)
if [ "$CTIMETESTS" = "yes" ] && [ "$WITH_VALGRIND" = "yes" ]
then
export CFLAGS="${CFLAGS:+$CFLAGS }-gdwarf-4"
else
case "$WRAPPER_CMD" in
valgrind*)
export CFLAGS="${CFLAGS:+$CFLAGS }-gdwarf-4"
;;
esac
fi
;;
esac
./autogen.sh
./configure \
--enable-experimental="$EXPERIMENTAL" \
--with-test-override-wide-multiply="$WIDEMUL" --with-asm="$ASM" \
--with-ecmult-window="$ECMULTWINDOW" \
--with-ecmult-gen-kb="$ECMULTGENKB" \
--enable-module-ecdh="$ECDH" --enable-module-recovery="$RECOVERY" \
--enable-module-ellswift="$ELLSWIFT" \
--enable-module-extrakeys="$EXTRAKEYS" \
--enable-module-schnorrsig="$SCHNORRSIG" \
--enable-module-musig="$MUSIG" \
--enable-examples="$EXAMPLES" \
--enable-ctime-tests="$CTIMETESTS" \
--with-valgrind="$WITH_VALGRIND" \
--host="$HOST" $EXTRAFLAGS
# We have set "-j<n>" in MAKEFLAGS.
build_exit_code=0
make > make.log 2>&1 || build_exit_code=$?
cat make.log
if [ $build_exit_code -ne 0 ]; then
case "${CC:-undefined}" in
*snapshot*)
# Ignore internal compiler errors in gcc-snapshot and clang-snapshot
grep -e "internal compiler error:" -e "PLEASE submit a bug report" make.log
exit $?
;;
*)
exit 1
;;
esac
fi
# Print information about binaries so that we can see that the architecture is correct
file *tests* || true
file bench* || true
file .libs/* || true
if [ "$SYMBOL_CHECK" = "yes" ]
then
python3 --version
case "$HOST" in
*mingw*)
ls -l .libs
python3 ./tools/symbol-check.py .libs/libsecp256k1-*.dll
;;
*)
python3 ./tools/symbol-check.py .libs/libsecp256k1.so
;;
esac
fi
# This tells `make check` to wrap test invocations.
export LOG_COMPILER="$WRAPPER_CMD"
make "$BUILD"
# Using the local `libtool` because on macOS the system's libtool has nothing to do with GNU libtool
EXEC='./libtool --mode=execute'
if [ -n "$WRAPPER_CMD" ]
then
EXEC="$EXEC $WRAPPER_CMD"
fi
if [ "$BENCH" = "yes" ]
then
{
$EXEC ./bench_ecmult
$EXEC ./bench_internal
$EXEC ./bench
} >> bench.log 2>&1
fi
if [ "$CTIMETESTS" = "yes" ]
then
if [ "$WITH_VALGRIND" = "yes" ]; then
./libtool --mode=execute valgrind --error-exitcode=42 ./ctime_tests > ctime_tests.log 2>&1
else
$EXEC ./ctime_tests > ctime_tests.log 2>&1
fi
fi
# Rebuild precomputed files (if not cross-compiling).
if [ -z "$HOST" ]
then
make clean-precomp clean-testvectors
make precomp testvectors
fi
# Check that no repo files have been modified by the build.
# (This fails for example if the precomp files need to be updated in the repo.)
git diff --exit-code

83
secp256k1.depreciated/ci/linux-debian.Dockerfile
View File

@@ -1,83 +0,0 @@
FROM debian:stable-slim
SHELL ["/bin/bash", "-c"]
WORKDIR /root
# A too high maximum number of file descriptors (with the default value
# inherited from the docker host) can cause issues with some of our tools:
# - sanitizers hanging: https://github.com/google/sanitizers/issues/1662
# - valgrind crashing: https://stackoverflow.com/a/75293014
# This is not be a problem on our CI hosts, but developers who run the image
# on their machines may run into this (e.g., on Arch Linux), so warn them.
# (Note that .bashrc is only executed in interactive bash shells.)
RUN echo 'if [[ $(ulimit -n) -gt 200000 ]]; then echo "WARNING: Very high value reported by \"ulimit -n\". Consider passing \"--ulimit nofile=32768\" to \"docker run\"."; fi' >> /root/.bashrc
RUN dpkg --add-architecture i386 && \
dpkg --add-architecture s390x && \
dpkg --add-architecture armhf && \
dpkg --add-architecture arm64 && \
dpkg --add-architecture ppc64el
# dkpg-dev: to make pkg-config work in cross-builds
# llvm: for llvm-symbolizer, which is used by clang's UBSan for symbolized stack traces
RUN apt-get update && apt-get install --no-install-recommends -y \
git ca-certificates \
make automake libtool pkg-config dpkg-dev valgrind qemu-user \
gcc clang llvm libclang-rt-dev libc6-dbg \
g++ \
gcc-i686-linux-gnu libc6-dev-i386-cross libc6-dbg:i386 libubsan1:i386 libasan8:i386 \
gcc-s390x-linux-gnu libc6-dev-s390x-cross libc6-dbg:s390x \
gcc-arm-linux-gnueabihf libc6-dev-armhf-cross libc6-dbg:armhf \
gcc-powerpc64le-linux-gnu libc6-dev-ppc64el-cross libc6-dbg:ppc64el \
gcc-mingw-w64-x86-64-win32 wine64 wine \
gcc-mingw-w64-i686-win32 wine32 \
python3-full && \
if ! ( dpkg --print-architecture | grep --quiet "arm64" ) ; then \
apt-get install --no-install-recommends -y \
gcc-aarch64-linux-gnu libc6-dev-arm64-cross libc6-dbg:arm64 ;\
fi && \
apt-get clean && rm -rf /var/lib/apt/lists/*
# Build and install gcc snapshot
ARG GCC_SNAPSHOT_MAJOR=16
RUN apt-get update && apt-get install --no-install-recommends -y wget libgmp-dev libmpfr-dev libmpc-dev flex && \
mkdir gcc && cd gcc && \
wget --progress=dot:giga --https-only --recursive --accept '*.tar.xz' --level 1 --no-directories "https://gcc.gnu.org/pub/gcc/snapshots/LATEST-${GCC_SNAPSHOT_MAJOR}" && \
wget "https://gcc.gnu.org/pub/gcc/snapshots/LATEST-${GCC_SNAPSHOT_MAJOR}/sha512.sum" && \
sha512sum --check --ignore-missing sha512.sum && \
# We should have downloaded exactly one tar.xz file
ls && \
[ $(ls *.tar.xz | wc -l) -eq "1" ] && \
tar xf *.tar.xz && \
mkdir gcc-build && cd gcc-build && \
../*/configure --prefix=/opt/gcc-snapshot --enable-languages=c --disable-bootstrap --disable-multilib --without-isl && \
make -j $(nproc) && \
make install && \
cd ../.. && rm -rf gcc && \
ln -s /opt/gcc-snapshot/bin/gcc /usr/bin/gcc-snapshot && \
apt-get autoremove -y wget libgmp-dev libmpfr-dev libmpc-dev flex && \
apt-get clean && rm -rf /var/lib/apt/lists/*
# Install clang snapshot, see https://apt.llvm.org/
RUN \
# Setup GPG keys of LLVM repository
apt-get update && apt-get install --no-install-recommends -y wget && \
wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc && \
# Add repository for this Debian release
. /etc/os-release && echo "deb http://apt.llvm.org/${VERSION_CODENAME} llvm-toolchain-${VERSION_CODENAME} main" >> /etc/apt/sources.list && \
apt-get update && \
# Determine the version number of the LLVM development branch
LLVM_VERSION=$(apt-cache search --names-only '^clang-[0-9]+$' | sort -V | tail -1 | cut -f1 -d" " | cut -f2 -d"-" ) && \
# Install
apt-get install --no-install-recommends -y "clang-${LLVM_VERSION}" && \
# Create symlink
ln -s "/usr/bin/clang-${LLVM_VERSION}" /usr/bin/clang-snapshot && \
# Clean up
apt-get autoremove -y wget && \
apt-get clean && rm -rf /var/lib/apt/lists/*
ENV VIRTUAL_ENV=/root/venv
RUN python3 -m venv $VIRTUAL_ENV
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
RUN pip install lief

6
secp256k1.depreciated/cmake/CheckArm32Assembly.cmake
View File

@@ -1,6 +0,0 @@
function(check_arm32_assembly)
try_compile(HAVE_ARM32_ASM
${PROJECT_BINARY_DIR}/check_arm32_assembly
SOURCES ${PROJECT_SOURCE_DIR}/cmake/source_arm32.s
)
endfunction()

18
secp256k1.depreciated/cmake/CheckMemorySanitizer.cmake
View File

@@ -1,18 +0,0 @@
include_guard(GLOBAL)
include(CheckCSourceCompiles)
function(check_memory_sanitizer output)
set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY)
check_c_source_compiles("
#if defined(__has_feature)
# if __has_feature(memory_sanitizer)
/* MemorySanitizer is enabled. */
# elif
# error \"MemorySanitizer is disabled.\"
# endif
#else
# error \"__has_feature is not defined.\"
#endif
" HAVE_MSAN)
set(${output} ${HAVE_MSAN} PARENT_SCOPE)
endfunction()

10
secp256k1.depreciated/cmake/CheckStringOptionValue.cmake
View File

@@ -1,10 +0,0 @@
function(check_string_option_value option)
get_property(expected_values CACHE ${option} PROPERTY STRINGS)
if(expected_values)
if(${option} IN_LIST expected_values)
return()
endif()
message(FATAL_ERROR "${option} value is \"${${option}}\", but must be one of ${expected_values}.")
endif()
message(AUTHOR_WARNING "The STRINGS property must be set before invoking `check_string_option_value' function.")
endfunction()

14
secp256k1.depreciated/cmake/CheckX86_64Assembly.cmake
View File

@@ -1,14 +0,0 @@
include(CheckCSourceCompiles)
function(check_x86_64_assembly)
check_c_source_compiles("
#include <stdint.h>
int main()
{
uint64_t a = 11, tmp;
__asm__ __volatile__(\"movq $0x100000000,%1; mulq %%rsi\" : \"+a\"(a) : \"S\"(tmp) : \"cc\", \"%rdx\");
}
" HAVE_X86_64_ASM)
set(HAVE_X86_64_ASM ${HAVE_X86_64_ASM} PARENT_SCOPE)
endfunction()

41
secp256k1.depreciated/cmake/FindValgrind.cmake
View File

@@ -1,41 +0,0 @@
if(CMAKE_HOST_APPLE)
find_program(BREW_COMMAND brew)
execute_process(
COMMAND ${BREW_COMMAND} --prefix valgrind
OUTPUT_VARIABLE valgrind_brew_prefix
ERROR_QUIET
OUTPUT_STRIP_TRAILING_WHITESPACE
)
endif()
set(hints_paths)
if(valgrind_brew_prefix)
set(hints_paths ${valgrind_brew_prefix}/include)
endif()
find_path(Valgrind_INCLUDE_DIR
NAMES valgrind/memcheck.h
HINTS ${hints_paths}
)
if(Valgrind_INCLUDE_DIR)
include(CheckCSourceCompiles)
set(CMAKE_REQUIRED_INCLUDES ${Valgrind_INCLUDE_DIR})
check_c_source_compiles("
#include <valgrind/memcheck.h>
#if defined(NVALGRIND)
# error \"Valgrind does not support this platform.\"
#endif
int main() {}
" Valgrind_WORKS)
endif()
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(Valgrind
REQUIRED_VARS Valgrind_INCLUDE_DIR Valgrind_WORKS
)
mark_as_advanced(
Valgrind_INCLUDE_DIR
)

8
secp256k1.depreciated/cmake/GeneratePkgConfigFile.cmake
View File

@@ -1,8 +0,0 @@
function(generate_pkg_config_file in_file)
set(prefix ${CMAKE_INSTALL_PREFIX})
set(exec_prefix \${prefix})
set(libdir \${exec_prefix}/${CMAKE_INSTALL_LIBDIR})
set(includedir \${prefix}/${CMAKE_INSTALL_INCLUDEDIR})
set(PACKAGE_VERSION ${PROJECT_VERSION})
configure_file(${in_file} ${PROJECT_NAME}.pc @ONLY)
endfunction()

24
secp256k1.depreciated/cmake/TryAppendCFlags.cmake
View File

@@ -1,24 +0,0 @@
include(CheckCCompilerFlag)
function(secp256k1_check_c_flags_internal flags output)
string(MAKE_C_IDENTIFIER "${flags}" result)
string(TOUPPER "${result}" result)
set(result "C_SUPPORTS_${result}")
if(NOT MSVC)
set(CMAKE_REQUIRED_FLAGS "-Werror")
endif()
# This avoids running a linker.
set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY)
check_c_compiler_flag("${flags}" ${result})
set(${output} ${${result}} PARENT_SCOPE)
endfunction()
# Append flags to the COMPILE_OPTIONS directory property if CC accepts them.
macro(try_append_c_flags)
secp256k1_check_c_flags_internal("${ARGV}" result)
if(result)
add_compile_options(${ARGV})
endif()
endmacro()

3
secp256k1.depreciated/cmake/arm-linux-gnueabihf.toolchain.cmake
View File

@@ -1,3 +0,0 @@
set(CMAKE_SYSTEM_NAME Linux)
set(CMAKE_SYSTEM_PROCESSOR arm)
set(CMAKE_C_COMPILER arm-linux-gnueabihf-gcc)

5
secp256k1.depreciated/cmake/config.cmake.in
View File

@@ -1,5 +0,0 @@
@PACKAGE_INIT@
include("${CMAKE_CURRENT_LIST_DIR}/@PROJECT_NAME@-targets.cmake")
check_required_components(@PROJECT_NAME@)

9
secp256k1.depreciated/cmake/source_arm32.s
View File

@@ -1,9 +0,0 @@
.syntax unified
.eabi_attribute 24, 1
.eabi_attribute 25, 1
.text
.global main
main:
ldr r0, =0x002A
mov r7, #1
swi 0

3
secp256k1.depreciated/cmake/x86_64-w64-mingw32.toolchain.cmake
View File

@@ -1,3 +0,0 @@
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR x86_64)
set(CMAKE_C_COMPILER x86_64-w64-mingw32-gcc)

517
secp256k1.depreciated/configure.ac
View File

@@ -1,517 +0,0 @@
AC_PREREQ([2.60])
# The package (a.k.a. release) version is based on semantic versioning 2.0.0 of
# the API. All changes in experimental modules are treated as
# backwards-compatible and therefore at most increase the minor version.
define(_PKG_VERSION_MAJOR, 0)
define(_PKG_VERSION_MINOR, 7)
define(_PKG_VERSION_PATCH, 1)
define(_PKG_VERSION_IS_RELEASE, false)
# The library version is based on libtool versioning of the ABI. The set of
# rules for updating the version can be found here:
# https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
# All changes in experimental modules are treated as if they don't affect the
# interface and therefore only increase the revision.
define(_LIB_VERSION_CURRENT, 6)
define(_LIB_VERSION_REVISION, 1)
define(_LIB_VERSION_AGE, 0)
AC_INIT([libsecp256k1],m4_join([.], _PKG_VERSION_MAJOR, _PKG_VERSION_MINOR, _PKG_VERSION_PATCH)m4_if(_PKG_VERSION_IS_RELEASE, [true], [], [-dev]),[https://github.com/bitcoin-core/secp256k1/issues],[libsecp256k1],[https://github.com/bitcoin-core/secp256k1])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([build-aux/m4])
AC_CANONICAL_HOST
# Require Automake 1.11.2 for AM_PROG_AR
AM_INIT_AUTOMAKE([1.11.2 foreign subdir-objects])
# Make the compilation flags quiet unless V=1 is used.
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
if test "${CFLAGS+set}" = "set"; then
CFLAGS_overridden=yes
else
CFLAGS_overridden=no
fi
AC_PROG_CC
AM_PROG_AS
AM_PROG_AR
# Clear some cache variables as a workaround for a bug that appears due to a bad
# interaction between AM_PROG_AR and LT_INIT when combining MSVC's archiver lib.exe.
# https://debbugs.gnu.org/cgi/bugreport.cgi?bug=54421
AS_UNSET(ac_cv_prog_AR)
AS_UNSET(ac_cv_prog_ac_ct_AR)
LT_INIT([win32-dll])
build_windows=no
case $host_os in
*darwin*)
if test x$cross_compiling != xyes; then
AC_CHECK_PROG([BREW], brew, brew)
if test x$BREW = xbrew; then
# These Homebrew packages may be keg-only, meaning that they won't be found
# in expected paths because they may conflict with system files. Ask
# Homebrew where each one is located, then adjust paths accordingly.
if $BREW list --versions valgrind >/dev/null; then
valgrind_prefix=$($BREW --prefix valgrind 2>/dev/null)
VALGRIND_CPPFLAGS="-I$valgrind_prefix/include"
fi
else
AC_CHECK_PROG([PORT], port, port)
# If homebrew isn't installed and macports is, add the macports default paths
# as a last resort.
if test x$PORT = xport; then
CPPFLAGS="$CPPFLAGS -isystem /opt/local/include"
LDFLAGS="$LDFLAGS -L/opt/local/lib"
fi
fi
fi
;;
cygwin*|mingw*)
build_windows=yes
;;
esac
# Try if some desirable compiler flags are supported and append them to SECP_CFLAGS.
#
# These are our own flags, so we append them to our own SECP_CFLAGS variable (instead of CFLAGS) as
# recommended in the automake manual (Section "Flag Variables Ordering"). CFLAGS belongs to the user
# and we are not supposed to touch it. In the Makefile, we will need to ensure that SECP_CFLAGS
# is prepended to CFLAGS when invoking the compiler so that the user always has the last word (flag).
#
# Another advantage of not touching CFLAGS is that the contents of CFLAGS will be picked up by
# libtool for compiling helper executables. For example, when compiling for Windows, libtool will
# generate entire wrapper executables (instead of simple wrapper scripts as on Unix) to ensure
# proper operation of uninstalled programs linked by libtool against the uninstalled shared library.
# These executables are compiled from C source file for which our flags may not be appropriate,
# e.g., -std=c89 flag has lead to undesirable warnings in the past.
#
# TODO We should analogously not touch CPPFLAGS and LDFLAGS but currently there are no issues.
AC_DEFUN([SECP_TRY_APPEND_DEFAULT_CFLAGS], [
# GCC and compatible (incl. clang)
if test "x$GCC" = "xyes"; then
# Try to append -Werror to CFLAGS temporarily. Otherwise checks for some unsupported
# flags will succeed.
# Note that failure to append -Werror does not necessarily mean that -Werror is not
# supported. The compiler may already be warning about something unrelated, for example
# about some path issue. If that is the case, -Werror cannot be used because all
# of those warnings would be turned into errors.
SECP_TRY_APPEND_DEFAULT_CFLAGS_saved_CFLAGS="$CFLAGS"
SECP_TRY_APPEND_CFLAGS([-Werror], CFLAGS)
SECP_TRY_APPEND_CFLAGS([-std=c89 -pedantic -Wno-long-long -Wnested-externs -Wshadow -Wstrict-prototypes -Wundef], $1) # GCC >= 3.0, -Wlong-long is implied by -pedantic.
SECP_TRY_APPEND_CFLAGS([-Wno-overlength-strings], $1) # GCC >= 4.2, -Woverlength-strings is implied by -pedantic.
SECP_TRY_APPEND_CFLAGS([-Wall], $1) # GCC >= 2.95 and probably many other compilers
SECP_TRY_APPEND_CFLAGS([-Wno-unused-function], $1) # GCC >= 3.0, -Wunused-function is implied by -Wall.
