Commit 5a6196e3 authored by johan's avatar johan

Improve API to get more informations on algorithm used during nego

+ remove useless isSecure function
parent 7d03a0e6
......@@ -86,7 +86,8 @@
#define ZRTP_SRTP_SECRETS_FOR_RECEIVER 0x02
/**
* brief The data structure containing the keys and algorithms to be used by srtp */
* brief The data structure containing the keys and algorithms to be used by srtp
* Also stores SAS and informations about the crypto algorithms selected during ZRTP negotiation */
typedef struct bzrtpSrtpSecrets_struct {
uint8_t *selfSrtpKey; /**< The key used by local part to encrypt */
uint8_t selfSrtpKeyLength; /**< The length in byte of the key */
......@@ -96,11 +97,14 @@ typedef struct bzrtpSrtpSecrets_struct {
uint8_t peerSrtpKeyLength; /**< The length in byte of the key */
uint8_t *peerSrtpSalt; /**< The salt used by local part to decrypt */
uint8_t peerSrtpSaltLength; /**< The length in byte of the salt */
uint8_t cipherAlgo; /**< The cipher block algorithm used by srtp */
uint8_t cipherAlgo; /**< The cipher block algorithm selected durign ZRTP negotiation and used by srtp */
uint8_t cipherKeyLength; /**< The key length in bytes for the cipher block algorithm used by srtp */
uint8_t authTagAlgo; /**< srtp authentication tag algorithm agreed on after Hello packet exchange */
char *sas; /**< a null terminated char containing the Short Authentication String */
uint8_t sasLength; /**< The length of sas, including the termination character */
uint8_t hashAlgo; /**< The hash algo selected during ZRTP negotiation */
uint8_t keyAgreementAlgo; /**< The key agreement algo selected during ZRTP negotiation */
uint8_t sasAlgo; /**< The SAS rendering algo selected during ZRTP negotiation */
} bzrtpSrtpSecrets_t;
/**
......@@ -119,8 +123,8 @@ typedef struct bzrtpCallbacks_struct {
int (* bzrtp_sendData)(void *clientData, const uint8_t *packetString, uint16_t packetLength); /**< Send a ZRTP packet to peer. Shall return 0 on success */
/* dealing with SRTP session */
int (* bzrtp_srtpSecretsAvailable)(void *clientData, bzrtpSrtpSecrets_t *srtpSecrets, uint8_t part); /**< Send the srtp secrets to the client, for either sender, receiver or both according to the part parameter value. Client may wait for the end of ZRTP process before using it */
int (* bzrtp_startSrtpSession)(void *clientData, const char* sas, int32_t verified); /**< ZRTP process ended well, client is given the SAS and may start his SRTP session if not done when calling srtpSecretsAvailable */
int (* bzrtp_srtpSecretsAvailable)(void *clientData, const bzrtpSrtpSecrets_t *srtpSecrets, uint8_t part); /**< Send the srtp secrets to the client, for either sender, receiver or both according to the part parameter value. Client may wait for the end of ZRTP process before using it */
int (* bzrtp_startSrtpSession)(void *clientData, const bzrtpSrtpSecrets_t *srtpSecrets, int32_t verified); /**< ZRTP process ended well, client is given the SAS and informations about the crypto algo used during ZRTP negotiation. He may start his SRTP session if not done when calling srtpSecretsAvailable */
/* ready for exported keys */
int (* bzrtp_contextReadyForExportedKeys)(void *ZIDCacheData, void *clientData, uint8_t peerZID[12], uint8_t role); /**< Tell the client that this is the time to create and store in cache any exported keys, client is given the peerZID to adress the correct node in cache and current role which is needed to set a pair of keys for IM encryption */
......@@ -247,18 +251,6 @@ BZRTP_EXPORT int bzrtp_startChannelEngine(bzrtpContext_t *zrtpContext, uint32_t
*/
BZRTP_EXPORT int bzrtp_iterate(bzrtpContext_t *zrtpContext, uint32_t selfSSRC, uint64_t timeReference);
/**
* @brief Return the status of current channel, 1 if SRTP secrets have been computed and confirmed, 0 otherwise
*
* @param[in] zrtpContext The ZRTP context hosting the channel
* @param[in] selfSSRC The SSRC identifying the channel
*
* @return 0 if this channel is not ready to secure SRTP communication, 1 if it is ready
*/
BZRTP_EXPORT int bzrtp_isSecure(bzrtpContext_t *zrtpContext, uint32_t selfSSRC);
/**
* @brief Process a received message
*
......
