bZRTP
bZRTP is an opensource implementation of ZRTP keys exchange protocol
typedef.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2014-2019 Belledonne Communications SARL.
3  *
4  * This file is part of bzrtp.
5  *
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 #ifndef TYPEDEF_H
20 #define TYPEDEF_H
21 
22 /* maximum number of simultaneous channels opened in a ZRTP session */
23 #define ZRTP_MAX_CHANNEL_NUMBER 64
24 /* aux secret may rarely be used define his maximum length in bytes */
25 #define MAX_AUX_SECRET_LENGTH 64
26 /* the context will store some of the sent or received packets */
27 #define PACKET_STORAGE_CAPACITY 5
28 
29 /* HELLO_MESSAGE_STORE_ID MUST stay at 0 in case of we are treating a GoClear message and we are deleting all messages except Hello Packets */
30 #define HELLO_MESSAGE_STORE_ID 0 /* MUST stay at 0 */
31 #define COMMIT_MESSAGE_STORE_ID 1
32 #define DHPART_MESSAGE_STORE_ID 2
33 #define CONFIRM_MESSAGE_STORE_ID 3
34 #define GOCLEAR_MESSAGE_STORE_ID 4
35 
36 #ifdef HAVE_CONFIG_H
37 #include "config.h"
38 #endif
39 
40 #include <stdint.h>
41 
42 
43 #ifdef ZIDCACHE_ENABLED
44 #include "sqlite3.h"
45 #endif /* ZIDCACHE_ENABLED */
46 
48 
49 #include <bctoolbox/crypto.h>
50 #include <bctoolbox/port.h>
51 #include "packetParser.h"
52 #include "stateMachine.h"
53 
54 /* logging */
55 /* log domain is defined in CMakeList */
56 #include "bctoolbox/logging.h"
57 
58 #ifdef _WIN32
59 #define snprintf _snprintf
60 #endif
61 
62 /* timer related definitions */
63 #define BZRTP_TIMER_ON 1
64 #define BZRTP_TIMER_OFF 2
65 
66 /* values for retransmission timers, as recommended in rfc section 6 */
67 #define HELLO_BASE_RETRANSMISSION_STEP 50
68 #define HELLO_CAP_RETRANSMISSION_STEP 200
69 #define HELLO_MAX_RETRANSMISSION_NUMBER 20
70 
71 #define NON_HELLO_BASE_RETRANSMISSION_STEP 150
72 #define NON_HELLO_CAP_RETRANSMISSION_STEP 1200
73 #define NON_HELLO_MAX_RETRANSMISSION_NUMBER 10
74 
75 #define CLEARACK_BASE_RETRANSMISSION_STEP 5000
76 #define CLEARACK_MAX_RETRANSMISSION_NUMBER 20
77 
78 /* network related defines */
79 /* minimal MTU size is 600 bytes to avoid useless fragmentation of small enough packets */
80 #define BZRTP_MINIMUM_MTU 600
81 /* default MTU is 1452 to aim at 1500 bytes with IPv6(40 bytes) + UDP(8 bytes) overhead */
82 #define BZRTP_DEFAULT_MTU 1452
83 
84 /* Client identifier can contain up to 16 characters, it identify the BZRTP library version */
85 /* Use it to pass bzrtp version number to peer, is it part of Hello message */
86 /* custom Linphone Instant Messaging Encryption depends on bzrtp version */
87 /* Note: ZRTP_VERSION and BZrtp version are for now both at 1.1 but they are unrelated */
88 /* historically since the creation of bzrtp, it used client idenfiers : */
89 #define ZRTP_CLIENT_IDENTIFIERv1_0a "LINPHONE-ZRTPCPP"
90 #define ZRTP_CLIENT_IDENTIFIERv1_0b "BZRTP"
91 /* Since version 1.1 which implement correctly the key export mechanism described in ZRTP RFC 4.5.2, bzrtp lib identifies itself as */
92 #define ZRTP_CLIENT_IDENTIFIERv1_1 "BZRTPv1.1"
93 
94 #define ZRTP_CLIENT_IDENTIFIER ZRTP_CLIENT_IDENTIFIERv1_1
95 
96 #ifdef __cplusplus
97 extern "C"{
98 #endif
99 
100 /* pgp word list for use with SAS */
101 extern const char * pgpWordsEven[];
102 extern const char * pgpWordsOdd[];
103 
108 typedef struct bzrtpTimer_struct {
112  int timerStep;
113 } bzrtpTimer_t;
114 
115 /* the rs1 and rs2 are 256 bits long - see rfc section 4.6.1 */
116 #define RETAINED_SECRET_LENGTH 32
117 
120 typedef struct cachedSecrets_struct {
129  uint8_t previouslyVerifiedSas; /* boolean, is a SAS has been previously verified with this user */
131 
136 typedef struct cachedSecretsHash_struct {
137  uint8_t rs1ID[8];
138  uint8_t rs2ID[8];
139  uint8_t pbxsecretID[8];
141 
142 typedef struct fragmentInfo_struct {
146 
151  bctbx_list_t *fragments;
158 
159  void *clientData;
167  /* flags */
170 #ifdef GOCLEAR_ENABLED
171  uint8_t isClear;
172  uint8_t hasReceivedAGoClear;
173 #endif
174 
175  /* Hash chains, self is generated at channel context init */
176  uint8_t selfH[4][32];
177  uint8_t peerH[4][32];
179  /* packet storage : shall store some sent and received packets */
183  /* peer Hello hash : store the peer hello hash when given by signaling */
186  /* sequence number: self and peer */
191  /* algorithm agreed after Hello message exchange(use mapping define in cryptoUtils.h) and the function pointer to use them */
201  /* function pointer to the agreed algorithms - Note, key agreement manage directly this selection so it is not set here */
202  void (*hmacFunction)(const uint8_t *key, size_t keyLength, const uint8_t *input, size_t inputLength, uint8_t hmacLength, uint8_t *output);
203  void (*hashFunction)(const uint8_t *input, size_t inputLength, uint8_t hashLength, uint8_t *output);
204  void (*cipherEncryptionFunction)(const uint8_t *key, const uint8_t *IV, const uint8_t *input, size_t inputLength, uint8_t *output);
205  void (*cipherDecryptionFunction)(const uint8_t *key, const uint8_t *IV, const uint8_t *input, size_t inputLength, uint8_t *output);
206  void (*sasFunction)(uint32_t sas, char * output, int outputSize);
208  /* keys */
218  /* shared secret hash : unlike pbx, rs1 and rs2 secret hash, the auxsecret hash use a channel dependent data (H3) and is then stored in the channel context */
219  uint8_t initiatorAuxsecretID[8];
220  uint8_t responderAuxsecretID[8];
222  /* packet fragmentation management */
223  /* We do not need to store more than one as there on no scenarii in wich we expect peer to send 2 messages in a parallel */
225 
226  /* temporary buffer stored in the channel context */
229 };
230 
236  /* contexts */
237  bctbx_rng_context_t *RNGContext;
241  /* flags */
245 #ifdef GOCLEAR_ENABLED
246  uint8_t selfAcceptGoClear;
247  uint8_t peerAcceptGoClear;
248 #endif
251  /* callbacks */
254  /* channel contexts */
257  /* List of available algorithms, initialised with algo implemented in cryptoWrapper but can be then be modified according to user settings */
259  uint8_t supportedHash[7];
261  uint8_t supportedCipher[7];
263  uint8_t supportedAuthTag[7];
265  uint8_t supportedKeyAgreement[7];
267  uint8_t supportedSas[7];
269  /* ZIDs and cache */
270 #ifdef ZIDCACHE_ENABLED
271  sqlite3 *zidCache;
272 #else
273  void *zidCache;
274 #endif /* ZIDCACHE_ENABLED */
275  bctbx_mutex_t *zidCacheMutex;
276  int zuid;
277  char *selfURI;
278  uint8_t selfZID[12];
279  char *peerURI;
280  uint8_t peerZID[12];
288  /* transient auxiliary shared secret : in addition to the auxiliary shared secret stored in ZID cache, caller can provide a shared secret to the zrtp context which will be used for this transaction only */
289  /* both auxiliary secret are used and combined as transientAuxiliarySecret appended to cachedAuxiliarySecret*/
293  /* keys */
298  uint8_t ZRTPSessContext[24];
300  /* network */
301  size_t mtu;
303 };
304 
305 #ifdef __cplusplus
306 }
307 #endif
308 
309 #endif /* ifndef TYPEDEF_H */
size_t mtu
Definition: typedef.h:301
uint16_t offset
Definition: typedef.h:143
uint8_t * peerHelloHash
Definition: typedef.h:184
uint8_t * mackeyi
Definition: typedef.h:212
bctbx_rng_context_t * RNGContext
Definition: typedef.h:237
uint8_t * packetString
Definition: typedef.h:150
struct cachedSecrets_struct cachedSecrets_t
A set of cached secrets retrieved from the cache as defined.
bzrtpTimer_t timer
Definition: typedef.h:163
uint8_t hc
Definition: typedef.h:258
bzrtpStateMachine_t stateMachine
Definition: typedef.h:162
#define PACKET_STORAGE_CAPACITY
Definition: typedef.h:27
Definition: bzrtp.h:121
bctbx_mutex_t * zidCacheMutex
Definition: typedef.h:275
uint8_t cacheMismatchFlag
Definition: typedef.h:285
const char * pgpWordsOdd[]
Definition: pgpwords.c:284
uint8_t isInitialised
Definition: typedef.h:242
All the callback functions provided by the client needed by the ZRTP engine.
Definition: bzrtp.h:175
cachedSecretsHash_t initiatorCachedSecretHash
Definition: typedef.h:283
uint8_t sc
Definition: typedef.h:266
size_t auxsecretLength
Definition: typedef.h:126
fragmentReassembly_t incomingFragmentedPacket
Definition: typedef.h:224
uint8_t hashLength
Definition: typedef.h:193
Timer structure : The timer mechanism receives a tick giving a current time in ms a timer object will...
Definition: typedef.h:108
uint8_t * KDFContext
Definition: typedef.h:210
A set of cached secrets retrieved from the cache as defined.
Definition: typedef.h:120
unsigned short uint16_t
Definition: stdint.h:79
uint8_t * pbxsecret
Definition: typedef.h:127
uint8_t sasAlgo
Definition: typedef.h:198
Store all zrtpPacket informations according to type a specific structure type is mapped to the void *...
Definition: packetParser.h:134
unsigned char uint8_t
Definition: stdint.h:78
bzrtpCallbacks_t zrtpCallbacks
Definition: typedef.h:252
uint8_t * auxsecret
Definition: typedef.h:125
uint8_t * rs2
Definition: typedef.h:123
bzrtpSrtpSecrets_t srtpSecrets
Definition: typedef.h:216
uint16_t selfMessageSequenceNumber
Definition: typedef.h:188
uint8_t * s0
Definition: typedef.h:209
#define ZRTP_MAX_CHANNEL_NUMBER
Definition: typedef.h:23
char * selfURI
Definition: typedef.h:277
uint8_t keyAgreementAlgo
Definition: typedef.h:239
uint8_t * rs1
Definition: typedef.h:121
uint8_t peerPVS
Definition: typedef.h:286
bctbx_list_t * fragments
Definition: typedef.h:151
uint8_t cc
Definition: typedef.h:260
uint8_t rs1Length
Definition: typedef.h:122
void * zidCache
Definition: typedef.h:273
uint8_t keyAgreementAlgo
Definition: typedef.h:197
uint8_t * ZRTPSess
Definition: typedef.h:294
uint16_t messageLength
Definition: typedef.h:149
uint8_t status
Definition: typedef.h:109
cachedSecrets_t cachedSecret
Definition: typedef.h:282
uint16_t messageId
Definition: typedef.h:148
uint8_t * transientAuxSecret
Definition: typedef.h:290
struct cachedSecretsHash_struct cachedSecretsHash_t
The hash of cached secret truncated to the 64 leftmost bits aux secret ID is not part of it because c...
structure of the ZRTP engine context Store current state, timers, HMAC and encryption keys ...
Definition: typedef.h:235
unsigned int uint32_t
Definition: stdint.h:80
uint8_t * zrtpkeyi
Definition: typedef.h:214
uint8_t ZRTPSessLength
Definition: typedef.h:295
uint8_t cipherAlgo
Definition: typedef.h:194
int timerStep
Definition: typedef.h:112
size_t pbxsecretLength
Definition: typedef.h:128
const char * pgpWordsEven[]
Definition: pgpwords.c:24
unsigned __int64 uint64_t
Definition: stdint.h:90
uint8_t previouslyVerifiedSas
Definition: typedef.h:129
char * peerURI
Definition: typedef.h:279
uint8_t isSecure
Definition: typedef.h:168
uint8_t kc
Definition: typedef.h:264
uint16_t KDFContextLength
Definition: typedef.h:211
uint8_t cipherKeyLength
Definition: typedef.h:195
uint8_t role
Definition: typedef.h:161
struct bzrtpTimer_struct bzrtpTimer_t
Timer structure : The timer mechanism receives a tick giving a current time in ms a timer object will...
size_t transientAuxSecretLength
Definition: typedef.h:291
uint8_t authTagAlgo
Definition: typedef.h:196
uint8_t sasLength
Definition: typedef.h:199
uint8_t isMainChannel
Definition: typedef.h:169
uint8_t hashAlgo
Definition: typedef.h:192
int zuid
Definition: typedef.h:276
The zrtp context of a channel.
Definition: typedef.h:157
Definition: typedef.h:147
uint8_t * zrtpkeyr
Definition: typedef.h:215
uint8_t rs2Length
Definition: typedef.h:124
uint8_t isSecure
Definition: typedef.h:243
uint32_t selfSSRC
Definition: typedef.h:165
uint8_t * mackeyr
Definition: typedef.h:213
uint8_t * exportedKey
Definition: typedef.h:296
Definition: typedef.h:142
int(* bzrtpStateMachine_t)(bzrtpEvent_t)
the state function pointer definition
Definition: stateMachine.h:57
uint16_t length
Definition: typedef.h:144
bzrtpPacket_t * pingPacket
Definition: typedef.h:227
uint64_t timeReference
Definition: typedef.h:249
uint8_t peerSupportMultiChannel
Definition: typedef.h:244
uint8_t firingCount
Definition: typedef.h:111
uint8_t exportedKeyLength
Definition: typedef.h:297
uint64_t firingTime
Definition: typedef.h:110
void * keyAgreementContext
Definition: typedef.h:238
void * clientData
Definition: typedef.h:159
uint16_t selfSequenceNumber
Definition: typedef.h:187
uint16_t peerSequenceNumber
Definition: typedef.h:189
uint32_t peerBzrtpVersion
Definition: typedef.h:281
The hash of cached secret truncated to the 64 leftmost bits aux secret ID is not part of it because c...
Definition: typedef.h:136
uint8_t ac
Definition: typedef.h:262
struct fragmentInfo_struct fragmentInfo_t
cachedSecretsHash_t responderCachedSecretHash
Definition: typedef.h:284
struct fragmentReassembly_struct fragmentReassembly_t