1 /* 2 Copyright (C) 2006-2013 Werner Dittmann 3 4 This program is free software: you can redistribute it and/or modify 5 it under the terms of the GNU Lesser General Public License as published by 6 the Free Software Foundation, either version 3 of the License, or 7 (at your option) any later version. 8 9 This program is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 GNU General Public License for more details. 13 14 You should have received a copy of the GNU General Public License 15 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 */ 17 18 /* 19 * Authors: Werner Dittmann <Werner.Dittmann@t-online.de> 20 */ 21 22 #ifndef ZRTPPACKET_H 23 #define ZRTPPACKET_H 24 25 /** 26 * 27 * @file zrtpPacket.h 28 * @brief The data structures and definitions for ZRTP messages 29 * 30 * This include file defines the ZRTP message structures. Refer to 31 * chapter 5 of the ZRTP specification which defines the ZRTP messages and 32 * the transport format. 33 * 34 * @ingroup GNU_ZRTP 35 * @{ 36 */ 37 38 #include <stdio.h> 39 40 /** 41 * The following defines match the ZRTP specification, chapter 5 42 */ 43 #define ZRTP_MAGIC 0x5a525450 44 45 #define ZRTP_WORD_SIZE 4 46 #define CRC_SIZE 4 47 48 #define TYPE_SIZE (2*ZRTP_WORD_SIZE) 49 #define CLIENT_ID_SIZE (4*ZRTP_WORD_SIZE) 50 #define HASH_IMAGE_SIZE (8*ZRTP_WORD_SIZE) 51 #define ZID_SIZE (3*ZRTP_WORD_SIZE) 52 #define HVI_SIZE (8*ZRTP_WORD_SIZE) 53 #define HMAC_SIZE (2*ZRTP_WORD_SIZE) 54 #define ID_SIZE (2*ZRTP_WORD_SIZE) 55 #define IV_SIZE (4*ZRTP_WORD_SIZE) 56 #define PING_HASH_SIZE (2*ZRTP_WORD_SIZE) 57 58 59 /** 60 * The ZRTP message header 61 * 62 * A complete ZRTP message always consists of the ZRTP header 63 * and a message specific part. This specific part may have a variable 64 * length. The length field includes the header. 65 */ 66 typedef struct zrtpPacketHeader { 67 uint16_t zrtpId; ///< Id to identify the message, always 0x505a 68 uint16_t length; ///< Length of the ZRTP message in words 69 uint8_t messageType[TYPE_SIZE]; ///< 2 word (8 octest) message type in ASCII 70 } zrtpPacketHeader_t; 71 72 /** 73 * Hello message, fixed part. 74 * 75 * The complete Hello message consists of ZRTP message header, Hello fixed 76 * part and a variable part. The Hello class initializes the variable part. 77 */ 78 typedef struct Hello { 79 uint8_t version[ZRTP_WORD_SIZE]; ///< Announces the ZRTP protocol version 80 uint8_t clientId[CLIENT_ID_SIZE]; ///< A 4 word ASCII identifier of the ZRTP client 81 uint8_t hashH3[HASH_IMAGE_SIZE]; ///< The last hash of the hash chain (chap. 9) 82 uint8_t zid[ZID_SIZE]; ///< ZID - 3 word identifier for the ZRTP endpoint 83 uint8_t flags; ///< flag bits (chap 7.2) 84 uint8_t lengths[3]; ///< number of algorithms present 85 } Hello_t; 86 87 /** 88 * The complete ZRTP Hello message. 89 */ 90 typedef struct HelloPacket { 91 zrtpPacketHeader_t hdr; ///< ZRTP Header 92 Hello_t hello; ///< Fixed part of Hello message 93 } HelloPacket_t; 94 95 /** 96 * HelloAck message. 97 * 98 * The complete HelloAck message consists of ZRTP message header and 99 * the CRC which is the only HelloAck specific data. 100 */ 101 typedef struct HelloAckPacket { 102 zrtpPacketHeader_t hdr; ///< ZRTP Header 103 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 104 } HelloAckPacket_t; 105 106 /** 107 * Commit message 108 * 109 * There are three subtypes of Commit messages, each of which 110 * has a fixed size. The data structure defines the maximum 111 * Commit message. During the ZRTP protocol the implementation 112 * uses fileds according to the use case (DH handshake, 113 * Multi-stream handshake) and adjusts the length. 114 */ 115 typedef struct Commit { 116 uint8_t hashH2[HASH_IMAGE_SIZE]; ///< The second hash of the hash chain (chap. 9) 117 uint8_t zid[ZID_SIZE]; ///< ZID - 3 word identifier for the ZRTP endpoint 118 uint8_t hash[ZRTP_WORD_SIZE]; ///< Commited hash algorithm 119 uint8_t cipher[ZRTP_WORD_SIZE]; ///< Commited symmetrical cipher algorithm 120 uint8_t authlengths[ZRTP_WORD_SIZE]; ///< Commited SRTP authentication algorithm 121 uint8_t pubkey[ZRTP_WORD_SIZE]; ///< Commited key agreement algorithm 122 uint8_t sas[ZRTP_WORD_SIZE]; ///< Commited SAS algorithm 123 uint8_t hvi[HVI_SIZE]; ///< Hash value Initiator - chap 4.4.1.1 124 uint8_t hmac[HMAC_SIZE]; ///< MAC of the Commit message 125 } Commit_t; 126 127 /** 128 * The complete ZRTP Commit message. 129 */ 130 typedef struct CommitPacket { 131 zrtpPacketHeader_t hdr; ///< ZRTP Header 132 Commit_t commit; ///< Commit message 133 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 134 } CommitPacket_t; 135 136 /** 137 * DHPart1 and DHPart2 messages 138 * 139 * The DHPart messages have a variable length. The following struct 140 * defines the fixed part only. The DHPart class initializes the 141 * variable part. 142 */ 143 typedef struct DHPart { 144 uint8_t hashH1[HASH_IMAGE_SIZE]; ///< The first hash of the hash chain (chap. 9) 145 uint8_t rs1Id[ID_SIZE]; ///< Id of first retained secret 146 uint8_t rs2Id[ID_SIZE]; ///< Id of second retained secret 147 uint8_t auxSecretId[ID_SIZE]; ///< Id of additional (auxilliary) secret 148 uint8_t pbxSecretId[ID_SIZE]; ///< Id of PBX secret (chap 7.3.1) 149 } DHPart_t; 150 151 /** 152 * The complete ZRTP DHPart message. 153 */ 154 typedef struct DHPartPacket { 155 zrtpPacketHeader_t hdr; ///< ZRTP Header 156 DHPart_t dhPart; ///< DHPart message fixed part 157 } DHPartPacket_t; 158 159 /** 160 * Confirm1 and Confirm2 messages 161 * 162 * The Confirm message have a variable length. The following struct 163 * defines the fixed part only. The Confirm class initializes the 164 * variable part. 165 * 166 * ZRTP encrypts a part of the Confirm messages, starting at @c hashH0 167 * and includes the variable part. 168 */ 169 typedef struct Confirm { 170 uint8_t hmac[HMAC_SIZE]; ///< MAC over the encrypted part of Commit message 171 uint8_t iv[IV_SIZE]; ///< IV for CFB mode to encrypt part of Commit 172 uint8_t hashH0[HASH_IMAGE_SIZE]; ///< starting hash of hash chain (chap. 9) 173 uint8_t filler[2]; ///< Filler bytes 174 uint8_t sigLength; ///< Length of an optional signature length (chap 7.2) 175 uint8_t flags; ///< various flags to control behaviour 176 uint32_t expTime; ///< Expiration time of retained secrets (chap 4.9) 177 } Confirm_t; 178 179 /** 180 * The complete ZRTP Confirm message. 181 */ 182 typedef struct ConfirmPacket { 183 zrtpPacketHeader_t hdr; ///< ZRTP Header 184 Confirm_t confirm; ///< Confirm message fixed part 185 } ConfirmPacket_t; 186 187 /** 188 * Conf2Ack message. 189 * 190 * The complete Conf2Ack message consists of ZRTP message header and 191 * the CRC which is the only Conf2Ack specific data. 192 */ 193 typedef struct Conf2AckPacket { 194 zrtpPacketHeader_t hdr; ///< ZRTP Header 195 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 196 } Conf2AckPacket_t; 197 198 /** 199 * The GoClear message is currently not used in 200 * GNU ZRTP C++ - not support for GoClear. 201 */ 202 typedef struct GoClear { 203 uint8_t clearHmac[HMAC_SIZE]; ///< no used 204 } GoClear_t; 205 206 /** 207 * The complete ZRTP GoClear message - no used. 208 */ 209 typedef struct GoClearPacket { 210 zrtpPacketHeader_t hdr; ///< ZRTP Header 211 GoClear_t goClear; ///< not used 212 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 213 } GoClearPacket_t; 214 215 /** 216 * The ClearAck message is currently not used in 217 * GNU ZRTP C++ - not support for GoClear. 218 */ 219 typedef struct ClearAckPacket { 220 zrtpPacketHeader_t hdr; ///< ZRTP Header 221 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 222 } ClearAckPacket_t; 223 224 /** 225 * The Error message 226 */ 227 typedef struct Error { 228 uint32_t errorCode; ///< Error code, see chap 5.9 229 } Error_t; 230 231 /** 232 * The complete ZRTP Error message. 233 */ 234 typedef struct ErrorPacket { 235 zrtpPacketHeader_t hdr; ///< ZRTP Header 236 Error_t error; ///< Error message part 237 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 238 } ErrorPacket_t; 239 240 /** 241 * ErrorAck message. 242 * 243 * The complete ErrorAck message consists of ZRTP message header and 244 * the CRC which is the only ErrorAck specific data. 245 */ 246 typedef struct ErrorAckPacket { 247 zrtpPacketHeader_t hdr; ///< ZRTP Header 248 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 249 } ErrorAckPacket_t; 250 251 /** 252 * Ping message. 253 * 254 * The Ping message has a fixed size. 255 */ 256 typedef struct Ping { 257 uint8_t version[ZRTP_WORD_SIZE]; ///< The ZRTP protocol version 258 uint8_t epHash[PING_HASH_SIZE]; ///< End point hash, see chap 5.16 259 } Ping_t; 260 261 /** 262 * The complete ZRTP Ping message. 263 */ 264 typedef struct PingPacket { 265 zrtpPacketHeader_t hdr; ///< ZRTP Header 266 Ping_t ping; ///< Ping message part 267 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 268 } PingPacket_t; 269 270 /** 271 * PingAck message. 272 * 273 * The PingAck message has a fixed size. 274 */ 275 typedef struct PingAck { 276 uint8_t version[ZRTP_WORD_SIZE]; ///< The ZRTP protocol version 277 uint8_t localEpHash[PING_HASH_SIZE]; ///< Local end point hash, see chap 5.16 278 uint8_t remoteEpHash[PING_HASH_SIZE]; ///< Remote end point hash, see chap 5.16 279 uint32_t ssrc; ///< SSRC copied from the Ping message (RTP packet part) 280 } PingAck_t; 281 282 /** 283 * The complete ZRTP PingAck message. 284 */ 285 typedef struct PingAckPacket { 286 zrtpPacketHeader_t hdr; ///< ZRTP Header 287 PingAck_t pingAck; ///< PingAck message part 288 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 289 } PingAckPacket_t; 290 291 /** 292 * SASrelay message 293 * 294 * The SASrelay message has a variable length. The following struct 295 * defines the fixed part only. The SASrelay class initializes the 296 * variable part. 297 * 298 * ZRTP encrypts a part of the SASrelay message, starting at @c hashH0 299 * and includes the variable part. 300 */ 301 typedef struct SASrelay { 302 uint8_t hmac[HMAC_SIZE]; ///< MAC over the encrypted part of Commit message 303 uint8_t iv[IV_SIZE]; ///< IV for CFB mode to encrypt part of Commit 304 uint8_t filler[2]; ///< Filler bytes 305 uint8_t sigLength; ///< Length of an optional signature length (chap 7.2) 306 uint8_t flags; ///< various flags to control behaviour 307 uint8_t sas[ZRTP_WORD_SIZE]; ///< SAS algorithm to use 308 uint8_t trustedSasHash[HASH_IMAGE_SIZE]; ///< New trusted SAS hash for enrolled client 309 } SASrelay_t; 310 311 /** 312 * The complete ZRTP SASrelay message. 313 */ 314 typedef struct SASrelayPacket { 315 zrtpPacketHeader_t hdr; ///< ZRTP Header 316 SASrelay_t sasrelay; ///< SASrelay message fixed part 317 } SASrelayPacket_t; 318 319 /** 320 * RelayAck message. 321 * 322 * The complete RelayAck message consists of ZRTP message header and 323 * the CRC which is the only RelayAck specific data. 324 */ 325 typedef struct RelayAckPacket { 326 zrtpPacketHeader_t hdr; ///< ZRTP Header 327 uint8_t crc[ZRTP_WORD_SIZE]; ///< CRC of ZRTP message 328 } RelayAckPacket_t; 329 330 #endif // ZRTPPACKET_H 331 332 /** 333 * @} 334 */ 335 336 /** EMACS ** 337 * Local variables: 338 * mode: c++ 339 * c-default-style: ellemtel 340 * c-basic-offset: 4 341 * End: 342 */ 343