SECP_TRY_APPEND_CFLAGS([-Wextra], $1) # GCC >= 3.4, this is the newer name of -W, which we don't use because older GCCs will warn about unused functions.
SECP_TRY_APPEND_CFLAGS([-Wcast-align], $1) # GCC >= 2.95
SECP_TRY_APPEND_CFLAGS([-Wcast-align=strict], $1) # GCC >= 8.0
SECP_TRY_APPEND_CFLAGS([-Wconditional-uninitialized], $1) # Clang >= 3.0 only
SECP_TRY_APPEND_CFLAGS([-Wreserved-identifier], $1) # Clang >= 13.0 only
CFLAGS="$SECP_TRY_APPEND_DEFAULT_CFLAGS_saved_CFLAGS"
fi
# MSVC
# Assume MSVC if we're building for Windows but not with GCC or compatible;
# libtool makes the same assumption internally.
# Note that "/opt" and "-opt" are equivalent for MSVC; we use "-opt" because "/opt" looks like a path.
if test x"$GCC" != x"yes" && test x"$build_windows" = x"yes"; then
SECP_TRY_APPEND_CFLAGS([-W3], $1) # Production quality warning level.
SECP_TRY_APPEND_CFLAGS([-wd4146], $1) # Disable warning C4146 "unary minus operator applied to unsigned type, result still unsigned".
SECP_TRY_APPEND_CFLAGS([-wd4244], $1) # Disable warning C4244 "'conversion' conversion from 'type1' to 'type2', possible loss of data".
SECP_TRY_APPEND_CFLAGS([-wd4267], $1) # Disable warning C4267 "'var' : conversion from 'size_t' to 'type', possible loss of data".
# Eliminate deprecation warnings for the older, less secure functions.
CPPFLAGS="-D_CRT_SECURE_NO_WARNINGS $CPPFLAGS"
fi
])
SECP_TRY_APPEND_DEFAULT_CFLAGS(SECP_CFLAGS)
###
### Define config arguments
###
# In dev mode, we enable all binaries and modules by default but individual options can still be overridden explicitly.
# Check for dev mode first because SECP_SET_DEFAULT needs enable_dev_mode set.
AC_ARG_ENABLE(dev_mode, [], [],
[enable_dev_mode=no])
AC_ARG_ENABLE(benchmark,
AS_HELP_STRING([--enable-benchmark],[compile benchmark [default=yes]]), [],
[SECP_SET_DEFAULT([enable_benchmark], [yes], [yes])])
AC_ARG_ENABLE(coverage,
AS_HELP_STRING([--enable-coverage],[enable compiler flags to support kcov coverage analysis [default=no]]), [],
[SECP_SET_DEFAULT([enable_coverage], [no], [no])])
AC_ARG_ENABLE(tests,
AS_HELP_STRING([--enable-tests],[compile tests [default=yes]]), [],
[SECP_SET_DEFAULT([enable_tests], [yes], [yes])])
AC_ARG_ENABLE(ctime_tests,
AS_HELP_STRING([--enable-ctime-tests],[compile constant-time tests [default=yes if valgrind enabled]]), [],
[SECP_SET_DEFAULT([enable_ctime_tests], [auto], [auto])])
AC_ARG_ENABLE(experimental,
AS_HELP_STRING([--enable-experimental],[allow experimental configure options [default=no]]), [],
[SECP_SET_DEFAULT([enable_experimental], [no], [yes])])
AC_ARG_ENABLE(exhaustive_tests,
AS_HELP_STRING([--enable-exhaustive-tests],[compile exhaustive tests [default=yes]]), [],
[SECP_SET_DEFAULT([enable_exhaustive_tests], [yes], [yes])])
AC_ARG_ENABLE(examples,
AS_HELP_STRING([--enable-examples],[compile the examples [default=no]]), [],
[SECP_SET_DEFAULT([enable_examples], [no], [yes])])
AC_ARG_ENABLE(module_ecdh,
AS_HELP_STRING([--enable-module-ecdh],[enable ECDH module [default=yes]]), [],
[SECP_SET_DEFAULT([enable_module_ecdh], [yes], [yes])])
AC_ARG_ENABLE(module_recovery,
AS_HELP_STRING([--enable-module-recovery],[enable ECDSA pubkey recovery module [default=no]]), [],
[SECP_SET_DEFAULT([enable_module_recovery], [no], [yes])])
AC_ARG_ENABLE(module_extrakeys,
AS_HELP_STRING([--enable-module-extrakeys],[enable extrakeys module [default=yes]]), [],
[SECP_SET_DEFAULT([enable_module_extrakeys], [yes], [yes])])
AC_ARG_ENABLE(module_schnorrsig,
AS_HELP_STRING([--enable-module-schnorrsig],[enable schnorrsig module [default=yes]]), [],
[SECP_SET_DEFAULT([enable_module_schnorrsig], [yes], [yes])])
AC_ARG_ENABLE(module_musig,
AS_HELP_STRING([--enable-module-musig],[enable MuSig2 module [default=yes]]), [],
[SECP_SET_DEFAULT([enable_module_musig], [yes], [yes])])
AC_ARG_ENABLE(module_ellswift,
AS_HELP_STRING([--enable-module-ellswift],[enable ElligatorSwift module [default=yes]]), [],
[SECP_SET_DEFAULT([enable_module_ellswift], [yes], [yes])])
AC_ARG_ENABLE(external_default_callbacks,
AS_HELP_STRING([--enable-external-default-callbacks],[enable external default callback functions [default=no]]), [],
[SECP_SET_DEFAULT([enable_external_default_callbacks], [no], [no])])
# Test-only override of the (autodetected by the C code) "widemul" setting.
# Legal values are:
# * int64 (for [u]int64_t),
# * int128 (for [unsigned] __int128),
# * int128_struct (for int128 implemented as a structure),
# * and auto (the default).
AC_ARG_WITH([test-override-wide-multiply], [] ,[set_widemul=$withval], [set_widemul=auto])
AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm32|no|auto],
[assembly to use (experimental: arm32) [default=auto]])],[req_asm=$withval], [req_asm=auto])
AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE],
[window size for ecmult precomputation for verification, specified as integer in range [2..24].]
[Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.]
[The table will store 2^(SIZE-1) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.]
[A window size larger than 15 will require you delete the prebuilt precomputed_ecmult.c file so that it can be rebuilt.]
[For very large window sizes, use "make -j 1" to reduce memory use during compilation.]
[The default value is a reasonable setting for desktop machines (currently 15). [default=15]]
)],
[set_ecmult_window=$withval], [set_ecmult_window=15])
AC_ARG_WITH([ecmult-gen-kb], [AS_HELP_STRING([--with-ecmult-gen-kb=2|22|86],
[The size of the precomputed table for signing in multiples of 1024 bytes (on typical platforms).]
[Larger values result in possibly better signing/keygeneration performance at the cost of a larger table.]
[The default value is a reasonable setting for desktop machines (currently 86). [default=86]]
)],
[set_ecmult_gen_kb=$withval], [set_ecmult_gen_kb=86])
AC_ARG_WITH([valgrind], [AS_HELP_STRING([--with-valgrind=yes|no|auto],
[Build with extra checks for running inside Valgrind [default=auto]]
)],
[req_valgrind=$withval], [req_valgrind=auto])
###
### Handle config options (except for modules)
###
if test x"$req_valgrind" = x"no"; then
enable_valgrind=no
else
SECP_VALGRIND_CHECK
if test x"$has_valgrind" != x"yes"; then
if test x"$req_valgrind" = x"yes"; then
AC_MSG_ERROR([Valgrind support explicitly requested but valgrind/memcheck.h header not available])
fi
enable_valgrind=no
else
enable_valgrind=yes
fi
fi
if test x"$enable_ctime_tests" = x"auto"; then
enable_ctime_tests=$enable_valgrind
fi
print_msan_notice=no
if test x"$enable_ctime_tests" = x"yes"; then
SECP_MSAN_CHECK
# MSan on Clang >=16 reports uninitialized memory in function parameters and return values, even if
# the uninitialized variable is never actually "used". This is called "eager" checking, and it's
# sounds like good idea for normal use of MSan. However, it yields many false positives in the
# ctime_tests because many return values depend on secret (i.e., "uninitialized") values, and
# we're only interested in detecting branches (which count as "uses") on secret data.
if test x"$msan_enabled" = x"yes"; then
SECP_TRY_APPEND_CFLAGS([-fno-sanitize-memory-param-retval], SECP_CFLAGS)
print_msan_notice=yes
fi
fi
if test x"$enable_coverage" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DCOVERAGE=1"
SECP_CFLAGS="-O0 --coverage $SECP_CFLAGS"
# If coverage is enabled, and the user has not overridden CFLAGS,
# override Autoconf's value "-g -O2" with "-g". Otherwise we'd end up
# with "-O0 --coverage -g -O2".
if test "$CFLAGS_overridden" = "no"; then
CFLAGS="-g"
fi
LDFLAGS="--coverage $LDFLAGS"
else
# Most likely the CFLAGS already contain -O2 because that is autoconf's default.
# We still add it here because passing it twice is not an issue, and handling
# this case would just add unnecessary complexity (see #896).
SECP_CFLAGS="-O2 $SECP_CFLAGS"
fi
if test x"$req_asm" = x"auto"; then
SECP_X86_64_ASM_CHECK
if test x"$has_x86_64_asm" = x"yes"; then
set_asm=x86_64
fi
if test x"$set_asm" = x; then
set_asm=no
fi
else
set_asm=$req_asm
case $set_asm in
x86_64)
SECP_X86_64_ASM_CHECK
if test x"$has_x86_64_asm" != x"yes"; then
AC_MSG_ERROR([x86_64 assembly requested but not available])
fi
;;
arm32)
SECP_ARM32_ASM_CHECK
if test x"$has_arm32_asm" != x"yes"; then
AC_MSG_ERROR([ARM32 assembly requested but not available])
fi
;;
no)
;;
*)
AC_MSG_ERROR([invalid assembly selection])
;;
esac
fi
# Select assembly
enable_external_asm=no
case $set_asm in
x86_64)
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_ASM_X86_64=1"
;;
arm32)
enable_external_asm=yes
;;
no)
;;
*)
AC_MSG_ERROR([invalid assembly selection])
;;
esac
if test x"$enable_external_asm" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_EXTERNAL_ASM=1"
fi
# Select wide multiplication implementation
case $set_widemul in
int128_struct)
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_FORCE_WIDEMUL_INT128_STRUCT=1"
;;
int128)
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_FORCE_WIDEMUL_INT128=1"
;;
int64)
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_FORCE_WIDEMUL_INT64=1"
;;
auto)
;;
*)
AC_MSG_ERROR([invalid wide multiplication implementation])
;;
esac
error_window_size=['window size for ecmult precomputation not an integer in range [2..24]']
case $set_ecmult_window in
''|*[[!0-9]]*)
# no valid integer
AC_MSG_ERROR($error_window_size)
;;
*)
if test "$set_ecmult_window" -lt 2 -o "$set_ecmult_window" -gt 24 ; then
# not in range
AC_MSG_ERROR($error_window_size)
fi
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DECMULT_WINDOW_SIZE=$set_ecmult_window"
;;
esac
case $set_ecmult_gen_kb in
2)
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DCOMB_BLOCKS=2 -DCOMB_TEETH=5"
;;
22)
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DCOMB_BLOCKS=11 -DCOMB_TEETH=6"
;;
86)
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DCOMB_BLOCKS=43 -DCOMB_TEETH=6"
;;
*)
AC_MSG_ERROR(['ecmult gen table size not 2, 22 or 86'])
;;
esac
if test x"$enable_valgrind" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES $VALGRIND_CPPFLAGS -DVALGRIND"
fi
# Add -Werror and similar flags passed from the outside (for testing, e.g., in CI).
# We don't want to set the user variable CFLAGS in CI because this would disable
# autoconf's logic for setting default CFLAGS, which we would like to test in CI.
SECP_CFLAGS="$SECP_CFLAGS $WERROR_CFLAGS"
###
### Handle module options
###
# Processing must be done in a reverse topological sorting of the dependency graph
# (dependent module first).
if test x"$enable_module_ellswift" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ELLSWIFT=1"
fi
if test x"$enable_module_musig" = x"yes"; then
if test x"$enable_module_schnorrsig" = x"no"; then
AC_MSG_ERROR([Module dependency error: You have disabled the schnorrsig module explicitly, but it is required by the musig module.])
fi
enable_module_schnorrsig=yes
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_MUSIG=1"
fi
if test x"$enable_module_schnorrsig" = x"yes"; then
if test x"$enable_module_extrakeys" = x"no"; then
AC_MSG_ERROR([Module dependency error: You have disabled the extrakeys module explicitly, but it is required by the schnorrsig module.])
fi
enable_module_extrakeys=yes
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_SCHNORRSIG=1"
fi
if test x"$enable_module_extrakeys" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_EXTRAKEYS=1"
fi
if test x"$enable_module_recovery" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_RECOVERY=1"
fi
if test x"$enable_module_ecdh" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDH=1"
fi
if test x"$enable_external_default_callbacks" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1"
fi
###
### Check for --enable-experimental if necessary
###
if test x"$enable_experimental" = x"no"; then
if test x"$set_asm" = x"arm32"; then
AC_MSG_ERROR([ARM32 assembly is experimental. Use --enable-experimental to allow.])
fi
fi
###
### Generate output
###
AC_CONFIG_FILES([Makefile libsecp256k1.pc])
AC_SUBST(SECP_CFLAGS)
AC_SUBST(SECP_CONFIG_DEFINES)
AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"])
AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"])
AM_CONDITIONAL([USE_CTIME_TESTS], [test x"$enable_ctime_tests" = x"yes"])
AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"])
AM_CONDITIONAL([USE_EXAMPLES], [test x"$enable_examples" != x"no"])
AM_CONDITIONAL([USE_BENCHMARK], [test x"$enable_benchmark" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_EXTRAKEYS], [test x"$enable_module_extrakeys" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_SCHNORRSIG], [test x"$enable_module_schnorrsig" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_MUSIG], [test x"$enable_module_musig" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_ELLSWIFT], [test x"$enable_module_ellswift" = x"yes"])
AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$enable_external_asm" = x"yes"])
AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm32"])
AM_CONDITIONAL([BUILD_WINDOWS], [test "$build_windows" = "yes"])
AC_SUBST(LIB_VERSION_CURRENT, _LIB_VERSION_CURRENT)
AC_SUBST(LIB_VERSION_REVISION, _LIB_VERSION_REVISION)
AC_SUBST(LIB_VERSION_AGE, _LIB_VERSION_AGE)
AC_OUTPUT
echo
echo "Build Options:"
echo " with external callbacks = $enable_external_default_callbacks"
echo " with benchmarks = $enable_benchmark"
echo " with tests = $enable_tests"
echo " with exhaustive tests = $enable_exhaustive_tests"
echo " with ctime tests = $enable_ctime_tests"
echo " with coverage = $enable_coverage"
echo " with examples = $enable_examples"
echo " module ecdh = $enable_module_ecdh"
echo " module recovery = $enable_module_recovery"
echo " module extrakeys = $enable_module_extrakeys"
echo " module schnorrsig = $enable_module_schnorrsig"
echo " module musig = $enable_module_musig"
echo " module ellswift = $enable_module_ellswift"
echo
echo " asm = $set_asm"
echo " ecmult window size = $set_ecmult_window"
echo " ecmult gen table size = $set_ecmult_gen_kb KiB"
# Hide test-only options unless they're used.
if test x"$set_widemul" != xauto; then
echo " wide multiplication = $set_widemul"
fi
echo
echo " valgrind = $enable_valgrind"
echo " CC = $CC"
echo " CPPFLAGS = $CPPFLAGS"
echo " SECP_CFLAGS = $SECP_CFLAGS"
echo " CFLAGS = $CFLAGS"
echo " LDFLAGS = $LDFLAGS"
if test x"$print_msan_notice" = x"yes"; then
echo
echo "Note:"
echo " MemorySanitizer detected, tried to add -fno-sanitize-memory-param-retval to SECP_CFLAGS"
echo " to avoid false positives in ctime_tests. Pass --disable-ctime-tests to avoid this."
fi
if test x"$enable_experimental" = x"yes"; then
echo
echo "WARNING: Experimental build"
echo " Experimental features do not have stable APIs or properties, and may not be safe for"
echo " production use."
fi

148
secp256k1.depreciated/contrib/lax_der_parsing.c
View File

@@ -1,148 +0,0 @@
/***********************************************************************
* Copyright (c) 2015 Pieter Wuille *
* Distributed under the MIT software license, see the accompanying *
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
***********************************************************************/
#include <string.h>
#include "lax_der_parsing.h"
int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {
size_t rpos, rlen, spos, slen;
size_t pos = 0;
size_t lenbyte;
unsigned char tmpsig[64] = {0};
int overflow = 0;
/* Hack to initialize sig with a correctly-parsed but invalid signature. */
secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
/* Sequence tag byte */
if (pos == inputlen || input[pos] != 0x30) {
return 0;
}
pos++;
/* Sequence length bytes */
if (pos == inputlen) {
return 0;
}
lenbyte = input[pos++];
if (lenbyte & 0x80) {
lenbyte -= 0x80;
if (lenbyte > inputlen - pos) {
return 0;
}
pos += lenbyte;
}
/* Integer tag byte for R */
if (pos == inputlen || input[pos] != 0x02) {
return 0;
}
pos++;
/* Integer length for R */
if (pos == inputlen) {
return 0;
}
lenbyte = input[pos++];
if (lenbyte & 0x80) {
lenbyte -= 0x80;
if (lenbyte > inputlen - pos) {
return 0;
}
while (lenbyte > 0 && input[pos] == 0) {
pos++;
lenbyte--;
}
if (lenbyte >= sizeof(size_t)) {
return 0;
}
rlen = 0;
while (lenbyte > 0) {
rlen = (rlen << 8) + input[pos];
pos++;
lenbyte--;
}
} else {
rlen = lenbyte;
}
if (rlen > inputlen - pos) {
return 0;
}
rpos = pos;
pos += rlen;
/* Integer tag byte for S */
if (pos == inputlen || input[pos] != 0x02) {
return 0;
}
pos++;
/* Integer length for S */
if (pos == inputlen) {
return 0;
}
lenbyte = input[pos++];
if (lenbyte & 0x80) {
lenbyte -= 0x80;
if (lenbyte > inputlen - pos) {
return 0;
}
while (lenbyte > 0 && input[pos] == 0) {
pos++;
lenbyte--;
}
if (lenbyte >= sizeof(size_t)) {
return 0;
}
slen = 0;
while (lenbyte > 0) {
slen = (slen << 8) + input[pos];
pos++;
lenbyte--;
}
} else {
slen = lenbyte;
}
if (slen > inputlen - pos) {
return 0;
}
spos = pos;
/* Ignore leading zeroes in R */
while (rlen > 0 && input[rpos] == 0) {
rlen--;
rpos++;
}
/* Copy R value */
if (rlen > 32) {
overflow = 1;
} else if (rlen) {
memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
}
/* Ignore leading zeroes in S */
while (slen > 0 && input[spos] == 0) {
slen--;
spos++;
}
/* Copy S value */
if (slen > 32) {
overflow = 1;
} else if (slen) {
memcpy(tmpsig + 64 - slen, input + spos, slen);
}
if (!overflow) {
overflow = !secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
}
if (overflow) {
memset(tmpsig, 0, 64);
secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
}
return 1;
}

97
secp256k1.depreciated/contrib/lax_der_parsing.h
View File

@@ -1,97 +0,0 @@
/***********************************************************************
* Copyright (c) 2015 Pieter Wuille *
* Distributed under the MIT software license, see the accompanying *
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
***********************************************************************/
/****
* Please do not link this file directly. It is not part of the libsecp256k1
* project and does not promise any stability in its API, functionality or
* presence. Projects which use this code should instead copy this header
* and its accompanying .c file directly into their codebase.
****/
/* This file defines a function that parses DER with various errors and
* violations. This is not a part of the library itself, because the allowed
* violations are chosen arbitrarily and do not follow or establish any
* standard.
*
* In many places it matters that different implementations do not only accept
* the same set of valid signatures, but also reject the same set of signatures.
* The only means to accomplish that is by strictly obeying a standard, and not
* accepting anything else.
*
* Nonetheless, sometimes there is a need for compatibility with systems that
* use signatures which do not strictly obey DER. The snippet below shows how
* certain violations are easily supported. You may need to adapt it.
*
* Do not use this for new systems. Use well-defined DER or compact signatures
* instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and
* secp256k1_ecdsa_signature_parse_compact).
*
* The supported violations are:
* - All numbers are parsed as nonnegative integers, even though X.609-0207
* section 8.3.3 specifies that integers are always encoded as two's
* complement.
* - Integers can have length 0, even though section 8.3.1 says they can't.
* - Integers with overly long padding are accepted, violation section
* 8.3.2.
* - 127-byte long length descriptors are accepted, even though section
* 8.1.3.5.c says that they are not.
* - Trailing garbage data inside or after the signature is ignored.
* - The length descriptor of the sequence is ignored.
*
* Compared to for example OpenSSL, many violations are NOT supported:
* - Using overly long tag descriptors for the sequence or integers inside,
* violating section 8.1.2.2.
* - Encoding primitive integers as constructed values, violating section
* 8.3.1.
*/
#ifndef SECP256K1_CONTRIB_LAX_DER_PARSING_H
#define SECP256K1_CONTRIB_LAX_DER_PARSING_H
/* #include secp256k1.h only when it hasn't been included yet.
This enables this file to be #included directly in other project
files (such as tests.c) without the need to set an explicit -I flag,
which would be necessary to locate secp256k1.h. */
#ifndef SECP256K1_H
#include <secp256k1.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/** Parse a signature in "lax DER" format
*
* Returns: 1 when the signature could be parsed, 0 otherwise.
* Args: ctx: a secp256k1 context object
* Out: sig: pointer to a signature object
* In: input: pointer to the signature to be parsed
* inputlen: the length of the array pointed to be input
*
* This function will accept any valid DER encoded signature, even if the
* encoded numbers are out of range. In addition, it will accept signatures
* which violate the DER spec in various ways. Its purpose is to allow
* validation of the Bitcoin blockchain, which includes non-DER signatures
* from before the network rules were updated to enforce DER. Note that
* the set of supported violations is a strict subset of what OpenSSL will
* accept.
*
* After the call, sig will always be initialized. If parsing failed or the
* encoded numbers are out of range, signature validation with it is
* guaranteed to fail for every message and public key.
*/
int ecdsa_signature_parse_der_lax(
const secp256k1_context* ctx,
secp256k1_ecdsa_signature* sig,
const unsigned char *input,
size_t inputlen
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
#ifdef __cplusplus
}
#endif
#endif /* SECP256K1_CONTRIB_LAX_DER_PARSING_H */

Some files were not shown because too many files have changed in this diff Show More