Commit c1aeb8e3 authored by eburke's avatar eburke Committed by johan

enabled b256 SAS, added pgpwords file, modified bzrtp_base32 signature, added bzrtp_base256

Signed-off-by: johan's avatarJohan Pascal <johan.pascal@belledonne-communications.com>
parent 23aaa5b4
......@@ -71,7 +71,17 @@ int bzrtp_keyDerivationFunction(uint8_t *key, uint16_t keyLength,
* @param[out] output The 4 chars string to be displayed to user for vocal confirmation
*
*/
void bzrtp_base32(uint32_t sas, char output[4]);
void bzrtp_base32(uint32_t sas, char *output, int outputSize);
/**
* @brief SAS rendering from 32 bits to pgp word list
* Function defined in rfc section 5.1.6
*
* @param[in] sas The 32 bits SAS
* @param[out] output The output list. Passed in array must be at least 32 bytes
*
*/
void bzrtp_base256(uint32_t sas, char *output, int outputSize);
/**
* @brief CRC32 as defined in RFC4960 Appendix B - Polynomial is 0x1EDC6F41
......
......@@ -65,6 +65,10 @@ typedef struct bzrtpChannelContext_struct bzrtpChannelContext_t;
#define NON_HELLO_CAP_RETRANSMISSION_STEP 1200
#define NON_HELLO_MAX_RETRANSMISSION_NUMBER 10
/* pgp word list for use with SAS */
extern const char * pgpWordsEven[];
extern const char * pgpWordsOdd[];
/**
* @brief Timer structure : The timer mechanism receives a tick giving a current time in ms
* a timer object will check on tick reception if it must fire or not
......@@ -149,7 +153,7 @@ struct bzrtpChannelContext_struct {
void (*hashFunction)(const uint8_t *input, size_t inputLength, uint8_t hashLength, uint8_t *output); /**< function pointer to the agreed hash function */
void (*cipherEncryptionFunction)(const uint8_t *key, const uint8_t *IV, const uint8_t *input, size_t inputLength, uint8_t *output); /**< function pointer to the agreed cipher block function, encryption mode */
void (*cipherDecryptionFunction)(const uint8_t *key, const uint8_t *IV, const uint8_t *input, size_t inputLength, uint8_t *output); /**< function pointer to the agreed cipher block function, decryption mode */
void (*sasFunction)(uint32_t sas, char output[4]); /**< function pointer to the agreed sas rendering function */
void (*sasFunction)(uint32_t sas, char * output, int outputSize); /**< function pointer to the agreed sas rendering function */
/* keys */
uint8_t *s0; /**< the s0 as describred rfc section 4.4 - have a length of hashLength */
......
......@@ -74,7 +74,8 @@ uint8_t bzrtpCrypto_getAvailableCryptoTypes(uint8_t algoType, uint8_t availableT
break;
case ZRTP_SAS_TYPE: /* the SAS function is implemented in cryptoUtils.c and then is not directly linked to the polarSSL crypto wrapper */
availableTypes[0] = ZRTP_SAS_B32;
return 1;
availableTypes[1] = ZRTP_SAS_B256;
return 2;
break;
default:
return 0;
......
