1 /** @file ZrtpCodes.h 2 */ 3 /* 4 Copyright (C) 2006-2013 Werner Dittmann 5 6 This program is free software: you can redistribute it and/or modify 7 it under the terms of the Lesser GNU General Public License as published by 8 the Free Software Foundation, either version 3 of the License, or 9 (at your option) any later version. 10 11 This program is distributed in the hope that it will be useful, 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with this program. If not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #ifndef _ZRTPCODES_H_ 21 #define _ZRTPCODES_H_ 22 /** 23 * @file ZrtpCodes.h 24 * @brief The ZRTP info, warning, error codes, and other contants and enums that applications may use. 25 * @ingroup GNU_ZRTP 26 * @{ 27 */ 28 29 namespace GnuZrtpCodes { 30 /** 31 * \namespace GnuZrtpCodes 32 * 33 * This enum defines the information message severity. 34 * 35 * The ZRTP implementation issues information messages to inform the user 36 * about ongoing processing, unusual behavior, or alerts in case of severe 37 * problems. Each main severity code a number of sub-codes exist that 38 * specify the exact nature of the problem. 39 * 40 * An application gets message severity codes and the associated sub-codes 41 * via the ZrtpUserCallback#showMessage method. 42 * 43 * The severity levels and their meaning are: 44 * 45 * <dl> 46 * <dt>Info</dt> <dd>keeps the user informed about ongoing processing and 47 * security setup. The enumeration InfoCodes defines the subcodes. 48 * </dd> 49 * <dt>Warning</dt> <dd>is an information about some security issues, e.g. if 50 * an AES 256 encryption is request but only DH 3072 as public key scheme 51 * is supported. ZRTP will establish a secure session (SRTP). The 52 * enumeration WarningCodes defines the sub-codes. 53 * </dd> 54 * <dt>Severe</dt> <dd>is used if an error occured during ZRTP protocol usage. 55 * In case of <em>Severe</em> ZRTP will <b>not</b> establish a secure session. 56 * The enumeration SevereCodes defines the sub-codes. 57 * </dd> 58 * <dt>Zrtp</dt> <dd>shows a ZRTP security problem. Refer to the enumeration 59 * ZrtpErrorCodes for sub-codes. GNU ZRTP of course will <b>not</b> 60 * establish a secure session. 61 * </dd> 62 * </dl> 63 * 64 */ 65 enum MessageSeverity { 66 Info = 1, 67 Warning, 68 Severe, 69 ZrtpError 70 }; 71 72 /** 73 * Sub-codes for Info 74 */ 75 enum InfoCodes { 76 InfoHelloReceived = 1, //!< Hello received and prepared a Commit, ready to get peer's hello hash 77 InfoCommitDHGenerated, //!< Commit: Generated a public DH key 78 InfoRespCommitReceived, //!< Responder: Commit received, preparing DHPart1 79 InfoDH1DHGenerated, //!< DH1Part: Generated a public DH key 80 InfoInitDH1Received, //!< Initiator: DHPart1 received, preparing DHPart2 81 InfoRespDH2Received, //!< Responder: DHPart2 received, preparing Confirm1 82 InfoInitConf1Received, //!< Initiator: Confirm1 received, preparing Confirm2 83 InfoRespConf2Received, //!< Responder: Confirm2 received, preparing Conf2Ack 84 InfoRSMatchFound, //!< At least one retained secrets matches - security OK 85 InfoSecureStateOn, //!< Entered secure state 86 InfoSecureStateOff //!< No more security for this session 87 }; 88 89 /** 90 * Sub-codes for Warning 91 */ 92 enum WarningCodes { 93 WarningDHAESmismatch = 1, //!< Commit contains an AES256 cipher but does not offer a Diffie-Helman 4096 - not used DH4096 was discarded 94 WarningGoClearReceived, //!< Received a GoClear message 95 WarningDHShort, //!< Hello offers an AES256 cipher but does not offer a Diffie-Helman 4096- not used DH4096 was discarded 96 WarningNoRSMatch, //!< No retained shared secrets available - must verify SAS 97 WarningCRCmismatch, //!< Internal ZRTP packet checksum mismatch - packet dropped 98 WarningSRTPauthError, //!< Dropping packet because SRTP authentication failed! 99 WarningSRTPreplayError, //!< Dropping packet because SRTP replay check failed! 100 WarningNoExpectedRSMatch, //!