Version v0.2.106 - Test version string replacement

.gitignore

@@ -3,7 +3,4 @@ pads/
 Gemini.md
 TropicOfCancer-HenryMiller.txt
 
-# Auto-generated version files
-src/version.h
-src/version.c
-VERSION
+# Auto-generated files (none currently)

GENERIC_AUTOMATIC_VERSIONING_GUIDE.md

@@ -1,361 +0,0 @@
-# Generic Automatic Version Increment System for Any Repository
-
-Here's a generalized implementation guide for adding automatic versioning to any project:
-
-## Core Concept
-**Automatic patch version increment with each build** - Every build automatically increments the patch version: v0.1.0 → v0.1.1 → v0.1.2, etc.
-
-## Implementation Steps
-
-### 1. Add Version Increment Function to Build Script
-Add this function to your build script (bash example):
-
-```bash
-# Function to automatically increment version
-increment_version() {
-    echo "[INFO] Incrementing version..."
-    
-    # Check if we're in a git repository
-    if ! git rev-parse --git-dir > /dev/null 2>&1; then
-        echo "[WARNING] Not in a git repository - skipping version increment"
-        return 0
-    fi
-    
-    # Get the highest version tag (not chronologically latest)
-    LATEST_TAG=$(git tag -l 'v*.*.*' | sort -V | tail -n 1 || echo "v0.1.0")
-    if [[ -z "$LATEST_TAG" ]]; then
-        LATEST_TAG="v0.1.0"
-    fi
-    
-    # Extract version components (remove 'v' prefix)
-    VERSION=${LATEST_TAG#v}
-    
-    # Parse major.minor.patch using regex
-    if [[ $VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-        MAJOR=${BASH_REMATCH[1]}
-        MINOR=${BASH_REMATCH[2]}
-        PATCH=${BASH_REMATCH[3]}
-    else
-        echo "[ERROR] Invalid version format in tag: $LATEST_TAG"
-        echo "[ERROR] Expected format: v0.1.0"
-        return 1
-    fi
-    
-    # Increment patch version
-    NEW_PATCH=$((PATCH + 1))
-    NEW_VERSION="v${MAJOR}.${MINOR}.${NEW_PATCH}"
-    
-    echo "[INFO] Current version: $LATEST_TAG"
-    echo "[INFO] New version: $NEW_VERSION"
-    
-    # Create new git tag
-    if git tag "$NEW_VERSION" 2>/dev/null; then
-        echo "[SUCCESS] Created new version tag: $NEW_VERSION"
-    else
-        echo "[WARNING] Tag $NEW_VERSION already exists - using existing version"
-        NEW_VERSION=$LATEST_TAG
-    fi
-    
-    # Update VERSION file for compatibility
-    echo "${NEW_VERSION#v}" > VERSION
-    echo "[SUCCESS] Updated VERSION file to ${NEW_VERSION#v}"
-}
-```
-
-### 2. Generate Version Header Files (For C/C++ Projects)
-Add this to the increment_version function:
-
-```bash
-# Generate version.h header file (adjust path as needed)
-cat > src/version.h << EOF
-/*
- * Auto-Generated Version Header
- * DO NOT EDIT THIS FILE MANUALLY - Generated by build script
- */
-
-#ifndef VERSION_H
-#define VERSION_H
-
-#define VERSION_MAJOR ${MAJOR}
-#define VERSION_MINOR ${MINOR}
-#define VERSION_PATCH ${NEW_PATCH}
-#define VERSION_STRING "${MAJOR}.${MINOR}.${NEW_PATCH}"
-#define VERSION_TAG "${NEW_VERSION}"
-
-/* Build information */
-#define BUILD_DATE "$(date +%Y-%m-%d)"
-#define BUILD_TIME "$(date +%H:%M:%S)"
-#define BUILD_TIMESTAMP "$(date '+%Y-%m-%d %H:%M:%S')"
-
-/* Git information */
-#define GIT_HASH "$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')"
-#define GIT_BRANCH "$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo 'unknown')"
-
-/* Display versions */
-#define VERSION_DISPLAY "${NEW_VERSION}"
-#define VERSION_FULL_DISPLAY "${NEW_VERSION} ($(date '+%Y-%m-%d %H:%M:%S'), $(git rev-parse --short HEAD 2>/dev/null || echo 'unknown'))"
-
-/* Version API functions */
-const char* get_version(void);
-const char* get_version_full(void);
-const char* get_build_info(void);
-
-#endif /* VERSION_H */
-EOF
-
-# Generate version.c implementation file
-cat > src/version.c << EOF
-/*
- * Auto-Generated Version Implementation
- * DO NOT EDIT THIS FILE MANUALLY - Generated by build script
- */
-
-#include "version.h"
-
-const char* get_version(void) {
-    return VERSION_TAG;
-}
-
-const char* get_version_full(void) {
-    return VERSION_FULL_DISPLAY;
-}
-
-const char* get_build_info(void) {
-    return "Built on " BUILD_DATE " at " BUILD_TIME " from commit " GIT_HASH " on branch " GIT_BRANCH;
-}
-EOF
-```
-
-### 3. Generate Version File for Other Languages
-
-**Python (`src/__version__.py`):**
-```bash
-cat > src/__version__.py << EOF
-"""Auto-generated version file"""
-__version__ = "${MAJOR}.${MINOR}.${NEW_PATCH}"
-__version_tag__ = "${NEW_VERSION}"
-__build_date__ = "$(date +%Y-%m-%d)"
-__build_time__ = "$(date +%H:%M:%S)"
-__git_hash__ = "$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')"
-__git_branch__ = "$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo 'unknown')"
-EOF
-```
-
-**JavaScript/Node.js (update `package.json`):**
-```bash
-# Update package.json version field
-if [ -f package.json ]; then
-    sed -i "s/\"version\": \".*\"/\"version\": \"${MAJOR}.${MINOR}.${NEW_PATCH}\"/" package.json
-fi
-```
-
-**Rust (update `Cargo.toml`):**
-```bash
-if [ -f Cargo.toml ]; then
-    sed -i "s/^version = \".*\"/version = \"${MAJOR}.${MINOR}.${NEW_PATCH}\"/" Cargo.toml
-fi
-```
-
-**Go (generate `version.go`):**
-```bash
-cat > version.go << EOF
-// Auto-generated version file
-package main
-
-const (
-    VersionMajor = ${MAJOR}
-    VersionMinor = ${MINOR}
-    VersionPatch = ${NEW_PATCH}
-    VersionString = "${MAJOR}.${MINOR}.${NEW_PATCH}"
-    VersionTag = "${NEW_VERSION}"
-    BuildDate = "$(date +%Y-%m-%d)"
-    BuildTime = "$(date +%H:%M:%S)"
-    GitHash = "$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')"
-    GitBranch = "$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo 'unknown')"
-)
-EOF
-```
-
-**Java (generate `Version.java`):**
-```bash
-cat > src/main/java/Version.java << EOF
-// Auto-generated version class
-public class Version {
-    public static final int VERSION_MAJOR = ${MAJOR};
-    public static final int VERSION_MINOR = ${MINOR};
-    public static final int VERSION_PATCH = ${NEW_PATCH};
-    public static final String VERSION_STRING = "${MAJOR}.${MINOR}.${NEW_PATCH}";
-    public static final String VERSION_TAG = "${NEW_VERSION}";
-    public static final String BUILD_DATE = "$(date +%Y-%m-%d)";
-    public static final String BUILD_TIME = "$(date +%H:%M:%S)";
-    public static final String GIT_HASH = "$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')";
-    public static final String GIT_BRANCH = "$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo 'unknown')";
-}
-EOF
-```
-
-### 4. Integrate into Build Targets
-Call `increment_version` before your main build commands:
-
-```bash
-build_library() {
-    increment_version
-    echo "[INFO] Building library..."
-    # Your actual build commands here
-    make clean && make
-}
-
-build_release() {
-    increment_version
-    echo "[INFO] Building release..."
-    # Your release build commands
