Introduce Nostr

common/protob/messages-nostr.proto

@@ -0,0 +1,66 @@
+syntax = "proto2";
+package hw.trezor.messages.nostr;
+
+// Sugar for easier handling in Java
+option java_package = "com.satoshilabs.trezor.lib.protobuf";
+option java_outer_classname = "TrezorMessageNostr";
+
+import "options.proto";
+
+/**
+ * Request: Ask the device for the Nostr public key
+ * @start
+ * @next NostrPubkey
+ */
+message NostrGetPubkey {
+    repeated uint32 address_n = 1; // used to derive the key
+}
+
+/**
+ * Response: Nostr pubkey
+ * @end
+ */
+message NostrPubkey {
+    required bytes pubkey = 1;      // pubkey derived from the seed
+}
+
+/**
+ * @embed
+ */
+message NostrTag {
+    // Nostr tags consist of at least one string (the key)
+    // followed by an arbitrary number of strings,
+    // the first of which (if present) is called "value".
+    // See NIP-01: https://github.com/nostr-protocol/nips/blob/master/01.md#tags
+    required string key = 1;
+    optional string value = 2;
+    repeated string extra = 3;
+}
+
+/**
+ * Request: Ask device to sign an event
+ * @start
+ * @next NostrEventSignature
+ * @next Failure
+ */
+message NostrSignEvent {
+    repeated uint32 address_n = 1;   // used to derive the key
+
+    // Nostr event fields, except the ones that are calculated by the signer
+    // See NIP-01: https://github.com/nostr-protocol/nips/blob/master/01.md
+
+    required uint32 created_at = 2;  // Event created_at: unix timestamp in seconds
+    required uint32 kind = 3;        // Event kind: integer between 0 and 65535
+    repeated NostrTag tags = 4;      // Event tags
+    required string content = 5;     // Event content: arbitrary string
+}
+
+/**
+ * Response: Computed event ID and signature
+ * @end
+ */
+message NostrEventSignature {
+    required bytes pubkey = 1;      // pubkey used to sign the event
+    required bytes id = 2;          // ID of the event
+    required bytes signature = 3;   // signature of the event
+}

common/protob/messages.proto

@@ -79,7 +79,6 @@ enum MessageType {
     MessageType_NextU2FCounter = 81 [(wire_out) = true];
 
     // Deprecated messages, kept for protobuf compatibility.
-    // Both are marked wire_out so that we don't need to implement incoming handler for legacy
     MessageType_Deprecated_PassphraseStateRequest = 77 [deprecated = true];
     MessageType_Deprecated_PassphraseStateAck = 78 [deprecated = true];
 
@@ -324,6 +323,12 @@ enum MessageType {
     // THP
     reserved 1000 to 1099; // See messages-thp.proto
 
+    // Nostr
+    MessageType_NostrGetPubkey = 2001 [(wire_in) = true];
+    MessageType_NostrPubkey = 2002 [(wire_out) = true];
+    MessageType_NostrSignEvent = 2003 [(wire_in) = true];
+    MessageType_NostrEventSignature = 2004 [(wire_out) = true];
+
     // Benchmark
     MessageType_BenchmarkListNames = 9100 [(bitcoin_only) = true];
     MessageType_BenchmarkNames = 9101 [(bitcoin_only) = true];

core/.changelog.d/4160.added

@@ -0,0 +1 @@
+Add Nostr support.

core/SConscript.firmware

@@ -666,6 +666,11 @@ if FROZEN:
             SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/nem/*/*.py'))
             SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/NEM*.py'))
 
+        if PYOPT == '0':
+            SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/nostr/*.py'))
+            SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/nostr/*/*.py'))
+            SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Nostr*.py'))
+
         SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/ripple/*.py'))
         SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Ripple*.py'))
 

core/SConscript.unix

@@ -722,6 +722,11 @@ if FROZEN:
             SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/nem/*/*.py'))
             SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/NEM*.py'))
 
+        if PYOPT == '0':
+            SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/nostr/*.py'))
+            SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/nostr/*/*.py'))
+            SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Nostr*.py'))
+
         SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/ripple/*.py'))
         SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Ripple*.py'))
 

core/embed/rust/librust_qstr.h

@@ -338,6 +338,7 @@ static void _librust_qstrs(void) {
   MP_QSTR_modify_fee__transaction_fee;
   MP_QSTR_more_info_callback;
   MP_QSTR_multiple_pages_texts;
+  MP_QSTR_nostr__event_kind_template;
   MP_QSTR_notification;
   MP_QSTR_notification_level;
   MP_QSTR_page_count;

core/embed/rust/src/translations/generated/translated_string.rs.mako

@@ -15,6 +15,7 @@ ALTCOIN_PREFIXES = (
     "fido",
     "monero",
     "nem",
+    "nostr",
     "ripple",
     "solana",
     "stellar",

core/mocks/trezortranslate_keys.pyi

@@ -497,6 +497,7 @@ class TR:
     nem__under_namespace: str = "under namespace"
     nem__unencrypted: str = "Unencrypted:"
     nem__unknown_mosaic: str = "Unknown mosaic!"
+    nostr__event_kind_template: str = "Event kind: {0}"
     passphrase__access_wallet: str = "Access passphrase wallet?"
     passphrase__always_on_device: str = "Always enter your passphrase on Trezor?"
     passphrase__continue_with_empty_passphrase: str = "Continue with empty passphrase?"

core/src/apps/nostr/__init__.py

@@ -0,0 +1,5 @@
+from apps.common.paths import PATTERN_BIP44
+
+CURVE = "secp256k1"
+SLIP44_ID = 1237
+PATTERN = PATTERN_BIP44

core/src/apps/nostr/get_pubkey.py

@@ -0,0 +1,24 @@
+from typing import TYPE_CHECKING
+
+from apps.common.keychain import auto_keychain
+
+if TYPE_CHECKING:
+    from trezor.messages import NostrGetPubkey, NostrPubkey
+
+    from apps.common.keychain import Keychain
+
+
+@auto_keychain(__name__)
+async def get_pubkey(msg: NostrGetPubkey, keychain: Keychain) -> NostrPubkey:
+    from trezor.messages import NostrPubkey
+
+    from apps.common import paths
+
+    address_n = msg.address_n
+
+    await paths.validate_path(keychain, address_n)
+
+    node = keychain.derive(address_n)
+    pk = node.public_key()[-32:]
+
+    return NostrPubkey(pubkey=pk)

core/src/apps/nostr/sign_event.py

@@ -0,0 +1,60 @@
+from typing import TYPE_CHECKING
+
+from apps.common.keychain import auto_keychain
+
+if TYPE_CHECKING:
+    from trezor.messages import NostrEventSignature, NostrSignEvent
+
+    from apps.common.keychain import Keychain
+
+
+@auto_keychain(__name__)
+async def sign_event(msg: NostrSignEvent, keychain: Keychain) -> NostrEventSignature:
+    from ubinascii import hexlify
+
+    from trezor import TR
+    from trezor.crypto.curve import secp256k1
+    from trezor.crypto.hashlib import sha256
+    from trezor.messages import NostrEventSignature
+    from trezor.ui.layouts import confirm_value
+
+    from apps.common import paths
+
+    address_n = msg.address_n
+    created_at = msg.created_at
+    kind = msg.kind
+    tags = [[t.key] + ([t.value] if t.value else []) + t.extra for t in msg.tags]
+    content = msg.content
+
+    await paths.validate_path(keychain, address_n)
+
+    node = keychain.derive(address_n)
+    pk = node.public_key()[-32:]
+    sk = node.private_key()
+
+    title = TR.nostr__event_kind_template.format(kind)
+
+    # confirm_value on TR only accepts one single info item
+    # which is why we concatenate all of them here.
+    # This is not great, but it gets the job done for now.
+    tags_str = f"created_at: {created_at}"
+    for t in tags:
+        tags_str += f"\n\n{t[0]}: " + (f" {' '.join(t[1:])}" if len(t) > 1 else "")
+
+    await confirm_value(
+        title, content, "", "nostr_sign_event", info_items=[("", tags_str)]
+    )
+
+    # The event ID is obtained by serializing the event in a specific way:
+    # "[0,pubkey,created_at,kind,tags,content]"
+    # See NIP-01: https://github.com/nostr-protocol/nips/blob/master/01.md
+    serialized_tags = ",".join(
+        ["[" + ",".join(f'"{t}"' for t in tag) + "]" for tag in tags]
+    )
+    serialized_event = f'[0,"{hexlify(pk).decode()}",{created_at},{kind},[{serialized_tags}],"{content}"]'
+    event_id = sha256(serialized_event).digest()
+
+    # The event signature is basically the signature of the event ID computed above
+    signature = secp256k1.sign(sk, event_id)[-64:]
+
+    return NostrEventSignature(pubkey=pk, id=event_id, signature=signature)

core/src/apps/workflow_handlers.py

@@ -106,6 +106,16 @@ def _find_message_handler_module(msg_type: int) -> str:
     if msg_type == MessageType.GetFirmwareHash:
         return "apps.misc.get_firmware_hash"
 
+    # When promoting the Nostr app to production-level
+    # and removing the "if" guard don't forget to also remove
+    # the corresponding guards (PYOPT == '0') in Sconscript.*
+    if __debug__:
+        # nostr
+        if msg_type == MessageType.NostrGetPubkey:
+            return "apps.nostr.get_pubkey"
+        if msg_type == MessageType.NostrSignEvent:
+            return "apps.nostr.sign_event"
+
     if not utils.BITCOIN_ONLY:
         if msg_type == MessageType.SetU2FCounter:
             return "apps.management.set_u2f_counter"