Skip to content

Commit 936e408

Browse files
jb55jb55
committed
wip giftwrap ingestion
Signed-off-by: William Casarin <[email protected]>
1 parent bc2fab9 commit 936e408

File tree

6 files changed

+484
-87
lines changed

6 files changed

+484
-87
lines changed

src/nip44.c

Lines changed: 33 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -70,14 +70,6 @@ struct message_keys {
7070
unsigned char auth[32];
7171
};
7272

73-
struct nip44_payload {
74-
unsigned char version;
75-
unsigned char *nonce;
76-
unsigned char *ciphertext;
77-
size_t ciphertext_len;
78-
unsigned char *mac;
79-
};
80-
8173
static void hmac_aad(struct hmac_sha256 *out,
8274
unsigned char hmac[32], unsigned char *aad,
8375
const unsigned char *msg, size_t msgsize)
@@ -89,7 +81,7 @@ static void hmac_aad(struct hmac_sha256 *out,
8981
hmac_sha256_done(&ctx, out);
9082
}
9183

92-
static enum ndb_decrypt_result
84+
enum ndb_decrypt_result
9385
nip44_decode_payload(struct nip44_payload *decoded,
9486
unsigned char *buf, size_t bufsize,
9587
const char *payload, size_t payload_len)
@@ -276,27 +268,19 @@ const char *nip44_decrypt_err_msg(enum ndb_decrypt_result res)
276268
* validation rules, refer to BIP-340.
277269
*/
278270
enum ndb_decrypt_result
279-
nip44_decrypt(void *secp,
271+
nip44_decrypt_raw(void *secp,
280272
const unsigned char *sender_pubkey,
281273
const unsigned char *receiver_seckey,
282-
const char *payload, int payload_len,
283-
unsigned char *buf, size_t bufsize,
274+
struct nip44_payload *decoded,
284275
unsigned char **decrypted, uint16_t *decrypted_len)
285276
{
286-
struct nip44_payload decoded;
287277
struct hmac_sha256 conversation_key;
288278
struct hmac_sha256 calculated_mac;
289279
enum ndb_decrypt_result rc;
290280
unsigned char shared_secret[32];
291281
struct message_keys keys;
292282
secp256k1_context *context = (secp256k1_context *)secp;
293283

294-
/* decode payload! */
295-
if ((rc = nip44_decode_payload(&decoded, buf, bufsize,
296-
payload, payload_len))) {
297-
return rc;
298-
}
299-
300284
/*
301285
3. Calculate a conversation key
302286
- Execute ECDH (scalar multiplication) of public key B by private
@@ -327,21 +311,21 @@ nip44_decrypt(void *secp,
327311

328312
hkdf_expand(&keys, sizeof(keys),
329313
&conversation_key, sizeof(conversation_key),
330-
decoded.nonce, 32);
314+
decoded->nonce, 32);
331315

332316
/*
333317
6. Calculate MAC (message authentication code) with AAD and compare
334318
- Stop and throw an error if MAC doesn't match the decoded one from
335319
step 2
336320
- Use constant-time comparison algorithm
337321
*/
338-
hmac_aad(&calculated_mac, keys.auth, decoded.nonce,
339-
decoded.ciphertext, decoded.ciphertext_len);
322+
hmac_aad(&calculated_mac, keys.auth, decoded->nonce,
323+
decoded->ciphertext, decoded->ciphertext_len);
340324

341325
/* TODO(jb55): spec says this needs to be constant time memcmp,
342326
* not sure why?
343327
*/
344-
if (memcmp(calculated_mac.sha.u.u8, decoded.mac, 32)) {
328+
if (memcmp(calculated_mac.sha.u.u8, decoded->mac, 32)) {
345329
return NIP44_ERR_INVALID_MAC;
346330
}
347331

@@ -350,23 +334,44 @@ nip44_decrypt(void *secp,
350334
6. Decrypt ciphertext
351335
- Use ChaCha20 with key and nonce from step 3
352336
*/
353-
crypto_stream_chacha20_ietf_xor_ic(decoded.ciphertext,
354-
decoded.ciphertext,
355-
decoded.ciphertext_len,
337+
crypto_stream_chacha20_ietf_xor_ic(decoded->ciphertext,
338+
decoded->ciphertext,
339+
decoded->ciphertext_len,
356340
keys.nonce, 0, keys.key);
357341

358342
/*
359343
7. Remove padding
360344
*/
361-
if (!unpad(decoded.ciphertext, decoded.ciphertext_len, decrypted_len)) {
345+
if (!unpad(decoded->ciphertext, decoded->ciphertext_len, decrypted_len)) {
362346
return NIP44_ERR_INVALID_PADDING;
363347
}
364348

365-
*decrypted = decoded.ciphertext + 2;
349+
*decrypted = decoded->ciphertext + 2;
366350

367351
return NIP44_OK;
368352
}
369353

354+
enum ndb_decrypt_result
355+
nip44_decrypt(void *secp,
356+
const unsigned char *sender_pubkey,
357+
const unsigned char *receiver_seckey,
358+
const char *payload, int payload_len,
359+
unsigned char *buf, size_t bufsize,
360+
unsigned char **decrypted, uint16_t *decrypted_len)
361+
{
362+
struct nip44_payload decoded;
363+
enum ndb_decrypt_result rc;
364+
365+
/* decode payload! */
366+
if ((rc = nip44_decode_payload(&decoded, buf, bufsize,
367+
payload, payload_len))) {
368+
return rc;
369+
}
370+
371+
return nip44_decrypt_raw(secp, sender_pubkey, receiver_seckey,
372+
&decoded, decrypted, decrypted_len);
373+
}
374+
370375
/* Encryption */
371376
int nip44_encrypt() {
372377
/*

src/nip44.h

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,13 @@ enum ndb_decrypt_result
1616
NIP44_ERR_INVALID_PADDING = 9,
1717
};
1818

19+
struct nip44_payload {
20+
unsigned char version;
21+
unsigned char *nonce;
22+
unsigned char *ciphertext;
23+
size_t ciphertext_len;
24+
unsigned char *mac;
25+
};
1926

2027
enum ndb_decrypt_result
2128
nip44_decrypt(void *secp_context,
@@ -25,6 +32,17 @@ nip44_decrypt(void *secp_context,
2532
unsigned char *buf, size_t bufsize,
2633
unsigned char **decrypted, uint16_t *decrypted_len);
2734

35+
enum ndb_decrypt_result
36+
nip44_decrypt_raw(void *secp,
37+
const unsigned char *sender_pubkey,
38+
const unsigned char *receiver_seckey,
39+
struct nip44_payload *decoded,
40+
unsigned char **decrypted, uint16_t *decrypted_len);
41+
42+
enum ndb_decrypt_result
43+
nip44_decode_payload(struct nip44_payload *decoded,
44+
unsigned char *buf, size_t bufsize,
45+
const char *payload, size_t payload_len);
2846

2947
const char *nip44_decrypt_err_msg(enum ndb_decrypt_result res);
3048

0 commit comments

Comments
 (0)