Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 6c796df30a | |||
| 09ea57f146 | |||
| 0ae2423f19 | |||
| 3859e6492a | |||
| 0978d0323a | |||
| 0ea8b2dd32 | |||
| 12f92d2c96 | |||
| aea69148a8 | |||
| d537bc4948 |
9
Makefile
9
Makefile
@@ -1,18 +1,19 @@
|
||||
CC = gcc
|
||||
CFLAGS = -Wall -Wextra -std=c99
|
||||
LIBS =
|
||||
LIBS_STATIC = -static
|
||||
LIBS = -lm
|
||||
LIBS_STATIC = -static -lm
|
||||
TARGET = otp
|
||||
SOURCE = otp.c
|
||||
CHACHA20_SOURCE = nostr_chacha20.c
|
||||
VERSION_SOURCE = src/version.c
|
||||
|
||||
# Default build target
|
||||
$(TARGET): $(SOURCE)
|
||||
$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(VERSION_SOURCE) $(LIBS)
|
||||
$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(CHACHA20_SOURCE) $(VERSION_SOURCE) $(LIBS)
|
||||
|
||||
# Static linking target
|
||||
static: $(SOURCE)
|
||||
$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(VERSION_SOURCE) $(LIBS_STATIC)
|
||||
$(CC) $(CFLAGS) -o $(TARGET) $(SOURCE) $(CHACHA20_SOURCE) $(VERSION_SOURCE) $(LIBS_STATIC)
|
||||
|
||||
clean:
|
||||
rm -f $(TARGET) *.pad *.state
|
||||
|
||||
6
TODO.md
6
TODO.md
@@ -3,8 +3,6 @@
|
||||
|
||||
## Change technique for adding keyboard entropy.
|
||||
|
||||
## Some of the processing seems similar, so maybe code could be more compact.
|
||||
|
||||
|
||||
## There is the problem of the location of the pad revealing metadata about how many messages have been sent in the past, or at least the size of the messsages.
|
||||
|
||||
@@ -14,12 +12,8 @@ Or, better yet, assume the offset is a very large size, and use the pad itself t
|
||||
|
||||
## Take a look at how the file header is being handled.
|
||||
|
||||
## We have three different decrypt file functions
|
||||
|
||||
|
||||
|
||||
## Setup for multiple USB drives
|
||||
|
||||
|
||||
## Change back in pad menu to exit
|
||||
|
||||
|
||||
163
nostr_chacha20.c
Normal file
163
nostr_chacha20.c
Normal file
@@ -0,0 +1,163 @@
|
||||
/*
|
||||
* nostr_chacha20.c - ChaCha20 stream cipher implementation
|
||||
*
|
||||
* Implementation based on RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols"
|
||||
*
|
||||
* This implementation is adapted from the RFC 8439 reference specification.
|
||||
* It prioritizes correctness and clarity over performance optimization.
|
||||
*/
|
||||
|
||||
#include "nostr_chacha20.h"
|
||||
#include <string.h>
|
||||
|
||||
/*
|
||||
* ============================================================================
|
||||
* UTILITY MACROS AND FUNCTIONS
|
||||
* ============================================================================
|
||||
*/
|
||||
|
||||
/* Left rotate a 32-bit value by n bits */
|
||||
#define ROTLEFT(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
|
||||
|
||||
/* Convert 4 bytes to 32-bit little-endian */
|
||||
static uint32_t bytes_to_u32_le(const uint8_t *bytes) {
|
||||
return ((uint32_t)bytes[0]) |
|
||||
((uint32_t)bytes[1] << 8) |
|
||||
((uint32_t)bytes[2] << 16) |
|
||||
((uint32_t)bytes[3] << 24);
|
||||
}
|
||||
|
||||
/* Convert 32-bit to 4 bytes little-endian */
|
||||
static void u32_to_bytes_le(uint32_t val, uint8_t *bytes) {
|
||||
bytes[0] = (uint8_t)(val & 0xff);
|
||||
bytes[1] = (uint8_t)((val >> 8) & 0xff);
|
||||
bytes[2] = (uint8_t)((val >> 16) & 0xff);
|
||||
bytes[3] = (uint8_t)((val >> 24) & 0xff);
|
||||
}
|
||||
|
||||
/*
|
||||
* ============================================================================
|
||||
* CHACHA20 CORE FUNCTIONS
|
||||
* ============================================================================
|
||||
*/
|
||||
|
||||
void chacha20_quarter_round(uint32_t state[16], int a, int b, int c, int d) {
|
||||
state[a] += state[b];
|
||||
state[d] ^= state[a];
|
||||
state[d] = ROTLEFT(state[d], 16);
|
||||
|
||||
state[c] += state[d];
|
||||
state[b] ^= state[c];
|
||||
state[b] = ROTLEFT(state[b], 12);
|
||||
|
||||
state[a] += state[b];
|
||||
state[d] ^= state[a];
|
||||
state[d] = ROTLEFT(state[d], 8);
|
||||
|
||||
state[c] += state[d];
|
||||
state[b] ^= state[c];
|
||||
state[b] = ROTLEFT(state[b], 7);
|
||||
}
|
||||
|
||||
void chacha20_init_state(uint32_t state[16], const uint8_t key[32],
|
||||
uint32_t counter, const uint8_t nonce[12]) {
|
||||
/* ChaCha20 constants "expand 32-byte k" */
|
||||
state[0] = 0x61707865;
|
||||
state[1] = 0x3320646e;
|
||||
state[2] = 0x79622d32;
|
||||
state[3] = 0x6b206574;
|
||||
|
||||
/* Key (8 words) */
|
||||
state[4] = bytes_to_u32_le(key + 0);
|
||||
state[5] = bytes_to_u32_le(key + 4);
|
||||
state[6] = bytes_to_u32_le(key + 8);
|
||||
state[7] = bytes_to_u32_le(key + 12);
|
||||
state[8] = bytes_to_u32_le(key + 16);
|
||||
state[9] = bytes_to_u32_le(key + 20);
|
||||
state[10] = bytes_to_u32_le(key + 24);
|
||||
state[11] = bytes_to_u32_le(key + 28);
|
||||
|
||||
/* Counter (1 word) */
|
||||
state[12] = counter;
|
||||
|
||||
/* Nonce (3 words) */
|
||||
state[13] = bytes_to_u32_le(nonce + 0);
|
||||
state[14] = bytes_to_u32_le(nonce + 4);
|
||||
state[15] = bytes_to_u32_le(nonce + 8);
|
||||
}
|
||||
|
||||
void chacha20_serialize_state(const uint32_t state[16], uint8_t output[64]) {
|
||||
for (int i = 0; i < 16; i++) {
|
||||
u32_to_bytes_le(state[i], output + (i * 4));
|
||||
}
|
||||
}
|
||||
|
||||
int chacha20_block(const uint8_t key[32], uint32_t counter,
|
||||
const uint8_t nonce[12], uint8_t output[64]) {
|
||||
uint32_t state[16];
|
||||
uint32_t initial_state[16];
|
||||
|
||||
/* Initialize state */
|
||||
chacha20_init_state(state, key, counter, nonce);
|
||||
|
||||
/* Save initial state for later addition */
|
||||
memcpy(initial_state, state, sizeof(initial_state));
|
||||
|
||||
/* Perform 20 rounds (10 iterations of the 8 quarter rounds) */
|
||||
for (int i = 0; i < 10; i++) {
|
||||
/* Column rounds */
|
||||
chacha20_quarter_round(state, 0, 4, 8, 12);
|
||||
chacha20_quarter_round(state, 1, 5, 9, 13);
|
||||
chacha20_quarter_round(state, 2, 6, 10, 14);
|
||||
chacha20_quarter_round(state, 3, 7, 11, 15);
|
||||
|
||||
/* Diagonal rounds */
|
||||
chacha20_quarter_round(state, 0, 5, 10, 15);
|
||||
chacha20_quarter_round(state, 1, 6, 11, 12);
|
||||
chacha20_quarter_round(state, 2, 7, 8, 13);
|
||||
chacha20_quarter_round(state, 3, 4, 9, 14);
|
||||
}
|
||||
|
||||
/* Add initial state back (prevents slide attacks) */
|
||||
for (int i = 0; i < 16; i++) {
|
||||
state[i] += initial_state[i];
|
||||
}
|
||||
|
||||
/* Serialize to output bytes */
|
||||
chacha20_serialize_state(state, output);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
|
||||
const uint8_t nonce[12], const uint8_t* input,
|
||||
uint8_t* output, size_t length) {
|
||||
uint8_t keystream[CHACHA20_BLOCK_SIZE];
|
||||
size_t offset = 0;
|
||||
|
||||
while (length > 0) {
|
||||
/* Generate keystream block */
|
||||
int ret = chacha20_block(key, counter, nonce, keystream);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* XOR with input to produce output */
|
||||
size_t block_len = (length < CHACHA20_BLOCK_SIZE) ? length : CHACHA20_BLOCK_SIZE;
|
||||
for (size_t i = 0; i < block_len; i++) {
|
||||
output[offset + i] = input[offset + i] ^ keystream[i];
|
||||
}
|
||||
|
||||
/* Move to next block */
|
||||
offset += block_len;
|
||||
length -= block_len;
|
||||
counter++;
|
||||
|
||||
/* Check for counter overflow */
|
||||
if (counter == 0) {
|
||||
return -1; /* Counter wrapped around */
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
115
nostr_chacha20.h
Normal file
115
nostr_chacha20.h
Normal file
@@ -0,0 +1,115 @@
|
||||
/*
|
||||
* nostr_chacha20.h - ChaCha20 stream cipher implementation
|
||||
*
|
||||
* Implementation based on RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols"
|
||||
*
|
||||
* This is a small, portable implementation for NIP-44 support in the NOSTR library.
