Commit 1d1d7604 authored by johan's avatar johan

Deprecate support for exported key derivation as (badly) done in older bzrtp version

Retrocompatibility ensured by build option which is on by default for now.
parent 78e01080
......@@ -30,6 +30,7 @@ option(ENABLE_STATIC "Build static library." YES)
option(ENABLE_ZIDCACHE "Turn on compilation of ZID cache, request sqlite" YES)
option(ENABLE_STRICT "Build with strict compile options." YES)
option(ENABLE_TESTS "Enable compilation of unit tests." NO)
option(ENABLE_EXPORTEDKEY_V1_0_RETROCOMPATIBILITY "Enable support for Limev1 with older version of bzrtp(before v1.06)" YES)
if(NOT CMAKE_INSTALL_RPATH AND CMAKE_INSTALL_PREFIX)
......@@ -105,6 +106,9 @@ if(ENABLE_ZIDCACHE)
endif()
endif()
if (ENABLE_EXPORTEDKEY_V1_0_RETROCOMPATIBILITY)
add_definitions("-DSUPPORT_EXPORTEDKEY_V010000")
endif()
if(LINPHONE_BUILDER_GROUP_EXTERNAL_SOURCE_PATH_BUILDERS)
set(EXPORT_TARGETS_NAME "LinphoneBuilder")
......
......@@ -591,7 +591,8 @@ int bzrtp_exportKey(bzrtpContext_t *zrtpContext, char *label, size_t labelLength
/* check we have s0 or exportedKey and KDFContext in channel[0] - export keys is available only on channel 0 completion - see RFC 4.5.2 */
bzrtpChannelContext_t *zrtpChannelContext = zrtpContext->channelContext[0];
if (zrtpContext->peerBzrtpVersion == 10000) { /* keep compatibility with older implementation of bzrtp */
if (zrtpContext->peerBzrtpVersion == 0x010000) { /* keep compatibility with older implementation of bzrtp */
#ifdef SUPPORT_EXPORTEDKEY_V010000
/* before version 1.1.0 (turned into an int MMmmpp -> 010100) exported keys wrongly derives from given label and s0 direclty instead of
deriving one Exported Key from S0 and then as many as needed from the exported key as specified in the RFC section 4.5.2 */
if (zrtpChannelContext->s0 == NULL || zrtpChannelContext->KDFContext == NULL) {
......@@ -604,7 +605,12 @@ int bzrtp_exportKey(bzrtpContext_t *zrtpContext, char *label, size_t labelLength
}
bzrtp_keyDerivationFunction(zrtpChannelContext->s0, zrtpChannelContext->hashLength, (uint8_t *)label, labelLength, zrtpChannelContext->KDFContext, zrtpChannelContext->KDFContextLength, *derivedKeyLength, (void (*)(uint8_t *, uint8_t, uint8_t *, uint32_t, uint8_t, uint8_t *))zrtpChannelContext->hmacFunction, derivedKey);
#else /* SUPPORT_EXPORTEDKEY_V010000 */
/* We do not support anymore backward compatibility, just do nothing but send an error message*/
if (zrtpContext->zrtpCallbacks.bzrtp_statusMessage!=NULL && zrtpContext->zrtpCallbacks.bzrtp_messageLevel>=BZRTP_MESSAGE_ERROR) { /* use error level as we explicitely compile with no support for older version */
zrtpContext->zrtpCallbacks.bzrtp_statusMessage(zrtpChannelContext->clientData, BZRTP_MESSAGE_ERROR, BZRTP_MESSAGE_PEERVERSIONOBSOLETE, "obsolete bzrtp version are not supported anymore");
}
#endif /* SUPPORT_EXPORTEDKEY_V010000 */
} else { /* peer either use version 1.1 of BZRTP or another library, just stick to the RFC to create the export key */
if ((zrtpChannelContext->s0 == NULL && zrtpContext->exportedKey) || zrtpChannelContext->KDFContext == NULL) {
return BZRTP_ERROR_INVALIDCONTEXT;
......
......@@ -1699,12 +1699,12 @@ int bzrtp_responseToHelloMessage(bzrtpContext_t *zrtpContext, bzrtpChannelContex
*/
/* This is BZRTP in its old version */
if ((strncmp(ZRTP_CLIENT_IDENTIFIERv1_0a, (char *)helloMessage->clientIdentifier, 16)==0) || (strncmp(ZRTP_CLIENT_IDENTIFIERv1_0b, (char *)helloMessage->clientIdentifier, 16)==0)){
zrtpContext->peerBzrtpVersion=10000;
zrtpContext->peerBzrtpVersion=0x010000;
if (zrtpContext->zrtpCallbacks.bzrtp_statusMessage!=NULL && zrtpContext->zrtpCallbacks.bzrtp_messageLevel>=BZRTP_MESSAGE_WARNING) { /* use warning level as the client may really wants to know this */
zrtpContext->zrtpCallbacks.bzrtp_statusMessage(zrtpChannelContext->clientData, BZRTP_MESSAGE_WARNING, BZRTP_MESSAGE_PEERVERSIONOBSOLETE, (const char *)helloMessage->clientIdentifier);
}
} else if (strncmp(ZRTP_CLIENT_IDENTIFIERv1_1, (char *)helloMessage->clientIdentifier, 16)==0) { /* peer has the current version, everything is Ok */
zrtpContext->peerBzrtpVersion=10100;
zrtpContext->peerBzrtpVersion=0x010100;
} else { /* peer uses another lib, we're probably not LIME compliant, log it */
zrtpContext->peerBzrtpVersion=0;
if (zrtpContext->zrtpCallbacks.bzrtp_statusMessage!=NULL && zrtpContext->zrtpCallbacks.bzrtp_messageLevel>=BZRTP_MESSAGE_LOG) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment