Version v0.2.103 - Various

Makefile

@@ -1,22 +1,21 @@
 CC = gcc
 CFLAGS = -Wall -Wextra -std=c99
-LIBS = 
-LIBS_STATIC = -static
+LIBS = -lm
+LIBS_STATIC = -static -lm
 TARGET = otp
 SOURCE = otp.c
-VERSION_SOURCE = src/version.c
+CHACHA20_SOURCE = nostr_chacha20.c
 
 # Default build target
 $(TARGET): $(SOURCE)
-	$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(VERSION_SOURCE) $(LIBS)
+	$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(CHACHA20_SOURCE) $(LIBS)
 
 # Static linking target
 static: $(SOURCE)
-	$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(VERSION_SOURCE) $(LIBS_STATIC)
+	$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(CHACHA20_SOURCE) $(LIBS_STATIC)
 
 clean:
 	rm -f $(TARGET) *.pad *.state
-	rm -f src/version.h src/version.c VERSION
 
 install:
 	sudo cp $(TARGET) /usr/local/bin/

TODO.md

@@ -1,26 +1,3 @@
 # TODO
 
-
-## Change technique for adding keyboard entropy.
-
-## Some of the processing seems similar, so maybe code could be more compact.
-
-## Command line otp -e should go to default pad, and then comment after the fact that it used the default pad.
-
-## There is the problem of the location of the pad revealing metadata about how many messages have been sent in the past, or at least the size of the messsages.
-
-One solution could be to start the pad at a random location, and then wrap around, so an attacker could never tell the size of the past text sent.  This helps. But then you have to store the start location, which you could do within the header of the pad along with the pad?
-
-Or, better yet, assume the offset is a very large size, and use the pad itself to encrypt the offset. 
-
-## Take a look at how the file header is being handled.
-
-## We have three different decrypt file functions
-
-## Preferences directory and files look off. Should probably have ~/.otp as the default directory, and then in there we can have otp.conf, pads/ 
-
-## Setup for multiple USB drives
-
-
-## Change back in pad menu to exit
-
+## The pad menu in interactive encrypt mode gives numbers instead of checksum selection

nostr_chacha20.c

@@ -0,0 +1,163 @@
+/*
+ * nostr_chacha20.c - ChaCha20 stream cipher implementation
+ * 
+ * Implementation based on RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols"
+ * 
+ * This implementation is adapted from the RFC 8439 reference specification.
+ * It prioritizes correctness and clarity over performance optimization.
+ */
+
+#include "nostr_chacha20.h"
+#include <string.h>
+
+/*
+ * ============================================================================
+ * UTILITY MACROS AND FUNCTIONS
+ * ============================================================================
+ */
+
+/* Left rotate a 32-bit value by n bits */
+#define ROTLEFT(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
+
+/* Convert 4 bytes to 32-bit little-endian */
+static uint32_t bytes_to_u32_le(const uint8_t *bytes) {
+    return ((uint32_t)bytes[0]) |
+           ((uint32_t)bytes[1] << 8) |
+           ((uint32_t)bytes[2] << 16) |
+           ((uint32_t)bytes[3] << 24);
+}
+
+/* Convert 32-bit to 4 bytes little-endian */
+static void u32_to_bytes_le(uint32_t val, uint8_t *bytes) {
+    bytes[0] = (uint8_t)(val & 0xff);
+    bytes[1] = (uint8_t)((val >> 8) & 0xff);
+    bytes[2] = (uint8_t)((val >> 16) & 0xff);
+    bytes[3] = (uint8_t)((val >> 24) & 0xff);
+}
+
+/*
+ * ============================================================================
+ * CHACHA20 CORE FUNCTIONS
+ * ============================================================================
+ */
+
+void chacha20_quarter_round(uint32_t state[16], int a, int b, int c, int d) {
+    state[a] += state[b]; 
+    state[d] ^= state[a]; 
+    state[d] = ROTLEFT(state[d], 16);
+    
+    state[c] += state[d]; 
+    state[b] ^= state[c]; 
+    state[b] = ROTLEFT(state[b], 12);
+    
+    state[a] += state[b]; 
+    state[d] ^= state[a]; 
+    state[d] = ROTLEFT(state[d], 8);
+    
+    state[c] += state[d]; 
+    state[b] ^= state[c]; 
+    state[b] = ROTLEFT(state[b], 7);
+}
+
+void chacha20_init_state(uint32_t state[16], const uint8_t key[32], 
+                         uint32_t counter, const uint8_t nonce[12]) {
+    /* ChaCha20 constants "expand 32-byte k" */
+    state[0] = 0x61707865;
+    state[1] = 0x3320646e;
+    state[2] = 0x79622d32;
+    state[3] = 0x6b206574;
+    
+    /* Key (8 words) */
+    state[4]  = bytes_to_u32_le(key + 0);
+    state[5]  = bytes_to_u32_le(key + 4);
+    state[6]  = bytes_to_u32_le(key + 8);
+    state[7]  = bytes_to_u32_le(key + 12);
+    state[8]  = bytes_to_u32_le(key + 16);
+    state[9]  = bytes_to_u32_le(key + 20);
+    state[10] = bytes_to_u32_le(key + 24);
+    state[11] = bytes_to_u32_le(key + 28);
+    
+    /* Counter (1 word) */
+    state[12] = counter;
+    
+    /* Nonce (3 words) */
+    state[13] = bytes_to_u32_le(nonce + 0);
+    state[14] = bytes_to_u32_le(nonce + 4);
+    state[15] = bytes_to_u32_le(nonce + 8);
+}
+
+void chacha20_serialize_state(const uint32_t state[16], uint8_t output[64]) {
+    for (int i = 0; i < 16; i++) {
+        u32_to_bytes_le(state[i], output + (i * 4));
+    }
+}
+
+int chacha20_block(const uint8_t key[32], uint32_t counter, 
+                   const uint8_t nonce[12], uint8_t output[64]) {
+    uint32_t state[16];
+    uint32_t initial_state[16];
+    
+    /* Initialize state */
+    chacha20_init_state(state, key, counter, nonce);
+    
+    /* Save initial state for later addition */
+    memcpy(initial_state, state, sizeof(initial_state));
+    
+    /* Perform 20 rounds (10 iterations of the 8 quarter rounds) */
+    for (int i = 0; i < 10; i++) {
+        /* Column rounds */
+        chacha20_quarter_round(state, 0, 4, 8,  12);
+        chacha20_quarter_round(state, 1, 5, 9,  13);
+        chacha20_quarter_round(state, 2, 6, 10, 14);
+        chacha20_quarter_round(state, 3, 7, 11, 15);
+        
+        /* Diagonal rounds */
+        chacha20_quarter_round(state, 0, 5, 10, 15);
+        chacha20_quarter_round(state, 1, 6, 11, 12);
+        chacha20_quarter_round(state, 2, 7, 8,  13);
+        chacha20_quarter_round(state, 3, 4, 9,  14);
+    }
+    
+    /* Add initial state back (prevents slide attacks) */
+    for (int i = 0; i < 16; i++) {
+        state[i] += initial_state[i];
+    }
+    
+    /* Serialize to output bytes */
+    chacha20_serialize_state(state, output);
+    
+    return 0;
+}
+
+int chacha20_encrypt(const uint8_t key[32], uint32_t counter, 
+                     const uint8_t nonce[12], const uint8_t* input, 
+                     uint8_t* output, size_t length) {
+    uint8_t keystream[CHACHA20_BLOCK_SIZE];
+    size_t offset = 0;
+    
+    while (length > 0) {
+        /* Generate keystream block */
+        int ret = chacha20_block(key, counter, nonce, keystream);
+        if (ret != 0) {
+            return ret;
+        }
+        
+        /* XOR with input to produce output */
+        size_t block_len = (length < CHACHA20_BLOCK_SIZE) ? length : CHACHA20_BLOCK_SIZE;
+        for (size_t i = 0; i < block_len; i++) {
+            output[offset + i] = input[offset + i] ^ keystream[i];
+        }
+        
+        /* Move to next block */
+        offset += block_len;
+        length -= block_len;
+        counter++;
+        
+        /* Check for counter overflow */
+        if (counter == 0) {
+            return -1; /* Counter wrapped around */
+        }
+    }
+    
+    return 0;
+}