|
||||
* The implementation prioritizes correctness and simplicity over performance.
|
||||
*/
|
||||
|
||||
#ifndef NOSTR_CHACHA20_H
|
||||
#define NOSTR_CHACHA20_H
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
* ============================================================================
|
||||
* CONSTANTS AND DEFINITIONS
|
||||
* ============================================================================
|
||||
*/
|
||||
|
||||
#define CHACHA20_KEY_SIZE 32 /* 256 bits */
|
||||
#define CHACHA20_NONCE_SIZE 12 /* 96 bits */
|
||||
#define CHACHA20_BLOCK_SIZE 64 /* 512 bits */
|
||||
|
||||
/*
|
||||
* ============================================================================
|
||||
* CORE CHACHA20 FUNCTIONS
|
||||
* ============================================================================
|
||||
*/
|
||||
|
||||
/**
|
||||
* ChaCha20 quarter round operation
|
||||
*
|
||||
* Operates on four 32-bit words performing the core ChaCha20 quarter round:
|
||||
* a += b; d ^= a; d <<<= 16;
|
||||
* c += d; b ^= c; b <<<= 12;
|
||||
* a += b; d ^= a; d <<<= 8;
|
||||
* c += d; b ^= c; b <<<= 7;
|
||||
*
|
||||
* @param state[in,out] ChaCha state as 16 32-bit words
|
||||
* @param a, b, c, d Indices into state array for quarter round
|
||||
*/
|
||||
void chacha20_quarter_round(uint32_t state[16], int a, int b, int c, int d);
|
||||
|
||||
/**
|
||||
* ChaCha20 block function
|
||||
*
|
||||
* Transforms a 64-byte input block using ChaCha20 algorithm with 20 rounds.
|
||||
*
|
||||
* @param key[in] 32-byte key
|
||||
* @param counter[in] 32-bit block counter
|
||||
* @param nonce[in] 12-byte nonce
|
||||
* @param output[out] 64-byte output buffer
|
||||
* @return 0 on success, negative on error
|
||||
*/
|
||||
int chacha20_block(const uint8_t key[32], uint32_t counter,
|
||||
const uint8_t nonce[12], uint8_t output[64]);
|
||||
|
||||
/**
|
||||
* ChaCha20 encryption/decryption
|
||||
*
|
||||
* Encrypts or decrypts data using ChaCha20 stream cipher.
|
||||
* Since ChaCha20 is a stream cipher, encryption and decryption are the same operation.
|
||||
*
|
||||
* @param key[in] 32-byte key
|
||||
* @param counter[in] Initial 32-bit counter value
|
||||
* @param nonce[in] 12-byte nonce
|
||||
* @param input[in] Input data to encrypt/decrypt
|
||||
* @param output[out] Output buffer (can be same as input)
|
||||
* @param length[in] Length of input data in bytes
|
||||
* @return 0 on success, negative on error
|
||||
*/
|
||||
int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
|
||||
const uint8_t nonce[12], const uint8_t* input,
|
||||
uint8_t* output, size_t length);
|
||||
|
||||
/*
|
||||
* ============================================================================
|
||||
* UTILITY FUNCTIONS
|
||||
* ============================================================================
|
||||
*/
|
||||
|
||||
/**
|
||||
* Initialize ChaCha20 state matrix
|
||||
*
|
||||
* Sets up the initial 16-word state matrix with constants, key, counter, and nonce.
|
||||
*
|
||||
* @param state[out] 16-word state array to initialize
|
||||
* @param key[in] 32-byte key
|
||||
* @param counter[in] 32-bit block counter
|
||||
* @param nonce[in] 12-byte nonce
|
||||
*/
|
||||
void chacha20_init_state(uint32_t state[16], const uint8_t key[32],
|
||||
uint32_t counter, const uint8_t nonce[12]);
|
||||
|
||||
/**
|
||||
* Serialize ChaCha20 state to bytes
|
||||
*
|
||||
* Converts 16 32-bit words to 64 bytes in little-endian format.
|
||||
*
|
||||
* @param state[in] 16-word state array
|
||||
* @param output[out] 64-byte output buffer
|
||||
*/
|
||||
void chacha20_serialize_state(const uint32_t state[16], uint8_t output[64]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* NOSTR_CHACHA20_H */
|
||||
Reference in New Issue
Block a user