-}
-
-build_package() {
-    increment_version
-    echo "[INFO] Building package..."
-    # Your packaging commands
-}
-```
-
-### 5. Update .gitignore
-Add generated version files to `.gitignore`:
-
-```gitignore
-# Auto-generated version files
-src/version.h
-src/version.c
-src/__version__.py
-version.go
-src/main/java/Version.java
-VERSION
-```
-
-### 6. Update Build System Files
-
-**For Makefile projects:**
-```makefile
-# Add version.c to your source files
-SOURCES = main.c utils.c version.c
-```
-
-**For CMake projects:**
-```cmake
-# Add version files to your target
-target_sources(your_target PRIVATE src/version.c)
-```
-
-**For Node.js projects:**
-```json
-{
-  "scripts": {
-    "build": "node build.js && increment_version",
-    "version": "node -e \"console.log(require('./package.json').version)\""
-  }
-}
-```
-
-### 7. Create Initial Version Tag
-```bash
-# Start with initial version
-git tag v0.1.0
-```
-
-## Usage Pattern
-```bash
-./build.sh          # v0.1.0 → v0.1.1
-./build.sh release  # v0.1.1 → v0.1.2
-./build.sh package  # v0.1.2 → v0.1.3
-```
-
-## Manual Version Control
-
-### Major/Minor Version Bumps
-```bash
-# For feature releases (minor bump)
-git tag v0.2.0  # Next build: v0.2.1
-
-# For breaking changes (major bump)
-git tag v1.0.0  # Next build: v1.0.1
-```
-
-### Version Reset
-```bash
-# Delete incorrect tags (if needed)
-git tag -d v0.2.1
-git push origin --delete v0.2.1  # If pushed to remote
-
-# Create correct base version
-git tag v0.2.0
-
-# Next build will create v0.2.1
-```
-
-## Example Build Script Template
-```bash
-#!/bin/bash
-set -e
-
-# Colors for output
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-BLUE='\033[0;34m'
-NC='\033[0m'
-
-print_status() { echo -e "${BLUE}[INFO]${NC} $1"; }
-print_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
-print_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
-print_error() { echo -e "${RED}[ERROR]${NC} $1"; }
-
-# Insert increment_version function here
-
-case "${1:-build}" in
-    build)
-        increment_version
-        print_status "Building project..."
-        # Your build commands
-        ;;
-    clean)
-        print_status "Cleaning build artifacts..."
-        # Your clean commands
-        ;;
-    test)
-        print_status "Running tests..."
-        # Your test commands (no version increment)
-        ;;
-    release)
-        increment_version
-        print_status "Building release..."
-        # Your release commands
-        ;;
-    *)
-        echo "Usage: $0 {build|clean|test|release}"
-        exit 1
-        ;;
-esac
-```
-
-## Benefits
-1. **Zero maintenance** - No manual version editing
-2. **Build traceability** - Every build has unique version + metadata
-3. **Git integration** - Automatic version tags
-4. **Language agnostic** - Adapt generation for any language
-5. **CI/CD friendly** - Works in automated environments
-6. **Rollback friendly** - Easy to revert to previous versions
-
-## Troubleshooting
-
-### Version Not Incrementing
-- Ensure you're in a git repository
-- Check that git tags exist: `git tag --list`
-- Verify tag format matches `v*.*.*` pattern
-
-### Tag Already Exists
-If a tag already exists, the build continues with existing version:
-```
-[WARNING] Tag v0.2.1 already exists - using existing version
-```
-
-### Missing Git Information
-If git is unavailable, version files show "unknown" for git hash and branch.

Makefile

@@ -1,22 +1,21 @@
 CC = gcc
 CFLAGS = -Wall -Wextra -std=c99
-LIBS = 
-LIBS_STATIC = -static
+LIBS = -lm
+LIBS_STATIC = -static -lm
 TARGET = otp
 SOURCE = otp.c
-VERSION_SOURCE = src/version.c
+CHACHA20_SOURCE = nostr_chacha20.c
 
 # Default build target
 $(TARGET): $(SOURCE)
-	$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(VERSION_SOURCE) $(LIBS)
+	$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(CHACHA20_SOURCE) $(LIBS)
 
 # Static linking target
 static: $(SOURCE)
-	$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(VERSION_SOURCE) $(LIBS_STATIC)
+	$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(CHACHA20_SOURCE) $(LIBS_STATIC)
 
 clean:
 	rm -f $(TARGET) *.pad *.state
-	rm -f src/version.h src/version.c VERSION
 
 install:
 	sudo cp $(TARGET) /usr/local/bin/

README.md

@@ -151,10 +151,7 @@ git tag v1.0.0    # Next build: v1.0.1
 - Full version display with metadata
 
 ### Generated Files
-The build system automatically generates:
-- `src/version.h` - Version constants and macros
-- `src/version.c` - Version API functions  
-- `VERSION` - Plain text version number
+The build system automatically manages Git versioning by incrementing tags.
 
 These files are excluded from git (.gitignore) and regenerated on each build.
 
@@ -176,9 +173,6 @@ otp/
 ├── otp.c            # Main source code
 ├── README.md        # This file
 ├── .gitignore       # Git ignore rules
-├── src/             # Generated version files (auto-created)
-│   ├── version.h    # Version header (generated)
-│   └── version.c    # Version implementation (generated)
 ├── pads/            # OTP pad storage directory (created at runtime)
 └── VERSION          # Plain text version (generated)
 ```

TODO.md

@@ -1,24 +1,3 @@
 # TODO
 
-
-## Change technique for adding keyboard entropy.
-
-## Some of the processing seems similar, so maybe code could be more compact.
-
-## Command line otp -e should go to default pad, and then comment after the fact that it used the default pad.
-
-## There is the problem of the location of the pad revealing metadata about how many messages have been sent in the past, or at least the size of the messsages.
-
-One solution could be to start the pad at a random location, and then wrap around, so an attacker could never tell the size of the past text sent.  This helps. But then you have to store the start location, which you could do within the header of the pad along with the pad?
-
-Or, better yet, assume the offset is a very large size, and use the pad itself to encrypt the offset. 
-
-## Take a look at how the file header is being handled.
-
-## We have three different decrypt file functions
-
-## Preferences directory and files look off. Should probably have ~/.otp as the default directory, and then in there we can have otp.conf, pads/ 
-
-## Setup for multiple USB drives
-
-
+## The pad menu in interactive encrypt mode gives numbers instead of checksum selection

build.sh

@@ -100,13 +100,13 @@ increment_version() {
         print_success "Created new version tag: $NEW_VERSION"
         
         # Push changes and tags to remote repository
-        if git push ssh://ubuntu@laantungir.net:/home/ubuntu/git_repos/otp 2>/dev/null; then
+        if git push 2>/dev/null; then
             print_success "Pushed changes to remote repository"
         else
             print_warning "Failed to push changes to remote repository"
         fi
         
-        if git push ssh://ubuntu@laantungir.net:/home/ubuntu/git_repos/otp --tags 2>/dev/null; then
+        if git push --tags 2>/dev/null; then
             print_success "Pushed tags to remote repository"
         else
             print_warning "Failed to push tags to remote repository"
@@ -123,71 +123,31 @@ increment_version() {
         fi
     fi
     
-    # Update VERSION file for compatibility
-    echo "${NEW_VERSION#v}" > VERSION
-    print_success "Updated VERSION file to ${NEW_VERSION#v}"
+    # Update version strings in source code
+    update_source_version "$NEW_VERSION"
     
-    # Generate version.h header file
-    mkdir -p src
-    cat > src/version.h << EOF
-/*
- * Auto-Generated Version Header
- * DO NOT EDIT THIS FILE MANUALLY - Generated by build script
- */
-
-#ifndef VERSION_H
-#define VERSION_H
-
-#define VERSION_MAJOR ${MAJOR}
-#define VERSION_MINOR ${MINOR}
-#define VERSION_PATCH ${NEW_PATCH}
-#define VERSION_STRING "${MAJOR}.${MINOR}.${NEW_PATCH}"
-#define VERSION_TAG "${NEW_VERSION}"
-
-/* Build information */
-#define BUILD_DATE "$(date +%Y-%m-%d)"
-#define BUILD_TIME "$(date +%H:%M:%S)"
-#define BUILD_TIMESTAMP "$(date '+%Y-%m-%d %H:%M:%S')"
-
-/* Git information */
-#define GIT_HASH "$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')"
-#define GIT_BRANCH "$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo 'unknown')"
-
-/* Display versions */
-#define VERSION_DISPLAY "${NEW_VERSION}"
-#define VERSION_FULL_DISPLAY "${NEW_VERSION} ($(date '+%Y-%m-%d %H:%M:%S'), $(git rev-parse --short HEAD 2>/dev/null || echo 'unknown'))"
-
-/* Version API functions */
-const char* get_version(void);
-const char* get_version_full(void);
-const char* get_build_info(void);
-
-#endif /* VERSION_H */
-EOF
-
-    # Generate version.c implementation file
-    cat > src/version.c << EOF
-/*
- * Auto-Generated Version Implementation
- * DO NOT EDIT THIS FILE MANUALLY - Generated by build script
- */
-
-#include "version.h"
-
-const char* get_version(void) {
-    return VERSION_TAG;
+    print_success "Version updated to ${NEW_VERSION}"
 }
 
-const char* get_version_full(void) {
-    return VERSION_FULL_DISPLAY;
-}
-
-const char* get_build_info(void) {
-    return "Built on " BUILD_DATE " at " BUILD_TIME " from commit " GIT_HASH " on branch " GIT_BRANCH;
-}
-EOF
-
-    print_success "Generated version header files"
+# Function to update version strings in source code
+update_source_version() {
+    local NEW_VERSION="$1"
+    
+    print_status "Updating version strings in source code..."
+    
+    # Replace hardcoded version strings in otp.c with the current git tag
+    if [ -f "otp.c" ]; then
+        # Update main menu version
+        sed -i "s/OTP v[0-9]\+\.[0-9]\+\.[0-9]\+/OTP $NEW_VERSION/g" otp.c
+        # Update ASCII output version
+        sed -i "s/Version: v[0-9]\+\.[0-9]\+\.[0-9]\+/Version: $NEW_VERSION/g" otp.c
+        # Update usage/help text version
+        sed -i "s/Implementation v[0-9]\+\.[0-9]\+\.[0-9]\+/Implementation $NEW_VERSION/g" otp.c
+        
+        print_success "Updated version strings in otp.c to $NEW_VERSION"
+    else
+        print_warning "otp.c not found - skipping version string updates"
+    fi
 }
 
 # Build functions
@@ -222,7 +182,6 @@ build_static() {
 clean_project() {
     print_status "Cleaning build artifacts..."
     make clean
-    rm -f VERSION src/version.h src/version.c
     print_success "Clean completed"
 }
 
@@ -265,28 +224,23 @@ case "${1:-build}" in
     uninstall)
         uninstall_project
         ;;
-    version)
-        increment_version
-        print_status "Version information generated"
-        ;;
     *)
         echo "OTP Cipher Build Script"
-        echo "Usage: $0 [-m \"commit message\"] {build|static|clean|install|uninstall|version}"
+        echo "Usage: $0 [-m \"commit message\"] {build|static|clean|install|uninstall}"
         echo ""
         echo "Options:"
         echo "  -m, --message \"text\"  - Specify commit message (skips interactive prompt)"
         echo ""
         echo "Commands:"
         echo "  build     - Build project with automatic version increment (default)"
-        echo "  static    - Build with static linking"
-        echo "  clean     - Clean build artifacts and generated files"
+        echo "  static    - Build with static linking and version increment"
+        echo "  clean     - Clean build artifacts"
         echo "  install   - Install to system (requires build first)"
         echo "  uninstall - Remove from system"
-        echo "  version   - Generate version files only"
         echo ""
         echo "Examples:"
-        echo "  $0 build"
-        echo "  $0 -m \"Fixed checksum parsing bug\" build"
+        echo "  $0"
+        echo "  $0 -m \"Fixed checksum parsing bug\""
         echo "  $0 --message \"Added new feature\" static"
         exit 1
         ;;

files/o2.txt.otp.asc

@@ -0,0 +1,7 @@
+-----BEGIN OTP MESSAGE-----
+Version: v1.0.0
+Pad-ChkSum: d0aaeb745bfbc62b1ed8c0eca4f8dc016f4fd9ed49130979f2bb25a2a3c8192e
+Pad-Offset: 128
+
+6+JsEJWRpLI2Z62tSw3EMiIjyTWVk0IfSek1to0/nYPXrswMzCtlultBcA==
+-----END OTP MESSAGE-----

nostr_chacha20.c

@@ -0,0 +1,163 @@
+/*
+ * nostr_chacha20.c - ChaCha20 stream cipher implementation
+ * 
+ * Implementation based on RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols"
+ * 
+ * This implementation is adapted from the RFC 8439 reference specification.
+ * It prioritizes correctness and clarity over performance optimization.
+ */
+
+#include "nostr_chacha20.h"
+#include <string.h>
+
+/*
+ * ============================================================================
+ * UTILITY MACROS AND FUNCTIONS
+ * ============================================================================
+ */
+
+/* Left rotate a 32-bit value by n bits */
+#define ROTLEFT(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
+
+/* Convert 4 bytes to 32-bit little-endian */
+static uint32_t bytes_to_u32_le(const uint8_t *bytes) {
+    return ((uint32_t)bytes[0]) |
+           ((uint32_t)bytes[1] << 8) |
+           ((uint32_t)bytes[2] << 16) |
+           ((uint32_t)bytes[3] << 24);
+}
+
+/* Convert 32-bit to 4 bytes little-endian */
+static void u32_to_bytes_le(uint32_t val, uint8_t *bytes) {
+    bytes[0] = (uint8_t)(val & 0xff);
+    bytes[1] = (uint8_t)((val >> 8) & 0xff);
+    bytes[2] = (uint8_t)((val >> 16) & 0xff);
+    bytes[3] = (uint8_t)((val >> 24) & 0xff);
+}
+
+/*
+ * ============================================================================
+ * CHACHA20 CORE FUNCTIONS
+ * ============================================================================
+ */
+
+void chacha20_quarter_round(uint32_t state[16], int a, int b, int c, int d) {
+    state[a] += state[b]; 
+    state[d] ^= state[a]; 
+    state[d] = ROTLEFT(state[d], 16);
+    
+    state[c] += state[d]; 
+    state[b] ^= state[c]; 
+    state[b] = ROTLEFT(state[b], 12);
+    
+    state[a] += state[b]; 
+    state[d] ^= state[a]; 
+    state[d] = ROTLEFT(state[d], 8);
+    
+    state[c] += state[d]; 
+    state[b] ^= state[c]; 
+    state[b] = ROTLEFT(state[b], 7);
+}
+
+void chacha20_init_state(uint32_t state[16], const uint8_t key[32], 
+                         uint32_t counter, const uint8_t nonce[12]) {
+    /* ChaCha20 constants "expand 32-byte k" */
+    state[0] = 0x61707865;
+    state[1] = 0x3320646e;
+    state[2] = 0x79622d32;
+    state[3] = 0x6b206574;
+    
+    /* Key (8 words) */
+    state[4]  = bytes_to_u32_le(key + 0);
+    state[5]  = bytes_to_u32_le(key + 4);
+    state[6]  = bytes_to_u32_le(key + 8);
+    state[7]  = bytes_to_u32_le(key + 12);
+    state[8]  = bytes_to_u32_le(key + 16);
+    state[9]  = bytes_to_u32_le(key + 20);
+    state[10] = bytes_to_u32_le(key + 24);
+    state[11] = bytes_to_u32_le(key + 28);
+    
+    /* Counter (1 word) */
+    state[12] = counter;
+    
+    /* Nonce (3 words) */
+    state[13] = bytes_to_u32_le(nonce + 0);
+    state[14] = bytes_to_u32_le(nonce + 4);
+    state[15] = bytes_to_u32_le(nonce + 8);
+}
+
+void chacha20_serialize_state(const uint32_t state[16], uint8_t output[64]) {
+    for (int i = 0; i < 16; i++) {
+        u32_to_bytes_le(state[i], output + (i * 4));
+    }
+}
+
+int chacha20_block(const uint8_t key[32], uint32_t counter, 
+                   const uint8_t nonce[12], uint8_t output[64]) {
+    uint32_t state[16];
+    uint32_t initial_state[16];
+    
+    /* Initialize state */
+    chacha20_init_state(state, key, counter, nonce);
+    
+    /* Save initial state for later addition */
+    memcpy(initial_state, state, sizeof(initial_state));
+    
+    /* Perform 20 rounds (10 iterations of the 8 quarter rounds) */
+    for (int i = 0; i < 10; i++) {
+        /* Column rounds */
+        chacha20_quarter_round(state, 0, 4, 8,  12);
+        chacha20_quarter_round(state, 1, 5, 9,  13);
+        chacha20_quarter_round(state, 2, 6, 10, 14);
+        chacha20_quarter_round(state, 3, 7, 11, 15);
+        
+        /* Diagonal rounds */
+        chacha20_quarter_round(state, 0, 5, 10, 15);
+        chacha20_quarter_round(state, 1, 6, 11, 12);
+        chacha20_quarter_round(state, 2, 7, 8,  13);
+        chacha20_quarter_round(state, 3, 4, 9,  14);
+    }
+    
+    /* Add initial state back (prevents slide attacks) */
+    for (int i = 0; i < 16; i++) {
+        state[i] += initial_state[i];
+    }
+    
+    /* Serialize to output bytes */
+    chacha20_serialize_state(state, output);
+    
+    return 0;
+}
+
+int chacha20_encrypt(const uint8_t key[32], uint32_t counter, 
+                     const uint8_t nonce[12], const uint8_t* input, 
+                     uint8_t* output, size_t length) {
+    uint8_t keystream[CHACHA20_BLOCK_SIZE];
+    size_t offset = 0;
+    
+    while (length > 0) {
+        /* Generate keystream block */
+        int ret = chacha20_block(key, counter, nonce, keystream);
+        if (ret != 0) {
+            return ret;
+        }
+        
+        /* XOR with input to produce output */
+        size_t block_len = (length < CHACHA20_BLOCK_SIZE) ? length : CHACHA20_BLOCK_SIZE;
+        for (size_t i = 0; i < block_len; i++) {
+            output[offset + i] = input[offset + i] ^ keystream[i];
+        }
+        
+        /* Move to next block */
+        offset += block_len;
+        length -= block_len;
+        counter++;
+        
+        /* Check for counter overflow */
+        if (counter == 0) {
+            return -1; /* Counter wrapped around */
+        }
+    }
+    
+    return 0;
+}

nostr_chacha20.h

@@ -0,0 +1,115 @@
+/*
+ * nostr_chacha20.h - ChaCha20 stream cipher implementation
+ * 
+ * Implementation based on RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols"
+ * 
+ * This is a small, portable implementation for NIP-44 support in the NOSTR library.
+ * The implementation prioritizes correctness and simplicity over performance.
+ */
+
+#ifndef NOSTR_CHACHA20_H
+#define NOSTR_CHACHA20_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * ============================================================================
+ * CONSTANTS AND DEFINITIONS
+ * ============================================================================
+ */
+
+#define CHACHA20_KEY_SIZE    32  /* 256 bits */
+#define CHACHA20_NONCE_SIZE  12  /* 96 bits */
+#define CHACHA20_BLOCK_SIZE  64  /* 512 bits */
+
+/*
+ * ============================================================================
+ * CORE CHACHA20 FUNCTIONS
+ * ============================================================================
+ */
+
+/**
+ * ChaCha20 quarter round operation
+ * 
+ * Operates on four 32-bit words performing the core ChaCha20 quarter round:
+ * a += b; d ^= a; d <<<= 16;
+ * c += d; b ^= c; b <<<= 12;
+ * a += b; d ^= a; d <<<= 8;
+ * c += d; b ^= c; b <<<= 7;
+ * 
+ * @param state[in,out] ChaCha state as 16 32-bit words
+ * @param a, b, c, d    Indices into state array for quarter round
+ */
+void chacha20_quarter_round(uint32_t state[16], int a, int b, int c, int d);
+
+/**
+ * ChaCha20 block function
+ * 
+ * Transforms a 64-byte input block using ChaCha20 algorithm with 20 rounds.
+ * 
+ * @param key[in]       32-byte key
+ * @param counter[in]   32-bit block counter
+ * @param nonce[in]     12-byte nonce
+ * @param output[out]   64-byte output buffer
+ * @return              0 on success, negative on error
+ */
+int chacha20_block(const uint8_t key[32], uint32_t counter, 
+                   const uint8_t nonce[12], uint8_t output[64]);
+
+/**
+ * ChaCha20 encryption/decryption
+ * 
+ * Encrypts or decrypts data using ChaCha20 stream cipher.
+ * Since ChaCha20 is a stream cipher, encryption and decryption are the same operation.
+ * 
+ * @param key[in]           32-byte key
+ * @param counter[in]       Initial 32-bit counter value
+ * @param nonce[in]         12-byte nonce
+ * @param input[in]         Input data to encrypt/decrypt
+ * @param output[out]       Output buffer (can be same as input)
+ * @param length[in]        Length of input data in bytes
+ * @return                  0 on success, negative on error
+ */
+int chacha20_encrypt(const uint8_t key[32], uint32_t counter, 
+                     const uint8_t nonce[12], const uint8_t* input, 
+                     uint8_t* output, size_t length);
+
+/*
+ * ============================================================================
+ * UTILITY FUNCTIONS
+ * ============================================================================
+ */
+
+/**
+ * Initialize ChaCha20 state matrix
+ * 
+ * Sets up the initial 16-word state matrix with constants, key, counter, and nonce.
+ * 
+ * @param state[out]    16-word state array to initialize
+ * @param key[in]       32-byte key
+ * @param counter[in]   32-bit block counter
+ * @param nonce[in]     12-byte nonce
+ */
+void chacha20_init_state(uint32_t state[16], const uint8_t key[32], 
+                         uint32_t counter, const uint8_t nonce[12]);
+
+/**
+ * Serialize ChaCha20 state to bytes
+ * 
+ * Converts 16 32-bit words to 64 bytes in little-endian format.
+ * 
+ * @param state[in]     16-word state array
+ * @param output[out]   64-byte output buffer
+ */
+void chacha20_serialize_state(const uint32_t state[16], uint8_t output[64]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NOSTR_CHACHA20_H */