......@@ -79,15 +79,25 @@ int bzrtp_keyDerivationFunction(uint8_t *key, uint16_t keyLength,
return 0;
}
/* Base32 function. Code from rfc section 5.1.6 */
void bzrtp_base32(uint32_t sas, char output[4]) {
void bzrtp_base32(uint32_t sas, char *output, int outputSize) {
int i, n, shift;
for (i=0,shift=27; i!=4; ++i,shift-=5) {
n = (sas>>shift) & 31;
output[i] = "ybndrfg8ejkmcpqxot1uwisza345h769"[n];
}
output[4] = '\0';
}
/* Base256 function. Code from rfc section 5.1.6 */
void bzrtp_base256(uint32_t sas, char *output, int outputSize) {
// generate indexes and copy the appropriate words
int evenIndex = (sas >> 24) & 0xFF;
int oddIndex = (sas >> 16) & 0xFF;
snprintf(output, outputSize, "%s:%s", pgpWordsEven[evenIndex], pgpWordsOdd[oddIndex]);
}
uint32_t CRC32LookupTable[256] = {
......@@ -411,7 +421,12 @@ int updateCryptoFunctionPointers(bzrtpChannelContext_t *zrtpChannelContext) {
switch(zrtpChannelContext->sasAlgo) {
case ZRTP_SAS_B32:
zrtpChannelContext->sasFunction = bzrtp_base32;
zrtpChannelContext->sasLength = 4;
// extend 4 byte b32 length to include null terminator
zrtpChannelContext->sasLength = 5;
break;
case ZRTP_SAS_B256:
zrtpChannelContext->sasFunction = bzrtp_base256;
zrtpChannelContext->sasLength = 32;
break;
case ZRTP_UNSET_ALGO :
zrtpChannelContext->sasFunction = NULL;
......
// https://tools.ietf.org/html/rfc6189
// For the SAS Type of "B256", the most-significant (leftmost) 16 bits
// of the 32-bit sasvalue are rendered in network byte order using the
// PGP Word List [pgpwordlist] [Juola1][Juola2].
const char * pgpWordsEven[] =
{
"aardvark",
"absurd",
"accrue",
"acme",
"adrift",
"adult",
"afflict",
"ahead",
"aimless",
"Algol",
"allow",
"alone",
"ammo",
"ancient",
"apple",
"artist",
"assume",
"Athens",
"atlas",
"Aztec",
"baboon",
"backfield",
"backward",
"banjo",
"beaming",
"bedlamp",
"beehive",
"beeswax",
"befriend",
"Belfast",
"berserk",
"billiard",
"bison",
"blackjack",
"blockade",
"blowtorch",
"bluebird",
"bombast",
"bookshelf",
"brackish",
"breadline",
"breakup",
"brickyard",
"briefcase",
"Burbank",
"button",
"buzzard",
"cement",
"chairlift",
"chatter",
"checkup",
"chisel",
"choking",
"chopper",
"Christmas",
"clamshell",
"classic",
"classroom",
"cleanup",
"clockwork",
"cobra",
"commence",
"concert",
"cowbell",
"crackdown",
"cranky",
"crowfoot",
"crucial",
"crumpled",
"crusade",
"cubic",
"dashboard",
"deadbolt",
"deckhand",
"dogsled",
"dragnet",
"drainage",
"dreadful",
"drifter",
"dropper",
"drumbeat",
"drunken",
"Dupont",
"dwelling",
"eating",
"edict",
"egghead",
"eightball",
"endorse",
"endow",
"enlist",
"erase",
"escape",
"exceed",
"eyeglass",
"eyetooth",
"facial",
"fallout",
"flagpole",
"flatfoot",
"flytrap",
"fracture",
"framework",
"freedom",
"frighten",
"gazelle",
"Geiger",
"glitter",
"glucose",
"goggles",
"goldfish",
"gremlin",
"guidance",
"hamlet",
"highchair",
"hockey",
"indoors",
"indulge",
"inverse",
"involve",
"island",
"jawbone",
"keyboard",
"kickoff",
"kiwi",
"klaxon",
"locale",
"lockup",
"merit",
"minnow",
"miser",
"Mohawk",
"mural",
"music",
"necklace",
"Neptune",
"newborn",
"nightbird",
"Oakland",
"obtuse",
"offload",
"optic",
"orca",
"payday",
"peachy",
"pheasant",
"physique",
"playhouse",
"Pluto",
"preclude",
"prefer",
"preshrunk",
"printer",
"prowler",
"pupil",
"puppy",
"python",
"quadrant",
"quiver",
"quota",
"ragtime",
"ratchet",
"rebirth",
"reform",
"regain",
"reindeer",
"rematch",
"repay",
"retouch",
"revenge",
"reward",
"rhythm",
"ribcage",
"ringbolt",
"robust",
"rocker",
"ruffled",
"sailboat",
"sawdust",
"scallion",
"scenic",
"scorecard",
"Scotland",
"seabird",
"select",
"sentence",
"shadow",
"shamrock",
"showgirl",
"skullcap",
"skydive",
"slingshot",
"slowdown",
"snapline",
"snapshot",
"snowcap",
"snowslide",
"solo",
"southward",
"soybean",
"spaniel",
"spearhead",
"spellbind",
"spheroid",
"spigot",
"spindle",
"spyglass",
"stagehand",
"stagnate",
"stairway",
"standard",
"stapler",
"steamship",
"sterling",
"stockman",
"stopwatch",
"stormy",
"sugar",
"surmount",
"suspense",
"sweatband",
"swelter",
"tactics",
"talon",
"tapeworm",
"tempest",
"tiger",
"tissue",
"tonic",
"topmost",
"tracker",
"transit",
"trauma",
"treadmill",
"Trojan",
"trouble",
"tumor",
"tunnel",
"tycoon",
"uncut",
"unearth",
"unwind",
"uproot",
"upset",
"upshot",
"vapor",
"village",
"virus",
"Vulcan",
"waffle",
"wallet",
"watchword",
"wayside",
"willow",
"woodlark",
"Zulu"
};
const char * pgpWordsOdd[] =
{
"adroitness",
"adviser",
"aftermath",
"aggregate",
"alkali",
"almighty",
"amulet",
"amusement",
"antenna",
"applicant",
"Apollo",
"armistice",
"article",
"asteroid",
"Atlantic",
"atmosphere",
"autopsy",
"Babylon",
"backwater",
"barbecue",
"belowground",
"bifocals",
"bodyguard",
"bookseller",
"borderline",
"bottomless",
"Bradbury",
"bravado",
"Brazilian",
"breakaway",
"Burlington",
"businessman",
"butterfat",
"Camelot",
"candidate",
"cannonball",
"Capricorn",
"caravan",
"caretaker",
"celebrate",
"cellulose",
"certify",
"chambermaid",
"Cherokee",
"Chicago",
"clergyman",
"coherence",
"combustion",
"commando",
"company",
"component",
"concurrent",
"confidence",
"conformist",
"congregate",
"consensus",
"consulting",
"corporate",
"corrosion",
"councilman",
"crossover",
"crucifix",
"cumbersome",
"customer",
"Dakota",
"decadence",
"December",
"decimal",
"designing",
"detector",
"detergent",
"determine",
"dictator",
"dinosaur",
"direction",
"disable",
"disbelief",
"disruptive",
"distortion",
"document",
"embezzle",
"enchanting",
"enrollment",
"enterprise",
"equation",
"equipment",
"escapade",
"Eskimo",
"everyday",
"examine",
"existence",
"exodus",
"fascinate",
"filament",
"finicky",
"forever",
"fortitude",
"frequency",
"gadgetry",
"Galveston",
"getaway",
"glossary",
"gossamer",
"graduate",
"gravity",
"guitarist",
"hamburger",
"Hamilton",
"handiwork",
"hazardous",
"headwaters",
"hemisphere",
"hesitate",
"hideaway",
"holiness",
"hurricane",
"hydraulic",
"impartial",
"impetus",
"inception",
"indigo",
"inertia",
"infancy",
"inferno",
"informant",
"insincere",
"insurgent",
"integrate",
"intention",
"inventive",
"Istanbul",
"Jamaica",
"Jupiter",
"leprosy",
"letterhead",
"liberty",
"maritime",
"matchmaker",
"maverick",
"Medusa",
"megaton",
"microscope",
"microwave",
"midsummer",
"millionaire",
"miracle",
"misnomer",
"molasses",
"molecule",
"Montana",
"monument",
"mosquito",
"narrative",
"nebula",
"newsletter",
"Norwegian",
"October",
"Ohio",
"onlooker",
"opulent",
"Orlando",
"outfielder",
"Pacific",
"pandemic",
"Pandora",
"paperweight",
"paragon",
"paragraph",
"paramount",
"passenger",
"pedigree",
"Pegasus",
"penetrate",
"perceptive",
"performance",
"pharmacy",
"phonetic",
"photograph",
"pioneer",
"pocketful",
"politeness",
"positive",
"potato",
"processor",
"provincial",
"proximate",
"puberty",
"publisher",
"pyramid",
"quantity",
"racketeer",
"rebellion",
"recipe",
"recover",
"repellent",
"replica",
"reproduce",
"resistor",
"responsive",
"retraction",
"retrieval",
"retrospect",
"revenue",
"revival",
"revolver",
"sandalwood",
"sardonic",
"Saturday",
"savagery",
"scavenger",
"sensation",
"sociable",
"souvenir",
"specialist",
"speculate",
"stethoscope",
"stupendous",
"supportive",
"surrender",
"suspicious",
"sympathy",
"tambourine",
"telephone",
"therapist",
"tobacco",
"tolerance",
"tomorrow",
"torpedo",
"tradition",
"travesty",
"trombonist",
"truncated",
"typewriter",
"ultimate",
"undaunted",
"underfoot",
"unicorn",
"unify",
"universe",
"unravel",
"upcoming",
"vacancy",
"vagabond",
"vertigo",
"Virginia",
"visitor",
"vocalist",
"voyager",
"warranty",
"Waterloo",
"whimsical",
"Wichita",
"Wilmington",
"Wyoming",
"yesteryear",
"Yucatan"
};
......@@ -2117,7 +2117,8 @@ int bzrtp_deriveSrtpKeysFromS0(bzrtpContext_t *zrtpContext, bzrtpChannelContext_
sasValue = ((uint32_t)sasHash[0]<<24) | ((uint32_t)sasHash[1]<<16) | ((uint32_t)sasHash[2]<<8) | ((uint32_t)(sasHash[3]));
zrtpChannelContext->srtpSecrets.sasLength = zrtpChannelContext->sasLength;
zrtpChannelContext->srtpSecrets.sas = (char *)malloc((zrtpChannelContext->sasLength)*sizeof(char)); /*this shall take in account the selected representation algo for SAS */
zrtpChannelContext->sasFunction(sasValue, zrtpChannelContext->srtpSecrets.sas);
zrtpChannelContext->sasFunction(sasValue, zrtpChannelContext->srtpSecrets.sas, zrtpChannelContext->sasLength);
}
return 0;
......
......@@ -327,7 +327,7 @@ void test_parserComplete() {
uint8_t alice_sasHash[32];
uint8_t bob_sasHash[32];
uint32_t sasValue;
char sas[4];
char sas[32];
bzrtpPacket_t *bob_Confirm1;
bzrtpPacket_t *alice_Confirm1FromBob;
bzrtpConfirmMessage_t *alice_Confirm1FromBob_message=NULL;
......@@ -1091,12 +1091,12 @@ void test_parserComplete() {
/* display SAS (we shall not do this now but after the confirm message exchanges) */
sasValue = ((uint32_t)alice_sasHash[0]<<24) | ((uint32_t)alice_sasHash[1]<<16) | ((uint32_t)alice_sasHash[2]<<8) | ((uint32_t)(alice_sasHash[3]));
contextAlice->channelContext[0]->sasFunction(sasValue, sas);
contextAlice->channelContext[0]->sasFunction(sasValue, sas, 5);
printf("Alice SAS is %.4s\n", sas);
sasValue = ((uint32_t)bob_sasHash[0]<<24) | ((uint32_t)bob_sasHash[1]<<16) | ((uint32_t)bob_sasHash[2]<<8) | ((uint32_t)(bob_sasHash[3]));
contextBob->channelContext[0]->sasFunction(sasValue, sas);
contextBob->channelContext[0]->sasFunction(sasValue, sas, 5);
printf("Bob SAS is %.4s\n", sas);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment