bZRTP
bZRTP is an opensource implementation of ZRTP keys exchange protocol
Loading...
Searching...
No Matches
Functions
stateMachine.c File Reference

Functions

static int bzrtp_turnIntoResponder (bzrtpContext_t *zrtpContext, bzrtpChannelContext_t *zrtpChannelContext, bzrtpPacket_t *zrtpPacket, bzrtpCommitMessage_t *commitMessage)
 Turn the current Channel into responder role This happens when receiving a commit message when in state state_discovery_waitingForHelloAck or state_keyAgreement_sendingCommit if commit contention gives us the responder role. State will be changed to state_confirmation_responderSendingConfirm1 or state_confirmation_responderSendingDHPart1 depending on DHM or non-DHM operation mode.
 
static int bzrtp_responseToHelloMessage (bzrtpContext_t *zrtpContext, bzrtpChannelContext_t *zrtpChannelContext, bzrtpPacket_t *zrtpPacket)
 When a Hello message arrive from peer for the first time, we shall parse it to check if it match our configuration and act on the context This message may arrives when in state state_discovery_init or state_discovery_waitingForHello.
 
static int bzrtp_computeS0DHMMode (bzrtpContext_t *zrtpContext, bzrtpChannelContext_t *zrtpChannelContext)
 After the DHPart1 or DHPart2 arrives from peer, validity check and shared secret computation call this function to compute s0, KDF Context, ZRTPSess,.
 
static int bzrtp_computeS0MultiStreamMode (bzrtpContext_t *zrtpContext, bzrtpChannelContext_t *zrtpChannelContext)
 In multistream mode, when we must send a confirm1 or receive a confirm1 for the first time, call the function to compute s0, KDF context and derive mac and srtp keys.
 
static int bzrtp_deriveKeysFromS0 (bzrtpContext_t *zrtpContext, bzrtpChannelContext_t *zrtpChannelContext)
 
static int bzrtp_deriveSrtpKeysFromS0 (bzrtpContext_t *zrtpContext, bzrtpChannelContext_t *zrtpChannelContext)
 This function is called after confirm1 is received by initiator or confirm2 by responder Keys computed are: srtp self and peer keys and salt, SAS(if mode is not multistream). The whole bzrtpSrtpSecrets_t structure is ready after this call.
 
static int bzrtp_sendPacket (const bzrtpContext_t *zrtpContext, bzrtpChannelContext_t *zrtpChannelContext, bzrtpPacket_t *zrtpPacket)
 Send the given packet, if the packets holds fragments, send them all Insert the packet sequence number and compute the CRC before sending.
 
int state_discovery_init (bzrtpEvent_t event)
 This is the initial state On first call, we will create the Hello message and start sending it until we receive an helloACK or a hello message from peer.
 
int state_discovery_waitingForHello (bzrtpEvent_t event)
 Arrives in this state coming from init upon reception on Hello ACK, we are now waiting for the Hello packet from peer.
 
int state_discovery_waitingForHelloAck (bzrtpEvent_t event)
 We are now waiting for the HelloACK packet from peer or a Commit packet.
 
int state_keyAgreement_sendingCommit (bzrtpEvent_t event)
 For any kind of key agreement (DHM, Mult, PreShared), we keep sending commit.
 
int state_keyAgreement_responderSendingDHPart1 (bzrtpEvent_t event)
 For DHM mode only, responder send DHPart1 packet.
 
int state_keyAgreement_initiatorSendingDHPart2 (bzrtpEvent_t event)
 For DHM mode only, initiator send DHPart2 packet.
 
int state_confirmation_responderSendingConfirm1 (bzrtpEvent_t event)
 Responder send the confirm1 message.
 
int state_confirmation_initiatorSendingConfirm2 (bzrtpEvent_t event)
 Initiator send the confirm2 message.
 
int state_secure (bzrtpEvent_t event)
 We are in secure state.
 
int state_sending_GoClear (bzrtpEvent_t event)
 GoClear initiator send a GoClear message.
 
int state_clear (bzrtpEvent_t event)
 We are in clear state.
 
static int bzrtp_deriveKeysFromS0 (BCTBX_UNUSED(bzrtpContext_t *zrtpContext), bzrtpChannelContext_t *zrtpChannelContext)
 This function is called after s0 (and ZRTPSess when non in Multistream mode) have been computed to derive the other keys Keys computed are: mackeyi, mackeyr, zrtpkeyi and zrtpkeyr, srtpkeys and salt.
 
int bzrtp_updateCachedSecrets (bzrtpContext_t *zrtpContext, bzrtpChannelContext_t *zrtpChannelContext)
 Compute the new rs1 and update the cached secrets according to rfc section 4.6.1.
 

Function Documentation

◆ bzrtp_computeS0DHMMode()

static int bzrtp_computeS0DHMMode ( bzrtpContext_t zrtpContext,
bzrtpChannelContext_t zrtpChannelContext 
)
static

After the DHPart1 or DHPart2 arrives from peer, validity check and shared secret computation call this function to compute s0, KDF Context, ZRTPSess,.

param[in] zrtpContext The context we are operation on(where to find the DHM context with the shared secret ready) param[in] zrtpChannelContext The channel context we are operation on

return 0 on success, error code otherwise

◆ bzrtp_computeS0MultiStreamMode()

static int bzrtp_computeS0MultiStreamMode ( bzrtpContext_t zrtpContext,
bzrtpChannelContext_t zrtpChannelContext 
)
static

In multistream mode, when we must send a confirm1 or receive a confirm1 for the first time, call the function to compute s0, KDF context and derive mac and srtp keys.

param[in] zrtpContext The context we are operation on(where to find the ZRTPSess) param[in] zrtpChannelContext The channel context we are operation on

return 0 on success, error code otherwise

◆ bzrtp_deriveKeysFromS0() [1/2]

static int bzrtp_deriveKeysFromS0 ( BCTBX_UNUSED(bzrtpContext_t *zrtpContext)  ,
bzrtpChannelContext_t zrtpChannelContext 
)
static

This function is called after s0 (and ZRTPSess when non in Multistream mode) have been computed to derive the other keys Keys computed are: mackeyi, mackeyr, zrtpkeyi and zrtpkeyr, srtpkeys and salt.

param[in] zrtpContext The context we are operation on(contains ZRTPSess) param[in,out] zrtpChannelContext The channel context we are operation on(contains s0 and will get the computed keys)

return 0 on success, error code otherwise

◆ bzrtp_deriveKeysFromS0() [2/2]

static int bzrtp_deriveKeysFromS0 ( bzrtpContext_t zrtpContext,
bzrtpChannelContext_t zrtpChannelContext 
)
static

◆ bzrtp_deriveSrtpKeysFromS0()

static int bzrtp_deriveSrtpKeysFromS0 ( bzrtpContext_t zrtpContext,
bzrtpChannelContext_t zrtpChannelContext 
)
static

This function is called after confirm1 is received by initiator or confirm2 by responder Keys computed are: srtp self and peer keys and salt, SAS(if mode is not multistream). The whole bzrtpSrtpSecrets_t structure is ready after this call.

param[in] zrtpContext The context we are operation on param[in,out] zrtpChannelContext The channel context we are operation on(contains s0 and will get the computed keys)

return 0 on success, error code otherwise

◆ bzrtp_responseToHelloMessage()

static int bzrtp_responseToHelloMessage ( bzrtpContext_t zrtpContext,
bzrtpChannelContext_t zrtpChannelContext,
bzrtpPacket_t zrtpPacket 
)
static

When a Hello message arrive from peer for the first time, we shall parse it to check if it match our configuration and act on the context This message may arrives when in state state_discovery_init or state_discovery_waitingForHello.

  • Find agreement on algo to use
  • Check if we have retained secrets in cache matching the peer ZID
  • if agreed on a DHM mode : compute the public value and prepare a DHPart2 packet(assume we are initiator, change later if needed)
  • if agreed on a non-DHM mode : PreShared not supported, Multistream nothing to do at this point
Parameters
[in]zrtpContextThe current zrtp Context
[in,out]zrtpChannelContextThe channel we are operating
[in]zrtpPacketThe zrtpPacket received, it contains the hello message
Returns
0 on succes, error code otherwise

◆ bzrtp_sendPacket()

static int bzrtp_sendPacket ( const bzrtpContext_t zrtpContext,
bzrtpChannelContext_t zrtpChannelContext,
bzrtpPacket_t zrtpPacket 
)
static

Send the given packet, if the packets holds fragments, send them all Insert the packet sequence number and compute the CRC before sending.

Parameters
[in]zrtpContextzrtp context to get the sendData callback
[in]zrtpChannelContextthe channel context to get the sendData user callback, and update sequenceNumber
[in]zrtpPacketthe packet to be send, it must be ready for sending (bzrtp_packetBuild called). If the packet holds fragments packets, they will be sent.
Returns
0 on success

◆ bzrtp_turnIntoResponder()

static int bzrtp_turnIntoResponder ( bzrtpContext_t zrtpContext,
bzrtpChannelContext_t zrtpChannelContext,
bzrtpPacket_t zrtpPacket,
bzrtpCommitMessage_t commitMessage 
)
static

Turn the current Channel into responder role This happens when receiving a commit message when in state state_discovery_waitingForHelloAck or state_keyAgreement_sendingCommit if commit contention gives us the responder role. State will be changed to state_confirmation_responderSendingConfirm1 or state_confirmation_responderSendingDHPart1 depending on DHM or non-DHM operation mode.

Parameters
[in]zrtpContextThe current zrtp Context
[in,out]zrtpChannelContextThe channel we are operating
[in]zrtpPacketThe zrtpPacket receives, it contains the commit message
[in]commitMessageA direct pointer to the commitMessage structure contained in the zrtp packet
Returns
0 on succes, error code otherwise

◆ bzrtp_updateCachedSecrets()

int bzrtp_updateCachedSecrets ( bzrtpContext_t zrtpContext,
bzrtpChannelContext_t zrtpChannelContext 
)

Compute the new rs1 and update the cached secrets according to rfc section 4.6.1.

param[in] zrtpContext The context we are operation on param[in/out] zrtpChannelContext The channel context we are operation on(contains s0)

return 0 on success, error code otherwise

◆ state_clear()

int state_clear ( bzrtpEvent_t  event)

We are in clear state.

Arrives from:

  • state_sending_GoClear on ClearACK reception

state_secure on GoClear reception

  • state_clear on manuel confirmation of the responder (of the GoClear) Goes to:
    • state_keyAgreement_sendingCommit when user pressed a button to indicate that he wants to back to secure mode
    • state_confirmation_responderSendingConfirm1 on commit reception

◆ state_confirmation_initiatorSendingConfirm2()

int state_confirmation_initiatorSendingConfirm2 ( bzrtpEvent_t  event)

Initiator send the confirm2 message.

Arrives from:

  • state_keyAgreement_initiatorSendingDHPart2 upon confirm1 reception
  • state_keyAgreement_sendingCommit upon Confirm1 reception in non DHM mode Goes to:
  • state_secure on Conf2ACK reception or first SRTP message Send :
  • Confirm2 until timer's end or transition

◆ state_confirmation_responderSendingConfirm1()

int state_confirmation_responderSendingConfirm1 ( bzrtpEvent_t  event)

Responder send the confirm1 message.

Arrives from:

  • state_keyAgreement_responderSendingDHPart1 upon DHPart2 reception
  • state_keyAgreement_sendingCommit upon Commit reception in non DHM mode and commit contention gives us the responder role
  • state_discovery_waitingForHelloAck upon Commit reception in non DHM mode Goes to:
  • state_secure on Confirm2 reception Send :
  • Confirm1 on Commit or DHPart2 reception

◆ state_discovery_init()

int state_discovery_init ( bzrtpEvent_t  event)

This is the initial state On first call, we will create the Hello message and start sending it until we receive an helloACK or a hello message from peer.

Arrives from :

  • This is the initial state Goes to:
  • state_discovery_waitingForHello upon HelloACK reception
  • state_discovery_waitingForHelloAck upon Hello reception Send :
  • Hello until timer's end or transition

◆ state_discovery_waitingForHello()

int state_discovery_waitingForHello ( bzrtpEvent_t  event)

Arrives in this state coming from init upon reception on Hello ACK, we are now waiting for the Hello packet from peer.

Arrives from :

  • state_discovery_init upon HelloACK reception Goes to:
    • state_keyAgreement_sendingCommit upon Hello reception Send :
    • HelloACK on Hello reception

◆ state_discovery_waitingForHelloAck()

int state_discovery_waitingForHelloAck ( bzrtpEvent_t  event)

We are now waiting for the HelloACK packet from peer or a Commit packet.

Arrives from :

  • state_discovery_init upon Hello reception Goes to:
  • state_keyAgreement_sendingCommit upon HelloACK reception
  • state_keyAgreement_responderSendingDHPart1 upon Commit reception in DHM mode
  • state_confirmation_responderSendingConfirm1 upon Commit reception in non DHM mode Send :
  • Hello until timer's end or transition
  • HelloACK on Hello reception

◆ state_keyAgreement_initiatorSendingDHPart2()

int state_keyAgreement_initiatorSendingDHPart2 ( bzrtpEvent_t  event)

For DHM mode only, initiator send DHPart2 packet.

Arrives from:

  • state_keyAgreement_sendingCommit upon DHPart1 reception Goes to:
    • state_confirmation_initiatorSendingConfirm2 upon reception of Confirm1 Send :
    • DHPart2 until timer's end or transition

◆ state_keyAgreement_responderSendingDHPart1()

int state_keyAgreement_responderSendingDHPart1 ( bzrtpEvent_t  event)

For DHM mode only, responder send DHPart1 packet.

Arrives from:

  • state_discovery_waitingForHelloAck upon Commit reception in DHM mode
  • state_keyAgreement_sendingCommit upon Commit reception in DHM mode and commit contention gives us the responder role Goes to:
    • state_confirmation_responderSendingConfirm1 upon DHPart2 reception Send :
    • DHPart1 on Commit reception

◆ state_keyAgreement_sendingCommit()

int state_keyAgreement_sendingCommit ( bzrtpEvent_t  event)

For any kind of key agreement (DHM, Mult, PreShared), we keep sending commit.

Arrives from :

  • state_discovery_waitingForHello upon Hello received
  • state_discovery_waitingForHelloAck upon HelloACK received Goes to:
  • state_keyAgreement_initiatorSendingDHPart2 upon DHPart1 reception in DHM mode
  • state_confirmation_initiatorSendingConfirm2 upon Confirm1 reception in non DHM mode
  • state_keyAgreement_responderSendingDHPart1 upon Commit reception in DHM mode and commit contention gives us the responder role
  • state_confirmation_responderSendingConfirm1 upon Commit reception in non DHM mode and commit contention gives us the responder role Send :
  • Commit until timer's end or transition
  • HelloACK on Hello reception

◆ state_secure()

int state_secure ( bzrtpEvent_t  event)

We are in secure state.

Arrives from:

  • state_confirmation_responderSendingConfirm1 on Confirm2 reception
  • state_confirmation_initiatorSendingConfirm2 on conf2ACK or first SRTP message Goes to:
  • state_sending_GoClear when user pressed a button to indicate that he wants to change the encryption mode
  • state_clear on GoClear reception Send :
  • Conf2ACK on Confirm2 reception

ClearACK on GoClear reception (+ destroy all key materials)

◆ state_sending_GoClear()

int state_sending_GoClear ( bzrtpEvent_t  event)

GoClear initiator send a GoClear message.

Arrives from:

  • state_secure when user pressed a button to indicate that he wants to change the encryption mode Goes to:
  • state_clear on ClearACK reception Send :
  • GoClear message (+ destroy all key materials on ClearACK reception)