Commit c1aeb8e3 authored by eburke's avatar eburke Committed by johan

enabled b256 SAS, added pgpwords file, modified bzrtp_base32 signature, added bzrtp_base256

Signed-off-by: johan's avatarJohan Pascal <>
parent 23aaa5b4
......@@ -71,7 +71,17 @@ int bzrtp_keyDerivationFunction(uint8_t *key, uint16_t keyLength,
* @param[out] output The 4 chars string to be displayed to user for vocal confirmation
void bzrtp_base32(uint32_t sas, char output[4]);
void bzrtp_base32(uint32_t sas, char *output, int outputSize);
* @brief SAS rendering from 32 bits to pgp word list
* Function defined in rfc section 5.1.6
* @param[in] sas The 32 bits SAS
* @param[out] output The output list. Passed in array must be at least 32 bytes
void bzrtp_base256(uint32_t sas, char *output, int outputSize);
* @brief CRC32 as defined in RFC4960 Appendix B - Polynomial is 0x1EDC6F41
......@@ -65,6 +65,10 @@ typedef struct bzrtpChannelContext_struct bzrtpChannelContext_t;
/* pgp word list for use with SAS */
extern const char * pgpWordsEven[];
extern const char * pgpWordsOdd[];
* @brief Timer structure : The timer mechanism receives a tick giving a current time in ms
* a timer object will check on tick reception if it must fire or not
......@@ -149,7 +153,7 @@ struct bzrtpChannelContext_struct {
void (*hashFunction)(const uint8_t *input, size_t inputLength, uint8_t hashLength, uint8_t *output); /**< function pointer to the agreed hash function */
void (*cipherEncryptionFunction)(const uint8_t *key, const uint8_t *IV, const uint8_t *input, size_t inputLength, uint8_t *output); /**< function pointer to the agreed cipher block function, encryption mode */
void (*cipherDecryptionFunction)(const uint8_t *key, const uint8_t *IV, const uint8_t *input, size_t inputLength, uint8_t *output); /**< function pointer to the agreed cipher block function, decryption mode */
void (*sasFunction)(uint32_t sas, char output[4]); /**< function pointer to the agreed sas rendering function */
void (*sasFunction)(uint32_t sas, char * output, int outputSize); /**< function pointer to the agreed sas rendering function */
/* keys */
uint8_t *s0; /**< the s0 as describred rfc section 4.4 - have a length of hashLength */
......@@ -74,7 +74,8 @@ uint8_t bzrtpCrypto_getAvailableCryptoTypes(uint8_t algoType, uint8_t availableT
case ZRTP_SAS_TYPE: /* the SAS function is implemented in cryptoUtils.c and then is not directly linked to the polarSSL crypto wrapper */
availableTypes[0] = ZRTP_SAS_B32;
return 1;
availableTypes[1] = ZRTP_SAS_B256;
return 2;
return 0;
......@@ -79,15 +79,25 @@ int bzrtp_keyDerivationFunction(uint8_t *key, uint16_t keyLength,
return 0;
/* Base32 function. Code from rfc section 5.1.6 */
void bzrtp_base32(uint32_t sas, char output[4]) {
void bzrtp_base32(uint32_t sas, char *output, int outputSize) {
int i, n, shift;
for (i=0,shift=27; i!=4; ++i,shift-=5) {
n = (sas>>shift) & 31;
output[i] = "ybndrfg8ejkmcpqxot1uwisza345h769"[n];
output[4] = '\0';
/* Base256 function. Code from rfc section 5.1.6 */
void bzrtp_base256(uint32_t sas, char *output, int outputSize) {
// generate indexes and copy the appropriate words
int evenIndex = (sas >> 24) & 0xFF;
int oddIndex = (sas >> 16) & 0xFF;
snprintf(output, outputSize, "%s:%s", pgpWordsEven[evenIndex], pgpWordsOdd[oddIndex]);
uint32_t CRC32LookupTable[256] = {
......@@ -411,7 +421,12 @@ int updateCryptoFunctionPointers(bzrtpChannelContext_t *zrtpChannelContext) {
switch(zrtpChannelContext->sasAlgo) {
case ZRTP_SAS_B32:
zrtpChannelContext->sasFunction = bzrtp_base32;
zrtpChannelContext->sasLength = 4;
// extend 4 byte b32 length to include null terminator
zrtpChannelContext->sasLength = 5;
case ZRTP_SAS_B256:
zrtpChannelContext->sasFunction = bzrtp_base256;
zrtpChannelContext->sasLength = 32;
zrtpChannelContext->sasFunction = NULL;
// For the SAS Type of "B256", the most-significant (leftmost) 16 bits
// of the 32-bit sasvalue are rendered in network byte order using the
// PGP Word List [pgpwordlist] [Juola1][Juola2].
const char * pgpWordsEven[] =
const char * pgpWordsOdd[] =
......@@ -2117,7 +2117,8 @@ int bzrtp_deriveSrtpKeysFromS0(bzrtpContext_t *zrtpContext, bzrtpChannelContext_
sasValue = ((uint32_t)sasHash[0]<<24) | ((uint32_t)sasHash[1]<<16) | ((uint32_t)sasHash[2]<<8) | ((uint32_t)(sasHash[3]));
zrtpChannelContext->srtpSecrets.sasLength = zrtpChannelContext->sasLength;
zrtpChannelContext-> = (char *)malloc((zrtpChannelContext->sasLength)*sizeof(char)); /*this shall take in account the selected representation algo for SAS */
zrtpChannelContext->sasFunction(sasValue, zrtpChannelContext->;
zrtpChannelContext->sasFunction(sasValue, zrtpChannelContext->, zrtpChannelContext->sasLength);
return 0;
......@@ -327,7 +327,7 @@ void test_parserComplete() {
uint8_t alice_sasHash[32];
uint8_t bob_sasHash[32];
uint32_t sasValue;
char sas[4];
char sas[32];
bzrtpPacket_t *bob_Confirm1;
bzrtpPacket_t *alice_Confirm1FromBob;
bzrtpConfirmMessage_t *alice_Confirm1FromBob_message=NULL;
......@@ -1091,12 +1091,12 @@ void test_parserComplete() {
/* display SAS (we shall not do this now but after the confirm message exchanges) */
sasValue = ((uint32_t)alice_sasHash[0]<<24) | ((uint32_t)alice_sasHash[1]<<16) | ((uint32_t)alice_sasHash[2]<<8) | ((uint32_t)(alice_sasHash[3]));
contextAlice->channelContext[0]->sasFunction(sasValue, sas);
contextAlice->channelContext[0]->sasFunction(sasValue, sas, 5);
printf("Alice SAS is %.4s\n", sas);
sasValue = ((uint32_t)bob_sasHash[0]<<24) | ((uint32_t)bob_sasHash[1]<<16) | ((uint32_t)bob_sasHash[2]<<8) | ((uint32_t)(bob_sasHash[3]));
contextBob->channelContext[0]->sasFunction(sasValue, sas);
contextBob->channelContext[0]->sasFunction(sasValue, sas, 5);
printf("Bob SAS is %.4s\n", sas);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment