Alexandre Lision | 51140e1 | 2013-12-02 10:54:09 -0500 | [diff] [blame] | 1 | /* |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 2 | Copyright (C) 2006-2013 Werner Dittmann |
Alexandre Lision | 51140e1 | 2013-12-02 10:54:09 -0500 | [diff] [blame] | 3 | |
| 4 | This program is free software: you can redistribute it and/or modify |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 5 | it under the terms of the GNU Lesser General Public License as published by |
Alexandre Lision | 51140e1 | 2013-12-02 10:54:09 -0500 | [diff] [blame] | 6 | the Free Software Foundation, either version 3 of the License, or |
| 7 | (at your option) any later version. |
| 8 | |
| 9 | This program is distributed in the hope that it will be useful, |
| 10 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | GNU General Public License for more details. |
| 13 | |
| 14 | You should have received a copy of the GNU General Public License |
| 15 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | */ |
| 17 | |
| 18 | /* |
| 19 | * Authors: Werner Dittmann <Werner.Dittmann@t-online.de> |
| 20 | */ |
| 21 | |
| 22 | #ifndef ZRTPPACKET_H |
| 23 | #define ZRTPPACKET_H |
| 24 | |
| 25 | /** |
| 26 | * |
| 27 | * @file zrtpPacket.h |
| 28 | * @brief The data structures and definitions for ZRTP messages |
| 29 | * |
| 30 | * This include file defines the ZRTP message structures. Refer to |
| 31 | * chapter 5 of the ZRTP specification which defines the ZRTP messages and |
| 32 | * the transport format. |
| 33 | * |
| 34 | * @ingroup GNU_ZRTP |
| 35 | * @{ |
| 36 | */ |
| 37 | |
| 38 | #include <stdio.h> |
| 39 | |
| 40 | /** |
| 41 | * The following defines match the ZRTP specification, chapter 5 |
| 42 | */ |
| 43 | #define ZRTP_MAGIC 0x5a525450 |
| 44 | |
| 45 | #define ZRTP_WORD_SIZE 4 |
| 46 | #define CRC_SIZE 4 |
| 47 | |
| 48 | #define TYPE_SIZE (2*ZRTP_WORD_SIZE) |
| 49 | #define CLIENT_ID_SIZE (4*ZRTP_WORD_SIZE) |
| 50 | #define HASH_IMAGE_SIZE (8*ZRTP_WORD_SIZE) |
| 51 | #define ZID_SIZE (3*ZRTP_WORD_SIZE) |
| 52 | #define HVI_SIZE (8*ZRTP_WORD_SIZE) |
| 53 | #define HMAC_SIZE (2*ZRTP_WORD_SIZE) |
| 54 | #define ID_SIZE (2*ZRTP_WORD_SIZE) |
| 55 | #define IV_SIZE (4*ZRTP_WORD_SIZE) |
| 56 | #define PING_HASH_SIZE (2*ZRTP_WORD_SIZE) |
| 57 | |
| 58 | |
| 59 | /** |
| 60 | * The ZRTP message header |
| 61 | * |
| 62 | * A complete ZRTP message always consists of the ZRTP header |
| 63 | * and a message specific part. This specific part may have a variable |
| 64 | * length. The length field includes the header. |
| 65 | */ |
| 66 | typedef struct zrtpPacketHeader { |
| 67 | uint16_t zrtpId; ///< Id to identify the message, always 0x505a |
| 68 | uint16_t length; ///< Length of the ZRTP message in words |
| 69 | uint8_t messageType[TYPE_SIZE]; ///< 2 word (8 octest) message type in ASCII |
| 70 | } zrtpPacketHeader_t; |
| 71 | |
| 72 | /** |
| 73 | * Hello message, fixed part. |
| 74 | * |
| 75 | * The complete Hello message consists of ZRTP message header, Hello fixed |
| 76 | * part and a variable part. The Hello class initializes the variable part. |
| 77 | */ |
| 78 | typedef struct Hello { |
| 79 | uint8_t version[ZRTP_WORD_SIZE]; ///< Announces the ZRTP protocol version |
| 80 | uint8_t clientId[CLIENT_ID_SIZE]; ///< A 4 word ASCII identifier of the ZRTP client |
| 81 | uint8_t hashH3[HASH_IMAGE_SIZE]; ///< The last hash of the hash chain (chap. 9) |
| 82 | uint8_t zid[ZID_SIZE]; ///< ZID - 3 word identifier for the ZRTP endpoint |
| 83 | uint8_t flags; ///< flag bits (chap 7.2) |
| 84 | uint8_t lengths[3]; ///< number of algorithms present |
| 85 | } Hello_t; |
| 86 | |
| 87 | /** |
| 88 | * The complete ZRTP Hello message. |
| 89 | */ |
| 90 | typedef struct HelloPacket { |
| 91 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 92 | Hello_t hello; ///< Fixed part of Hello message |
| 93 | } HelloPacket_t; |
| 94 | |
| 95 | /** |
| 96 | * HelloAck message. |
| 97 | * |
| 98 | * The complete HelloAck message consists of ZRTP message header and |
| 99 | * the CRC which is the only HelloAck specific data. |
| 100 | */ |
| 101 | typedef struct HelloAckPacket { |
| 102 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 103 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 104 | } HelloAckPacket_t; |
| 105 | |
| 106 | /** |
| 107 | * Commit message |
| 108 | * |
| 109 | * There are three subtypes of Commit messages, each of which |
| 110 | * has a fixed size. The data structure defines the maximum |
| 111 | * Commit message. During the ZRTP protocol the implementation |
| 112 | * uses fileds according to the use case (DH handshake, |
| 113 | * Multi-stream handshake) and adjusts the length. |
| 114 | */ |
| 115 | typedef struct Commit { |
| 116 | uint8_t hashH2[HASH_IMAGE_SIZE]; ///< The second hash of the hash chain (chap. 9) |
| 117 | uint8_t zid[ZID_SIZE]; ///< ZID - 3 word identifier for the ZRTP endpoint |
| 118 | uint8_t hash[ZRTP_WORD_SIZE]; ///< Commited hash algorithm |
| 119 | uint8_t cipher[ZRTP_WORD_SIZE]; ///< Commited symmetrical cipher algorithm |
| 120 | uint8_t authlengths[ZRTP_WORD_SIZE]; ///< Commited SRTP authentication algorithm |
| 121 | uint8_t pubkey[ZRTP_WORD_SIZE]; ///< Commited key agreement algorithm |
| 122 | uint8_t sas[ZRTP_WORD_SIZE]; ///< Commited SAS algorithm |
| 123 | uint8_t hvi[HVI_SIZE]; ///< Hash value Initiator - chap 4.4.1.1 |
| 124 | uint8_t hmac[HMAC_SIZE]; ///< MAC of the Commit message |
| 125 | } Commit_t; |
| 126 | |
| 127 | /** |
| 128 | * The complete ZRTP Commit message. |
| 129 | */ |
| 130 | typedef struct CommitPacket { |
| 131 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 132 | Commit_t commit; ///< Commit message |
| 133 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 134 | } CommitPacket_t; |
| 135 | |
| 136 | /** |
| 137 | * DHPart1 and DHPart2 messages |
| 138 | * |
| 139 | * The DHPart messages have a variable length. The following struct |
| 140 | * defines the fixed part only. The DHPart class initializes the |
| 141 | * variable part. |
| 142 | */ |
| 143 | typedef struct DHPart { |
| 144 | uint8_t hashH1[HASH_IMAGE_SIZE]; ///< The first hash of the hash chain (chap. 9) |
| 145 | uint8_t rs1Id[ID_SIZE]; ///< Id of first retained secret |
| 146 | uint8_t rs2Id[ID_SIZE]; ///< Id of second retained secret |
| 147 | uint8_t auxSecretId[ID_SIZE]; ///< Id of additional (auxilliary) secret |
| 148 | uint8_t pbxSecretId[ID_SIZE]; ///< Id of PBX secret (chap 7.3.1) |
| 149 | } DHPart_t; |
| 150 | |
| 151 | /** |
| 152 | * The complete ZRTP DHPart message. |
| 153 | */ |
| 154 | typedef struct DHPartPacket { |
| 155 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 156 | DHPart_t dhPart; ///< DHPart message fixed part |
| 157 | } DHPartPacket_t; |
| 158 | |
| 159 | /** |
| 160 | * Confirm1 and Confirm2 messages |
| 161 | * |
| 162 | * The Confirm message have a variable length. The following struct |
| 163 | * defines the fixed part only. The Confirm class initializes the |
| 164 | * variable part. |
| 165 | * |
| 166 | * ZRTP encrypts a part of the Confirm messages, starting at @c hashH0 |
| 167 | * and includes the variable part. |
| 168 | */ |
| 169 | typedef struct Confirm { |
| 170 | uint8_t hmac[HMAC_SIZE]; ///< MAC over the encrypted part of Commit message |
| 171 | uint8_t iv[IV_SIZE]; ///< IV for CFB mode to encrypt part of Commit |
| 172 | uint8_t hashH0[HASH_IMAGE_SIZE]; ///< starting hash of hash chain (chap. 9) |
| 173 | uint8_t filler[2]; ///< Filler bytes |
| 174 | uint8_t sigLength; ///< Length of an optional signature length (chap 7.2) |
| 175 | uint8_t flags; ///< various flags to control behaviour |
| 176 | uint32_t expTime; ///< Expiration time of retained secrets (chap 4.9) |
| 177 | } Confirm_t; |
| 178 | |
| 179 | /** |
| 180 | * The complete ZRTP Confirm message. |
| 181 | */ |
| 182 | typedef struct ConfirmPacket { |
| 183 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 184 | Confirm_t confirm; ///< Confirm message fixed part |
| 185 | } ConfirmPacket_t; |
| 186 | |
| 187 | /** |
| 188 | * Conf2Ack message. |
| 189 | * |
| 190 | * The complete Conf2Ack message consists of ZRTP message header and |
| 191 | * the CRC which is the only Conf2Ack specific data. |
| 192 | */ |
| 193 | typedef struct Conf2AckPacket { |
| 194 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 195 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 196 | } Conf2AckPacket_t; |
| 197 | |
| 198 | /** |
| 199 | * The GoClear message is currently not used in |
| 200 | * GNU ZRTP C++ - not support for GoClear. |
| 201 | */ |
| 202 | typedef struct GoClear { |
| 203 | uint8_t clearHmac[HMAC_SIZE]; ///< no used |
| 204 | } GoClear_t; |
| 205 | |
| 206 | /** |
| 207 | * The complete ZRTP GoClear message - no used. |
| 208 | */ |
| 209 | typedef struct GoClearPacket { |
| 210 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 211 | GoClear_t goClear; ///< not used |
| 212 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 213 | } GoClearPacket_t; |
| 214 | |
| 215 | /** |
| 216 | * The ClearAck message is currently not used in |
| 217 | * GNU ZRTP C++ - not support for GoClear. |
| 218 | */ |
| 219 | typedef struct ClearAckPacket { |
| 220 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 221 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 222 | } ClearAckPacket_t; |
| 223 | |
| 224 | /** |
| 225 | * The Error message |
| 226 | */ |
| 227 | typedef struct Error { |
| 228 | uint32_t errorCode; ///< Error code, see chap 5.9 |
| 229 | } Error_t; |
| 230 | |
| 231 | /** |
| 232 | * The complete ZRTP Error message. |
| 233 | */ |
| 234 | typedef struct ErrorPacket { |
| 235 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 236 | Error_t error; ///< Error message part |
| 237 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 238 | } ErrorPacket_t; |
| 239 | |
| 240 | /** |
| 241 | * ErrorAck message. |
| 242 | * |
| 243 | * The complete ErrorAck message consists of ZRTP message header and |
| 244 | * the CRC which is the only ErrorAck specific data. |
| 245 | */ |
| 246 | typedef struct ErrorAckPacket { |
| 247 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 248 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 249 | } ErrorAckPacket_t; |
| 250 | |
| 251 | /** |
| 252 | * Ping message. |
| 253 | * |
| 254 | * The Ping message has a fixed size. |
| 255 | */ |
| 256 | typedef struct Ping { |
| 257 | uint8_t version[ZRTP_WORD_SIZE]; ///< The ZRTP protocol version |
| 258 | uint8_t epHash[PING_HASH_SIZE]; ///< End point hash, see chap 5.16 |
| 259 | } Ping_t; |
| 260 | |
| 261 | /** |
| 262 | * The complete ZRTP Ping message. |
| 263 | */ |
| 264 | typedef struct PingPacket { |
| 265 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 266 | Ping_t ping; ///< Ping message part |
| 267 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 268 | } PingPacket_t; |
| 269 | |
| 270 | /** |
| 271 | * PingAck message. |
| 272 | * |
| 273 | * The PingAck message has a fixed size. |
| 274 | */ |
| 275 | typedef struct PingAck { |
| 276 | uint8_t version[ZRTP_WORD_SIZE]; ///< The ZRTP protocol version |
| 277 | uint8_t localEpHash[PING_HASH_SIZE]; ///< Local end point hash, see chap 5.16 |
| 278 | uint8_t remoteEpHash[PING_HASH_SIZE]; ///< Remote end point hash, see chap 5.16 |
| 279 | uint32_t ssrc; ///< SSRC copied from the Ping message (RTP packet part) |
| 280 | } PingAck_t; |
| 281 | |
| 282 | /** |
| 283 | * The complete ZRTP PingAck message. |
| 284 | */ |
| 285 | typedef struct PingAckPacket { |
| 286 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 287 | PingAck_t pingAck; ///< PingAck message part |
| 288 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 289 | } PingAckPacket_t; |
| 290 | |
| 291 | /** |
| 292 | * SASrelay message |
| 293 | * |
| 294 | * The SASrelay message has a variable length. The following struct |
| 295 | * defines the fixed part only. The SASrelay class initializes the |
| 296 | * variable part. |
| 297 | * |
| 298 | * ZRTP encrypts a part of the SASrelay message, starting at @c hashH0 |
| 299 | * and includes the variable part. |
| 300 | */ |
| 301 | typedef struct SASrelay { |
| 302 | uint8_t hmac[HMAC_SIZE]; ///< MAC over the encrypted part of Commit message |
| 303 | uint8_t iv[IV_SIZE]; ///< IV for CFB mode to encrypt part of Commit |
| 304 | uint8_t filler[2]; ///< Filler bytes |
| 305 | uint8_t sigLength; ///< Length of an optional signature length (chap 7.2) |
| 306 | uint8_t flags; ///< various flags to control behaviour |
| 307 | uint8_t sas[ZRTP_WORD_SIZE]; ///< SAS algorithm to use |
| 308 | uint8_t trustedSasHash[HASH_IMAGE_SIZE]; ///< New trusted SAS hash for enrolled client |
| 309 | } SASrelay_t; |
| 310 | |
| 311 | /** |
| 312 | * The complete ZRTP SASrelay message. |
| 313 | */ |
| 314 | typedef struct SASrelayPacket { |
| 315 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 316 | SASrelay_t sasrelay; ///< SASrelay message fixed part |
| 317 | } SASrelayPacket_t; |
| 318 | |
| 319 | /** |
| 320 | * RelayAck message. |
| 321 | * |
| 322 | * The complete RelayAck message consists of ZRTP message header and |
| 323 | * the CRC which is the only RelayAck specific data. |
| 324 | */ |
| 325 | typedef struct RelayAckPacket { |
| 326 | zrtpPacketHeader_t hdr; ///< ZRTP Header |
| 327 | uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message |
| 328 | } RelayAckPacket_t; |
| 329 | |
| 330 | #endif // ZRTPPACKET_H |
| 331 | |
| 332 | /** |
| 333 | * @} |
| 334 | */ |
| 335 | |
| 336 | /** EMACS ** |
| 337 | * Local variables: |
| 338 | * mode: c++ |
| 339 | * c-default-style: ellemtel |
| 340 | * c-basic-offset: 4 |
| 341 | * End: |
| 342 | */ |