1 files changed, 201 insertions, 0 deletions
diff --git a/main/nip04.c b/main/nip04.c
new file mode 100644
index 0000000..5526d4f
--- /dev/null
+++ b/main/nip04.c
@@ -0,0 +1,201 @@
+#include "nip04.h"
+#include "esp_log.h"
+#include "esp_system.h"
+#include "mbedtls/aes.h"
+#include <string.h>
+#include <stdlib.h>
+#include <secp256k1.h>
+#include <secp256k1_ecdh.h>
+static const char *TAG = "nip04";
+static const unsigned char base64_table[] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static size_t base64_encode(const uint8_t *src, size_t len, char *dst)
+{
+    size_t j = 0;
+    for (size_t i = 0; i < len; i += 3) {
+        uint32_t a = src[i];
+        uint32_t b = (i + 1 < len) ? src[i + 1] : 0;
+        uint32_t c = (i + 2 < len) ? src[i + 2] : 0;
+        uint32_t triple = (a << 16) | (b << 8) | c;
+        dst[j++] = base64_table[(triple >> 18) & 0x3F];
+        dst[j++] = base64_table[(triple >> 12) & 0x3F];
+        dst[j++] = (i + 1 < len) ? base64_table[(triple >> 6) & 0x3F] : '=';
+        dst[j++] = (i + 2 < len) ? base64_table[triple & 0x3F] : '=';
+    }
+    dst[j] = '\0';
+    return j;
+}
+static int base64_val(char c)
+{
+    if (c >= 'A' && c <= 'Z') return c - 'A';
+    if (c >= 'a' && c <= 'z') return c - 'a' + 26;
+    if (c >= '0' && c <= '9') return c - '0' + 52;
+    if (c == '+') return 62;
+    if (c == '/') return 63;
+    return -1;
+}
+static size_t base64_decode(const char *src, size_t len, uint8_t *dst)
+{
+    size_t padding = 0;
+    if (len >= 1 && src[len - 1] == '=') padding++;
+    if (len >= 2 && src[len - 2] == '=') padding++;
+    size_t expected = (len / 4) * 3 - padding;
+    size_t j = 0;
+    for (size_t i = 0; i + 3 < len; i += 4) {
+        uint32_t a = (uint32_t)base64_val(src[i]);
+        uint32_t b = (uint32_t)base64_val(src[i + 1]);
+        uint32_t c = (src[i + 2] != '=') ? (uint32_t)base64_val(src[i + 2]) : 0;
+        uint32_t d = (src[i + 3] != '=') ? (uint32_t)base64_val(src[i + 3]) : 0;
+        uint32_t triple = (a << 18) | (b << 12) | (c << 6) | d;
+        if (j < expected) dst[j++] = (triple >> 16) & 0xFF;
+        if (j < expected) dst[j++] = (triple >> 8) & 0xFF;
+        if (j < expected) dst[j++] = triple & 0xFF;
+    }
+    return j;
+}
+static int ecdh_xonly_hash(unsigned char *output, const uint8_t *x32, const uint8_t *y32, void *data)
+{
+    (void)y32;
+    (void)data;
+    memcpy(output, x32, 32);
+    return 1;
+}
+static void compute_shared_secret(const uint8_t *privkey, const uint8_t *pubkey32,
+                                   uint8_t shared_secret[32])
+{
+    if (!privkey || !pubkey32) {
+        memset(shared_secret, 0, 32);
+        return;
+    }
+    uint8_t compressed[33];
+    compressed[0] = 0x02;
+    memcpy(compressed + 1, pubkey32, 32);
+    secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
+    secp256k1_pubkey pk;
+    if (!secp256k1_ec_pubkey_parse(ctx, &pk, compressed, 33)) {
+        ESP_LOGE(TAG, "Failed to parse compressed pubkey");
+        memset(shared_secret, 0, 32);
+        secp256k1_context_destroy(ctx);
+        return;
+    }
+    uint8_t shared[32];
+    secp256k1_ecdh(ctx, shared, &pk, privkey, ecdh_xonly_hash, NULL);
+    memcpy(shared_secret, shared, 32);
+    ESP_LOGI(TAG, "Shared secret: %02x%02x%02x%02x... (pubkey32=%02x%02x%02x%02x...)",
+             shared[0], shared[1], shared[2], shared[3],
+             pubkey32[0], pubkey32[1], pubkey32[2], pubkey32[3]);
+    secp256k1_context_destroy(ctx);
+}
+static void pkcs7_pad(uint8_t *buf, size_t data_len, size_t block_size, size_t *padded_len)
+{
+    size_t pad = block_size - (data_len % block_size);
+    for (size_t i = 0; i < pad; i++) {
+        buf[data_len + i] = (uint8_t)pad;
+    }
+    *padded_len = data_len + pad;
+}
+static size_t pkcs7_unpad(const uint8_t *buf, size_t len)
+{
+    if (len == 0) return 0;
+    uint8_t pad = buf[len - 1];
+    if (pad == 0 || pad > 16) return 0;
+    for (size_t i = len - pad; i < len; i++) {
+        if (buf[i] != pad) return 0;
+    }
+    return len - pad;
+}
+void nip04_encrypt(const uint8_t *sender_privkey, const uint8_t *recipient_pubkey,
+                   const char *plaintext, uint8_t *ciphertext_base64, size_t *out_len)
+{
+    uint8_t shared_secret[32];
+    compute_shared_secret(sender_privkey, recipient_pubkey, shared_secret);
+    size_t pt_len = strlen(plaintext);
+    uint8_t iv[16];
+    esp_fill_random(iv, 16);
+    uint8_t iv_copy[16];
+    memcpy(iv_copy, iv, 16);
+    uint8_t padded[4096];
+    memcpy(padded, plaintext, pt_len);
+    size_t padded_len;
+    pkcs7_pad(padded, pt_len, 16, &padded_len);
+    mbedtls_aes_context aes;
+    mbedtls_aes_init(&aes);
+    mbedtls_aes_setkey_enc(&aes, shared_secret, 256);
+    mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, padded_len, iv, padded, padded);
+    mbedtls_aes_free(&aes);
+    size_t total = 16 + padded_len;
+    uint8_t combined[4112];
+    memcpy(combined, iv_copy, 16);
+    memcpy(combined + 16, padded, padded_len);
+    *out_len = base64_encode(combined, total, (char *)ciphertext_base64);
+    ((char *)ciphertext_base64)[*out_len] = '\0';
+    ESP_LOGD(TAG, "Encrypted %zu bytes -> %zu base64", pt_len, *out_len);
+}
+int nip04_decrypt(const uint8_t *recipient_privkey, const uint8_t *sender_pubkey,
+                  const char *ciphertext_base64, char *plaintext, size_t plaintext_max)
+{
+    uint8_t shared_secret[32];
+    compute_shared_secret(recipient_privkey, sender_pubkey, shared_secret);
+    size_t b64_len = strlen(ciphertext_base64);
+    uint8_t combined[4112];
+    size_t combined_len = base64_decode(ciphertext_base64, b64_len, combined);
+    if (combined_len < 32) {
+        ESP_LOGE(TAG, "Ciphertext too short: %zu", combined_len);
+        return -1;
+    }
+    uint8_t iv[16];
+    memcpy(iv, combined, 16);
+    size_t ct_len = combined_len - 16;
+    uint8_t ct[4096];
+    memcpy(ct, combined + 16, ct_len);
+    mbedtls_aes_context aes;
+    mbedtls_aes_init(&aes);
+    mbedtls_aes_setkey_dec(&aes, shared_secret, 256);
+    mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, ct_len, iv, ct, ct);
+    mbedtls_aes_free(&aes);
+    size_t pt_len = pkcs7_unpad(ct, ct_len);
+    if (pt_len == 0 || pt_len >= plaintext_max) {
+        ESP_LOGE(TAG, "Invalid padding: pt_len=%zu ct_len=%zu last_byte=%d padded_bytes:",
+                 pt_len, ct_len, ct_len > 0 ? ct[ct_len-1] : -1);
+        for (size_t i = ct_len > 4 ? ct_len - 4 : 0; i < ct_len; i++) {
+            ESP_LOGE(TAG, "  ct[%zu]=%02x", i, ct[i]);
+        }
+        return -1;
+    }
+    memcpy(plaintext, ct, pt_len);
+    plaintext[pt_len] = '\0';
+    ESP_LOGD(TAG, "Decrypted %zu base64 -> %zu bytes", b64_len, pt_len);
+    return (int)pt_len;
+}

diff --git a/main/nip04.c b/main/nip04.c new file mode 100644 index 0000000..5526d4f --- /dev/null +++ b/main/nip04.c
@@ -0,0 +1,201 @@
	1	#include "nip04.h"
	2	#include "esp_log.h"
	3	#include "esp_system.h"
	4	#include "mbedtls/aes.h"
	5	#include <string.h>
	6	#include <stdlib.h>
	7
	8	#include <secp256k1.h>
	9	#include <secp256k1_ecdh.h>
	10
	11	static const char *TAG = "nip04";
	12
	13	static const unsigned char base64_table[] =
	14	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
	15
	16	static size_t base64_encode(const uint8_t src, size_t len, char dst)
	17	{
	18	size_t j = 0;
	19	for (size_t i = 0; i < len; i += 3) {
	20	uint32_t a = src[i];
	21	uint32_t b = (i + 1 < len) ? src[i + 1] : 0;
	22	uint32_t c = (i + 2 < len) ? src[i + 2] : 0;
	23	uint32_t triple = (a << 16) \| (b << 8) \| c;
	24	dst[j++] = base64_table[(triple >> 18) & 0x3F];
	25	dst[j++] = base64_table[(triple >> 12) & 0x3F];
	26	dst[j++] = (i + 1 < len) ? base64_table[(triple >> 6) & 0x3F] : '=';
	27	dst[j++] = (i + 2 < len) ? base64_table[triple & 0x3F] : '=';
	28	}
	29	dst[j] = '\0';
	30	return j;
	31	}
	32
	33	static int base64_val(char c)
	34	{
	35	if (c >= 'A' && c <= 'Z') return c - 'A';
	36	if (c >= 'a' && c <= 'z') return c - 'a' + 26;
	37	if (c >= '0' && c <= '9') return c - '0' + 52;
	38	if (c == '+') return 62;
	39	if (c == '/') return 63;
	40	return -1;
	41	}
	42
	43	static size_t base64_decode(const char src, size_t len, uint8_t dst)
	44	{
	45	size_t padding = 0;
	46	if (len >= 1 && src[len - 1] == '=') padding++;
	47	if (len >= 2 && src[len - 2] == '=') padding++;
	48	size_t expected = (len / 4) * 3 - padding;
	49
	50	size_t j = 0;
	51	for (size_t i = 0; i + 3 < len; i += 4) {
	52	uint32_t a = (uint32_t)base64_val(src[i]);
	53	uint32_t b = (uint32_t)base64_val(src[i + 1]);
	54	uint32_t c = (src[i + 2] != '=') ? (uint32_t)base64_val(src[i + 2]) : 0;
	55	uint32_t d = (src[i + 3] != '=') ? (uint32_t)base64_val(src[i + 3]) : 0;
	56	uint32_t triple = (a << 18) \| (b << 12) \| (c << 6) \| d;
	57	if (j < expected) dst[j++] = (triple >> 16) & 0xFF;
	58	if (j < expected) dst[j++] = (triple >> 8) & 0xFF;
	59	if (j < expected) dst[j++] = triple & 0xFF;
	60	}
	61	return j;
	62	}
	63
	64	static int ecdh_xonly_hash(unsigned char output, const uint8_t x32, const uint8_t y32, void data)
	65	{
	66	(void)y32;
	67	(void)data;
	68	memcpy(output, x32, 32);
	69	return 1;
	70	}
	71
	72	static void compute_shared_secret(const uint8_t privkey, const uint8_t pubkey32,
	73	uint8_t shared_secret[32])
	74	{
	75	if (!privkey \|\| !pubkey32) {
	76	memset(shared_secret, 0, 32);
	77	return;
	78	}
	79
	80	uint8_t compressed[33];
	81	compressed[0] = 0x02;
	82	memcpy(compressed + 1, pubkey32, 32);
	83
	84	secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
	85	secp256k1_pubkey pk;
	86	if (!secp256k1_ec_pubkey_parse(ctx, &pk, compressed, 33)) {
	87	ESP_LOGE(TAG, "Failed to parse compressed pubkey");
	88	memset(shared_secret, 0, 32);
	89	secp256k1_context_destroy(ctx);
	90	return;
	91	}
	92
	93	uint8_t shared[32];
	94	secp256k1_ecdh(ctx, shared, &pk, privkey, ecdh_xonly_hash, NULL);
	95	memcpy(shared_secret, shared, 32);
	96
	97	ESP_LOGI(TAG, "Shared secret: %02x%02x%02x%02x... (pubkey32=%02x%02x%02x%02x...)",
	98	shared[0], shared[1], shared[2], shared[3],
	99	pubkey32[0], pubkey32[1], pubkey32[2], pubkey32[3]);
	100
	101	secp256k1_context_destroy(ctx);
	102	}
	103
	104	static void pkcs7_pad(uint8_t buf, size_t data_len, size_t block_size, size_t padded_len)
	105	{
	106	size_t pad = block_size - (data_len % block_size);
	107	for (size_t i = 0; i < pad; i++) {
	108	buf[data_len + i] = (uint8_t)pad;
	109	}
	110	*padded_len = data_len + pad;
	111	}
	112
	113	static size_t pkcs7_unpad(const uint8_t *buf, size_t len)
	114	{
	115	if (len == 0) return 0;
	116	uint8_t pad = buf[len - 1];
	117	if (pad == 0 \|\| pad > 16) return 0;
	118	for (size_t i = len - pad; i < len; i++) {
	119	if (buf[i] != pad) return 0;
	120	}
	121	return len - pad;
	122	}
	123
	124	void nip04_encrypt(const uint8_t sender_privkey, const uint8_t recipient_pubkey,
	125	const char plaintext, uint8_t ciphertext_base64, size_t *out_len)
	126	{
	127	uint8_t shared_secret[32];
	128	compute_shared_secret(sender_privkey, recipient_pubkey, shared_secret);
	129
	130	size_t pt_len = strlen(plaintext);
	131	uint8_t iv[16];
	132	esp_fill_random(iv, 16);
	133	uint8_t iv_copy[16];
	134	memcpy(iv_copy, iv, 16);
	135
	136	uint8_t padded[4096];
	137	memcpy(padded, plaintext, pt_len);
	138	size_t padded_len;
	139	pkcs7_pad(padded, pt_len, 16, &padded_len);
	140
	141	mbedtls_aes_context aes;
	142	mbedtls_aes_init(&aes);
	143	mbedtls_aes_setkey_enc(&aes, shared_secret, 256);
	144	mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, padded_len, iv, padded, padded);
	145	mbedtls_aes_free(&aes);
	146
	147	size_t total = 16 + padded_len;
	148	uint8_t combined[4112];
	149	memcpy(combined, iv_copy, 16);
	150	memcpy(combined + 16, padded, padded_len);
	151
	152	out_len = base64_encode(combined, total, (char )ciphertext_base64);
	153	((char )ciphertext_base64)[out_len] = '\0';
	154
	155	ESP_LOGD(TAG, "Encrypted %zu bytes -> %zu base64", pt_len, *out_len);
	156	}
	157
	158	int nip04_decrypt(const uint8_t recipient_privkey, const uint8_t sender_pubkey,
	159	const char ciphertext_base64, char plaintext, size_t plaintext_max)
	160	{
	161	uint8_t shared_secret[32];
	162	compute_shared_secret(recipient_privkey, sender_pubkey, shared_secret);
	163
	164	size_t b64_len = strlen(ciphertext_base64);
	165	uint8_t combined[4112];
	166	size_t combined_len = base64_decode(ciphertext_base64, b64_len, combined);
	167
	168	if (combined_len < 32) {
	169	ESP_LOGE(TAG, "Ciphertext too short: %zu", combined_len);
	170	return -1;
	171	}
	172
	173	uint8_t iv[16];
	174	memcpy(iv, combined, 16);
	175
	176	size_t ct_len = combined_len - 16;
	177	uint8_t ct[4096];
	178	memcpy(ct, combined + 16, ct_len);
	179
	180	mbedtls_aes_context aes;
	181	mbedtls_aes_init(&aes);
	182	mbedtls_aes_setkey_dec(&aes, shared_secret, 256);
	183	mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, ct_len, iv, ct, ct);
	184	mbedtls_aes_free(&aes);
	185
	186	size_t pt_len = pkcs7_unpad(ct, ct_len);
	187	if (pt_len == 0 \|\| pt_len >= plaintext_max) {
	188	ESP_LOGE(TAG, "Invalid padding: pt_len=%zu ct_len=%zu last_byte=%d padded_bytes:",
	189	pt_len, ct_len, ct_len > 0 ? ct[ct_len-1] : -1);
	190	for (size_t i = ct_len > 4 ? ct_len - 4 : 0; i < ct_len; i++) {
	191	ESP_LOGE(TAG, " ct[%zu]=%02x", i, ct[i]);
	192	}
	193	return -1;
	194	}
	195
	196	memcpy(plaintext, ct, pt_len);
	197	plaintext[pt_len] = '\0';
	198
	199	ESP_LOGD(TAG, "Decrypted %zu base64 -> %zu bytes", b64_len, pt_len);
	200	return (int)pt_len;
	201	}