< Valid retained shared secrets availabe but no matches found - must verify SAS 101 WarningNoExpectedAuxMatch //!< Our AUX secret was set but the other peer's AUX secret does not match ours 102 }; 103 104 /** 105 * Sub-codes for Severe 106 */ 107 enum SevereCodes { 108 SevereHelloHMACFailed = 1, //!< Hash HMAC check of Hello failed! 109 SevereCommitHMACFailed, //!< Hash HMAC check of Commit failed! 110 SevereDH1HMACFailed, //!< Hash HMAC check of DHPart1 failed! 111 SevereDH2HMACFailed, //!< Hash HMAC check of DHPart2 failed! 112 SevereCannotSend, //!< Cannot send data - connection or peer down? 113 SevereProtocolError, //!< Internal protocol error occured! 114 SevereNoTimer, //!< Cannot start a timer - internal resources exhausted? 115 SevereTooMuchRetries //!< Too much retries during ZRTP negotiation - connection or peer down? 116 }; 117 118 /** 119 * Error codes according to the ZRTP specification chapter 6.9 120 * 121 * GNU ZRTP uses these error codes in two ways: to fill the appropriate 122 * field ing the ZRTP Error packet and as sub-code in 123 * ZrtpUserCallback#showMessage(). GNU ZRTP uses thes error codes also 124 * to report received Error packts, in this case the sub-codes are their 125 * negative values. 126 * 127 * The enumeration member comments are copied from the ZRTP specification. 128 */ 129 enum ZrtpErrorCodes { 130 MalformedPacket = 0x10, //!< Malformed packet (CRC OK, but wrong structure) 131 CriticalSWError = 0x20, //!< Critical software error 132 UnsuppZRTPVersion = 0x30, //!< Unsupported ZRTP version 133 HelloCompMismatch = 0x40, //!< Hello components mismatch 134 UnsuppHashType = 0x51, //!< Hash type not supported 135 UnsuppCiphertype = 0x52, //!< Cipher type not supported 136 UnsuppPKExchange = 0x53, //!< Public key exchange not supported 137 UnsuppSRTPAuthTag = 0x54, //!< SRTP auth. tag not supported 138 UnsuppSASScheme = 0x55, //!< SAS scheme not supported 139 NoSharedSecret = 0x56, //!< No shared secret available, DH mode required 140 DHErrorWrongPV = 0x61, //!< DH Error: bad pvi or pvr ( == 1, 0, or p-1) 141 DHErrorWrongHVI = 0x62, //!< DH Error: hvi != hashed data 142 SASuntrustedMiTM = 0x63, //!< Received relayed SAS from untrusted MiTM 143 ConfirmHMACWrong = 0x70, //!< Auth. Error: Bad Confirm pkt HMAC 144 NonceReused = 0x80, //!< Nonce reuse 145 EqualZIDHello = 0x90, //!< Equal ZIDs in Hello 146 GoCleatNotAllowed = 0x100, //!< GoClear packet received, but not allowed 147 IgnorePacket = 0x7fffffff 148 }; 149 150 /** 151 * Information codes for the Enrollment user callbacks. 152 */ 153 enum InfoEnrollment { 154 EnrollmentRequest = 0, //!< Aks user to confirm or deny an Enrollemnt request 155 EnrollmentReconfirm, //!< User already enrolled, ask re-confirmation 156 EnrollmentCanceled, //!< User did not confirm the PBX enrollement 157 EnrollmentFailed, //!< Enrollment process failed, no PBX secret available 158 EnrollmentOk //!< Enrollment process for this PBX was ok 159 }; 160 161 /** 162 * Offsets into the ZRTP counter array. 163 * 164 */ 165 //!< How many Hello packet retries in detect state 166 #define HelloRetry 0 167 //!< How many Hello packet retries in Ack sent state 168 #define HelloRetryAck 1 169 //!< How many Commit packet retries 170 #define CommitRetry 2 171 //!< How many DhPart2 packet retries 172 #define DhPart2Retry 3 173 //!< How many Confirm2 packet retries 174 #define Confirm2Retry 4 175 //!< How many Error packet retries 176 #define ErrorRetry 5 177 178 179 180 } 181 182 /** 183 * @brief Codes and structure for SRTP error trace data 184 */ 185 186 #define RTP_HEADER_LENGTH 12 187 188 typedef enum { 189 DecodeError = 1, 190 ReplayError = 2, 191 AuthError = 3 192 } SrtpErrorType; 193 194 /** 195 * @brief Trace data of SRTP packet in case of unprotect error. 196 */ 197 typedef struct _SrtpErrorData { 198 SrtpErrorType errorType; 199 uint32_t rtpHeader[RTP_HEADER_LENGTH / sizeof(uint32_t)]; 200 size_t length; 201 uint64_t guessedIndex; 202 } SrtpErrorData; 203 204 205 /** 206 * @} 207 */ 208 #endif 209