Skip to content

Commit 57ff043

Browse files
jb55jb55
committed
wip giftwrap ingestion
Signed-off-by: William Casarin <[email protected]>
1 parent 4fcf134 commit 57ff043

File tree

5 files changed

+389
-86
lines changed

5 files changed

+389
-86
lines changed

src/nip44.c

Lines changed: 33 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -71,14 +71,6 @@ struct message_keys {
7171
unsigned char auth[32];
7272
};
7373

74-
struct nip44_payload {
75-
unsigned char version;
76-
unsigned char *nonce;
77-
unsigned char *ciphertext;
78-
size_t ciphertext_len;
79-
unsigned char *mac;
80-
};
81-
8274
static void hmac_aad(struct hmac_sha256 *out,
8375
unsigned char hmac[32], unsigned char *aad,
8476
const unsigned char *msg, size_t msgsize)
@@ -90,7 +82,7 @@ static void hmac_aad(struct hmac_sha256 *out,
9082
hmac_sha256_done(&ctx, out);
9183
}
9284

93-
static enum ndb_decrypt_result
85+
enum ndb_decrypt_result
9486
nip44_decode_payload(struct nip44_payload *decoded,
9587
unsigned char *buf, size_t bufsize,
9688
const char *payload, size_t payload_len)
@@ -260,27 +252,19 @@ const char *nip44_decrypt_err_msg(enum ndb_decrypt_result res)
260252
* validation rules, refer to BIP-340.
261253
*/
262254
enum ndb_decrypt_result
263-
nip44_decrypt(void *secp,
255+
nip44_decrypt_raw(void *secp,
264256
const unsigned char *sender_pubkey,
265257
const unsigned char *receiver_seckey,
266-
const char *payload, int payload_len,
267-
unsigned char *buf, size_t bufsize,
258+
struct nip44_payload *decoded,
268259
unsigned char **decrypted, uint16_t *decrypted_len)
269260
{
270-
struct nip44_payload decoded;
271261
struct hmac_sha256 conversation_key;
272262
struct hmac_sha256 calculated_mac;
273263
enum ndb_decrypt_result rc;
274264
unsigned char shared_secret[32];
275265
struct message_keys keys;
276266
secp256k1_context *context = (secp256k1_context *)secp;
277267

278-
/* decode payload! */
279-
if ((rc = nip44_decode_payload(&decoded, buf, bufsize,
280-
payload, payload_len))) {
281-
return rc;
282-
}
283-
284268
/*
285269
3. Calculate a conversation key
286270
- Execute ECDH (scalar multiplication) of public key B by private
@@ -311,21 +295,21 @@ nip44_decrypt(void *secp,
311295

312296
hkdf_expand(&keys, sizeof(keys),
313297
&conversation_key, sizeof(conversation_key),
314-
decoded.nonce, 32);
298+
decoded->nonce, 32);
315299

316300
/*
317301
6. Calculate MAC (message authentication code) with AAD and compare
318302
- Stop and throw an error if MAC doesn't match the decoded one from
319303
step 2
320304
- Use constant-time comparison algorithm
321305
*/
322-
hmac_aad(&calculated_mac, keys.auth, decoded.nonce,
323-
decoded.ciphertext, decoded.ciphertext_len);
306+
hmac_aad(&calculated_mac, keys.auth, decoded->nonce,
307+
decoded->ciphertext, decoded->ciphertext_len);
324308

325309
/* TODO(jb55): spec says this needs to be constant time memcmp,
326310
* not sure why?
327311
*/
328-
if (memcmp(calculated_mac.sha.u.u8, decoded.mac, 32)) {
312+
if (memcmp(calculated_mac.sha.u.u8, decoded->mac, 32)) {
329313
return NIP44_ERR_INVALID_MAC;
330314
}
331315

@@ -334,23 +318,44 @@ nip44_decrypt(void *secp,
334318
6. Decrypt ciphertext
335319
- Use ChaCha20 with key and nonce from step 3
336320
*/
337-
crypto_stream_chacha20_ietf_xor_ic(decoded.ciphertext,
338-
decoded.ciphertext,
339-
decoded.ciphertext_len,
321+
crypto_stream_chacha20_ietf_xor_ic(decoded->ciphertext,
322+
decoded->ciphertext,
323+
decoded->ciphertext_len,
340324
keys.nonce, 0, keys.key);
341325

342326
/*
343327
7. Remove padding
344328
*/
345-
if (!unpad(decoded.ciphertext, decoded.ciphertext_len, decrypted_len)) {
329+
if (!unpad(decoded->ciphertext, decoded->ciphertext_len, decrypted_len)) {
346330
return NIP44_ERR_INVALID_PADDING;
347331
}
348332

349-
*decrypted = decoded.ciphertext + 2;
333+
*decrypted = decoded->ciphertext + 2;
350334

351335
return NIP44_OK;
352336
}
353337

338+
enum ndb_decrypt_result
339+
nip44_decrypt(void *secp,
340+
const unsigned char *sender_pubkey,
341+
const unsigned char *receiver_seckey,
342+
const char *payload, int payload_len,
343+
unsigned char *buf, size_t bufsize,
344+
unsigned char **decrypted, uint16_t *decrypted_len)
345+
{
346+
struct nip44_payload decoded;
347+
enum ndb_decrypt_result rc;
348+
349+
/* decode payload! */
350+
if ((rc = nip44_decode_payload(&decoded, buf, bufsize,
351+
payload, payload_len))) {
352+
return rc;
353+
}
354+
355+
return nip44_decrypt_raw(secp, sender_pubkey, receiver_seckey,
356+
&decoded, decrypted, decrypted_len);
357+
}
358+
354359
/* Encryption */
355360
int nip44_encrypt() {
356361
/*

src/nip44.h

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,13 @@ enum ndb_decrypt_result
1616
NIP44_ERR_INVALID_PADDING = 9,
1717
};
1818

19+
struct nip44_payload {
20+
unsigned char version;
21+
unsigned char *nonce;
22+
unsigned char *ciphertext;
23+
size_t ciphertext_len;
24+
unsigned char *mac;
25+
};
1926

2027
enum ndb_decrypt_result
2128
nip44_decrypt(void *secp_context,
@@ -25,6 +32,17 @@ nip44_decrypt(void *secp_context,
2532
unsigned char *buf, size_t bufsize,
2633
unsigned char **decrypted, uint16_t *decrypted_len);
2734

35+
enum ndb_decrypt_result
36+
nip44_decrypt_raw(void *secp,
37+
const unsigned char *sender_pubkey,
38+
const unsigned char *receiver_seckey,
39+
struct nip44_payload *decoded,
40+
unsigned char **decrypted, uint16_t *decrypted_len);
41+
42+
enum ndb_decrypt_result
43+
nip44_decode_payload(struct nip44_payload *decoded,
44+
unsigned char *buf, size_t bufsize,
45+
const char *payload, size_t payload_len);
2846

2947
const char *nip44_decrypt_err_msg(enum ndb_decrypt_result res);
3048

0 commit comments

Comments
 (0)