nostr_chacha20.h

@@ -0,0 +1,115 @@
+/*
+ * nostr_chacha20.h - ChaCha20 stream cipher implementation
+ * 
+ * Implementation based on RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols"
+ * 
+ * This is a small, portable implementation for NIP-44 support in the NOSTR library.
+ * The implementation prioritizes correctness and simplicity over performance.
+ */
+
+#ifndef NOSTR_CHACHA20_H
+#define NOSTR_CHACHA20_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * ============================================================================
+ * CONSTANTS AND DEFINITIONS
+ * ============================================================================
+ */
+
+#define CHACHA20_KEY_SIZE    32  /* 256 bits */
+#define CHACHA20_NONCE_SIZE  12  /* 96 bits */
+#define CHACHA20_BLOCK_SIZE  64  /* 512 bits */
+
+/*
+ * ============================================================================
+ * CORE CHACHA20 FUNCTIONS
+ * ============================================================================
+ */
+
+/**
+ * ChaCha20 quarter round operation
+ * 
+ * Operates on four 32-bit words performing the core ChaCha20 quarter round:
+ * a += b; d ^= a; d <<<= 16;
+ * c += d; b ^= c; b <<<= 12;
+ * a += b; d ^= a; d <<<= 8;
+ * c += d; b ^= c; b <<<= 7;
+ * 
+ * @param state[in,out] ChaCha state as 16 32-bit words
+ * @param a, b, c, d    Indices into state array for quarter round
+ */
+void chacha20_quarter_round(uint32_t state[16], int a, int b, int c, int d);
+
+/**
+ * ChaCha20 block function
+ * 
+ * Transforms a 64-byte input block using ChaCha20 algorithm with 20 rounds.
+ * 
+ * @param key[in]       32-byte key
+ * @param counter[in]   32-bit block counter
+ * @param nonce[in]     12-byte nonce
+ * @param output[out]   64-byte output buffer
+ * @return              0 on success, negative on error
+ */
+int chacha20_block(const uint8_t key[32], uint32_t counter, 
+                   const uint8_t nonce[12], uint8_t output[64]);
+
+/**
+ * ChaCha20 encryption/decryption
+ * 
+ * Encrypts or decrypts data using ChaCha20 stream cipher.
+ * Since ChaCha20 is a stream cipher, encryption and decryption are the same operation.
+ * 
+ * @param key[in]           32-byte key
+ * @param counter[in]       Initial 32-bit counter value
+ * @param nonce[in]         12-byte nonce
+ * @param input[in]         Input data to encrypt/decrypt
+ * @param output[out]       Output buffer (can be same as input)
+ * @param length[in]        Length of input data in bytes
+ * @return                  0 on success, negative on error
+ */
+int chacha20_encrypt(const uint8_t key[32], uint32_t counter, 
+                     const uint8_t nonce[12], const uint8_t* input, 
+                     uint8_t* output, size_t length);
+
+/*
+ * ============================================================================
+ * UTILITY FUNCTIONS
+ * ============================================================================
+ */
+
+/**
+ * Initialize ChaCha20 state matrix
+ * 
+ * Sets up the initial 16-word state matrix with constants, key, counter, and nonce.
+ * 
+ * @param state[out]    16-word state array to initialize
+ * @param key[in]       32-byte key
+ * @param counter[in]   32-bit block counter
+ * @param nonce[in]     12-byte nonce
+ */
+void chacha20_init_state(uint32_t state[16], const uint8_t key[32], 
+                         uint32_t counter, const uint8_t nonce[12]);
+
+/**
+ * Serialize ChaCha20 state to bytes
+ * 
+ * Converts 16 32-bit words to 64 bytes in little-endian format.
+ * 
+ * @param state[in]     16-word state array
+ * @param output[out]   64-byte output buffer
+ */
+void chacha20_serialize_state(const uint32_t state[16], uint8_t output[64]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NOSTR_CHACHA20_H */