......@@ -486,27 +486,6 @@ int bzrtp_processMessage(bzrtpContext_t *zrtpContext, uint32_t selfSSRC, uint8_t
return retval;
}
/*
* @brief Return the status of current channel, 1 if SRTP secrets have been computed and confirmed, 0 otherwise
*
* @param[in] zrtpContext The ZRTP context hosting the channel
* @param[in] selfSSRC The SSRC identifying the channel
*
* @return 0 if this channel is not ready to secure SRTP communication, 1 if it is ready
*/
int bzrtp_isSecure(bzrtpContext_t *zrtpContext, uint32_t selfSSRC) {
/* get channel context */
bzrtpChannelContext_t *zrtpChannelContext = getChannelContext(zrtpContext, selfSSRC);
if (zrtpChannelContext == NULL) {
return 0; /* can't find the channel, return it as non secure */
}
return zrtpChannelContext->isSecure;
}
/*
* @brief Called by user when the SAS has been verified
* update the cache(if any) to set the previously verified flag
......@@ -820,6 +799,10 @@ int bzrtp_setPeerHelloHash(bzrtpContext_t *zrtpContext, uint32_t selfSSRC, uint8
zrtpChannelContext->srtpSecrets.authTagAlgo = ZRTP_UNSET_ALGO;
zrtpChannelContext->srtpSecrets.sas = NULL;
zrtpChannelContext->srtpSecrets.sasLength = 0;
zrtpChannelContext->srtpSecrets.hashAlgo = ZRTP_UNSET_ALGO;
zrtpChannelContext->srtpSecrets.keyAgreementAlgo = ZRTP_UNSET_ALGO;
zrtpChannelContext->srtpSecrets.sasAlgo = ZRTP_UNSET_ALGO;
/* reset choosen algo and their functions */
zrtpChannelContext->hashAlgo = ZRTP_UNSET_ALGO;
......@@ -1037,6 +1020,9 @@ static int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelCon
zrtpChannelContext->srtpSecrets.authTagAlgo = ZRTP_UNSET_ALGO;
zrtpChannelContext->srtpSecrets.sas = NULL;
zrtpChannelContext->srtpSecrets.sasLength = 0;
zrtpChannelContext->srtpSecrets.hashAlgo = ZRTP_UNSET_ALGO;
zrtpChannelContext->srtpSecrets.keyAgreementAlgo = ZRTP_UNSET_ALGO;
zrtpChannelContext->srtpSecrets.sasAlgo = ZRTP_UNSET_ALGO;
/* create the Hello packet and store it */
helloPacket = bzrtp_createZrtpPacket(zrtpContext, zrtpChannelContext, MSGTYPE_HELLO, &retval);
......
......@@ -1454,7 +1454,7 @@ int state_secure(bzrtpEvent_t event) {
/* call the environment to signal we're ready to operate */
if (zrtpContext->zrtpCallbacks.bzrtp_startSrtpSession!= NULL) {
zrtpContext->zrtpCallbacks.bzrtp_startSrtpSession(zrtpChannelContext->clientData, zrtpChannelContext->srtpSecrets.sas, zrtpContext->cachedSecret.previouslyVerifiedSas);
zrtpContext->zrtpCallbacks.bzrtp_startSrtpSession(zrtpChannelContext->clientData, &(zrtpChannelContext->srtpSecrets), zrtpContext->cachedSecret.previouslyVerifiedSas);
}
return 0;
}
......@@ -2087,6 +2087,11 @@ int bzrtp_deriveSrtpKeysFromS0(bzrtpContext_t *zrtpContext, bzrtpChannelContext_
zrtpChannelContext->srtpSecrets.cipherAlgo = zrtpChannelContext->cipherAlgo;
zrtpChannelContext->srtpSecrets.cipherKeyLength = zrtpChannelContext->cipherKeyLength;
zrtpChannelContext->srtpSecrets.authTagAlgo = zrtpChannelContext->authTagAlgo;
/* for information purpose, add the negotiated algorithm */
zrtpChannelContext->srtpSecrets.hashAlgo = zrtpChannelContext->hashAlgo;
zrtpChannelContext->srtpSecrets.keyAgreementAlgo = zrtpChannelContext->keyAgreementAlgo;
zrtpChannelContext->srtpSecrets.sasAlgo = zrtpChannelContext->sasAlgo;
/* compute the SAS according to rfc section 4.5.2 sashash = KDF(s0, "SAS", KDF_Context, 256) */
if (zrtpChannelContext->keyAgreementAlgo != ZRTP_KEYAGREEMENT_Mult) { /* only when not in Multistream mode */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment