Version v0.3.37 - Implement ChaCha20 nonce extension to support pads larger than 256GB

src/entropy.c

@@ -219,8 +219,22 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
     unsigned char buffer[64 * 1024]; // 64KB chunks
     unsigned char keystream[64 * 1024];
     uint64_t offset = 0;
-    uint32_t counter = 0;
+    uint32_t counter_low = 0;
+    uint32_t counter_high = 0;
     time_t start_time = time(NULL);
+    
+    // Use extended counter for pads larger than 256GB
+    // 256GB = 2^32 blocks * 64 bytes = 274,877,906,944 bytes
+    int use_extended = (pad_size > 274877906944ULL);
+    
+    // For extended mode, use reduced 8-byte nonce
+    unsigned char nonce_reduced[8];
+    if (use_extended) {
+        memcpy(nonce_reduced, nonce + 4, 8);
+        if (display_progress) {
+            printf("Using extended counter mode for large pad (>256GB)\n");
+        }
+    }
 
     while (offset < pad_size) {
         size_t chunk_size = sizeof(buffer);
@@ -237,7 +251,15 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
         }
 
         // Generate keystream for this chunk
-        if (chacha20_encrypt(key, counter, nonce, buffer, keystream, chunk_size) != 0) {
+        int chacha_result;
+        if (use_extended) {
+            chacha_result = chacha20_encrypt_extended(key, counter_low, counter_high,
+                                                      nonce_reduced, buffer, keystream, chunk_size);
+        } else {
+            chacha_result = chacha20_encrypt(key, counter_low, nonce, buffer, keystream, chunk_size);
+        }
+        
+        if (chacha_result != 0) {
             printf("Error: Chacha20 keystream generation failed\n");
             fclose(pad_file);
             chmod(pad_path, S_IRUSR);
@@ -265,7 +287,16 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
         }
 
         offset += chunk_size;
-        counter += (chunk_size + 63) / 64; // Round up for block count
+        
+        // Update counters
+        uint32_t blocks = (chunk_size + 63) / 64; // Round up for block count
+        uint32_t old_counter_low = counter_low;
+        counter_low += blocks;
+        
+        // Check for overflow and increment high counter
+        if (counter_low < old_counter_low) {
+            counter_high++;
+        }
 
         // Show progress for large pads
         if (display_progress && offset % (64 * 1024 * 1024) == 0) { // Every 64MB
@@ -282,7 +313,8 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
 
     if (display_progress) {
         show_progress(pad_size, pad_size, start_time);
-        printf("\n✓ Entropy successfully added to pad using Chacha20\n");
+        printf("\n✓ Entropy successfully added to pad using Chacha20%s\n",
+               use_extended ? " (extended counter)" : "");
         printf("✓ Pad integrity maintained\n");
         printf("✓ %zu bytes of entropy distributed across entire pad\n", entropy_size);
         printf("✓ Pad restored to read-only mode\n");

src/nostr_chacha20.c

@@ -129,8 +129,8 @@ int chacha20_block(const uint8_t key[32], uint32_t counter,
     return 0;
 }
 
-int chacha20_encrypt(const uint8_t key[32], uint32_t counter, 
-                     const uint8_t nonce[12], const uint8_t* input, 
+int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
+                     const uint8_t nonce[12], const uint8_t* input,
                      uint8_t* output, size_t length) {
     uint8_t keystream[CHACHA20_BLOCK_SIZE];
     size_t offset = 0;
@@ -161,3 +161,45 @@ int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
     
     return 0;
 }
+
+int chacha20_encrypt_extended(const uint8_t key[32], uint32_t counter_low,
+                               uint32_t counter_high, const uint8_t nonce[8],
+                               const uint8_t* input, uint8_t* output, size_t length) {
+    uint8_t keystream[CHACHA20_BLOCK_SIZE];
+    uint8_t extended_nonce[12];
+    size_t offset = 0;
+    
+    while (length > 0) {
+        /* Build extended 12-byte nonce: [counter_high (4 bytes)][nonce (8 bytes)] */
+        u32_to_bytes_le(counter_high, extended_nonce);
+        memcpy(extended_nonce + 4, nonce, 8);
+        
+        /* Generate keystream block using extended nonce */
+        int ret = chacha20_block(key, counter_low, extended_nonce, keystream);
+        if (ret != 0) {
+            return ret;
+        }
+        
+        /* XOR with input to produce output */
+        size_t block_len = (length < CHACHA20_BLOCK_SIZE) ? length : CHACHA20_BLOCK_SIZE;
+        for (size_t i = 0; i < block_len; i++) {
+            output[offset + i] = input[offset + i] ^ keystream[i];
+        }
+        
+        /* Move to next block */
+        offset += block_len;
+        length -= block_len;
+        counter_low++;
+        
+        /* Check for counter_low overflow and increment counter_high */
+        if (counter_low == 0) {
+            counter_high++;
+            /* Check for counter_high overflow (extremely unlikely - > 1 exabyte) */
+            if (counter_high == 0) {
+                return -1; /* Extended counter wrapped around */
+            }
+        }
+    }
+    
+    return 0;
+}

src/nostr_chacha20.h

@@ -63,10 +63,10 @@ int chacha20_block(const uint8_t key[32], uint32_t counter,
 
 /**
  * ChaCha20 encryption/decryption
- * 
+ *
  * Encrypts or decrypts data using ChaCha20 stream cipher.
  * Since ChaCha20 is a stream cipher, encryption and decryption are the same operation.
- * 
+ *
  * @param key[in]           32-byte key
  * @param counter[in]       Initial 32-bit counter value
  * @param nonce[in]         12-byte nonce
@@ -75,10 +75,29 @@ int chacha20_block(const uint8_t key[32], uint32_t counter,
  * @param length[in]        Length of input data in bytes
  * @return                  0 on success, negative on error
  */
-int chacha20_encrypt(const uint8_t key[32], uint32_t counter, 
-                     const uint8_t nonce[12], const uint8_t* input, 
+int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
+                     const uint8_t nonce[12], const uint8_t* input,
                      uint8_t* output, size_t length);
 
+/**
+ * ChaCha20 encryption/decryption with extended counter (64-bit)
+ *
+ * Extended version that supports files larger than 256GB by using
+ * part of the nonce as a high-order counter extension.
+ *
+ * @param key[in]           32-byte key
+ * @param counter_low[in]   Initial 32-bit counter value (low bits)
+ * @param counter_high[in]  Initial 32-bit counter value (high bits)
+ * @param nonce[in]         8-byte reduced nonce (instead of 12)
+ * @param input[in]         Input data to encrypt/decrypt
+ * @param output[out]       Output buffer (can be same as input)
+ * @param length[in]        Length of input data in bytes
+ * @return                  0 on success, negative on error
+ */
+int chacha20_encrypt_extended(const uint8_t key[32], uint32_t counter_low,
+                               uint32_t counter_high, const uint8_t nonce[8],
+                               const uint8_t* input, uint8_t* output, size_t length);
+
 /*
  * ============================================================================
  * UTILITY FUNCTIONS