>From a9f0f27c627ae860d4e07321fea7b0503e4ab8d3 Mon Sep 17 00:00:00 2001
From: Ben Sartor <address@hidden>
Date: Thu, 5 Feb 2015 03:08:15 +0100
Subject: [PATCH 2/3] enhanced zrtp parameters by crypto types

---
 include/mediastreamer2/zrtp.h | 58 +++++++++++++++++++++++++
 src/crypto/zrtp.c             | 98 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 156 insertions(+)

diff --git a/include/mediastreamer2/zrtp.h b/include/mediastreamer2/zrtp.h
index 18e66bf..a4652ce 100644
--- a/include/mediastreamer2/zrtp.h
+++ b/include/mediastreamer2/zrtp.h
@@ -30,9 +30,67 @@ extern "C"{
 /* defined in mediastream.h */
 struct _MSMediaStreamSessions;
 
+
+#define MS_MAX_ZRTP_CRYPTO_TYPES 7
+
+typedef uint8_t MsZrtpCryptoTypesCount;
+
+typedef enum _MSZrtpHash{
+	MS_ZRTP_HASH_INVALID,
+	MS_ZRTP_HASH_S256,
+	MS_ZRTP_HASH_S384,
+	MS_ZRTP_HASH_N256,
+	MS_ZRTP_HASH_N384
+} MSZrtpHash;
+
+typedef enum _MSZrtpCipher{
+	MS_ZRTP_CIPHER_INVALID,
+	MS_ZRTP_CIPHER_AES1,
+	MS_ZRTP_CIPHER_AES2,
+	MS_ZRTP_CIPHER_AES3,
+	MS_ZRTP_CIPHER_2FS1,
+	MS_ZRTP_CIPHER_2FS2,
+	MS_ZRTP_CIPHER_2FS3
+} MSZrtpCipher;
+
+typedef enum _MSZrtpAuthTag{
+	MS_ZRTP_AUTHTAG_INVALID,
+	MS_ZRTP_AUTHTAG_HS32,
+	MS_ZRTP_AUTHTAG_HS80,
+	MS_ZRTP_AUTHTAG_SK32,
+	MS_ZRTP_AUTHTAG_SK64
+} MSZrtpAuthTag;
+
+typedef enum _MSZrtpKeyAgreement{
+	MS_ZRTP_KEY_AGREEMENT_INVALID,
+	MS_ZRTP_KEY_AGREEMENT_DH2K,
+	MS_ZRTP_KEY_AGREEMENT_DH3K,
+	MS_ZRTP_KEY_AGREEMENT_EC25,
+	MS_ZRTP_KEY_AGREEMENT_EC38,
+	MS_ZRTP_KEY_AGREEMENT_EC52
+} MSZrtpKeyAgreement;
+
+typedef enum _MSZrtpSasType{
+	MS_ZRTP_SAS_INVALID,
+	MS_ZRTP_SAS_B32,
+	MS_ZRTP_SAS_B256
+} MSZrtpSasType;
+
 typedef struct MSZrtpParams {
 	const char *zid_file; // File where to store secrets and other information
 	const char *uri; /* the sip URI of correspondant */
+
+	/* activated crypto types */
+	MSZrtpHash             hashes[MS_MAX_ZRTP_CRYPTO_TYPES];
+	MsZrtpCryptoTypesCount hashesCount ;
+	MSZrtpCipher           ciphers[MS_MAX_ZRTP_CRYPTO_TYPES];
+	MsZrtpCryptoTypesCount ciphersCount;
+	MSZrtpAuthTag          authTags[MS_MAX_ZRTP_CRYPTO_TYPES];
+	MsZrtpCryptoTypesCount authTagsCount;
+	MSZrtpKeyAgreement     keyAgreements[MS_MAX_ZRTP_CRYPTO_TYPES];
+	MsZrtpCryptoTypesCount keyAgreementsCount;
+	MSZrtpSasType          sasTypes[MS_MAX_ZRTP_CRYPTO_TYPES];
+	MsZrtpCryptoTypesCount sasTypesCount;
 } MSZrtpParams;
 
 typedef struct _MSZrtpContext MSZrtpContext ;
diff --git a/src/crypto/zrtp.c b/src/crypto/zrtp.c
index 5575ae7..6c99fd5 100644
--- a/src/crypto/zrtp.c
+++ b/src/crypto/zrtp.c
@@ -412,6 +412,97 @@ static MSZrtpContext* ms_zrtp_configure_context(MSZrtpContext *userData, RtpSess
 	return userData;
 }
 
+static void set_hash_suites(bzrtpContext_t *ctx, const MSZrtpHash *hashes, const MsZrtpCryptoTypesCount count) {
+	int i;
+	uint8_t bzrtpCount = 0;
+	uint8_t bzrtpHashes[7];
+
+	for (i=0; i < count; i++) {
+		switch (hashes[i]) {
+			case MS_ZRTP_HASH_INVALID: break;
+			case MS_ZRTP_HASH_S256: bzrtpHashes[bzrtpCount++] = ZRTP_HASH_S256; break;
+			case MS_ZRTP_HASH_S384: bzrtpHashes[bzrtpCount++] = ZRTP_HASH_S384; break;
+			case MS_ZRTP_HASH_N256: bzrtpHashes[bzrtpCount++] = ZRTP_HASH_N256; break;
+			case MS_ZRTP_HASH_N384: bzrtpHashes[bzrtpCount++] = ZRTP_HASH_N384; break;
+		}
+	}
+
+	bzrtp_setSupportedCryptoTypes(ctx, ZRTP_HASH_TYPE, bzrtpHashes, bzrtpCount);
+}
+
+static void set_cipher_suites(bzrtpContext_t *ctx, const MSZrtpCipher *ciphers, const MsZrtpCryptoTypesCount count) {
+	int i;
+	uint8_t bzrtpCount = 0;
+	uint8_t bzrtpCiphers[7];
+
+	for (i=0; i < count; i++) {
+		switch (ciphers[i]) {
+			case MS_ZRTP_CIPHER_INVALID: break;
+			case MS_ZRTP_CIPHER_AES1:    bzrtpCiphers[bzrtpCount++] = ZRTP_CIPHER_AES1; break;
+			case MS_ZRTP_CIPHER_AES2:    bzrtpCiphers[bzrtpCount++] = ZRTP_CIPHER_AES2; break;
+			case MS_ZRTP_CIPHER_AES3:    bzrtpCiphers[bzrtpCount++] = ZRTP_CIPHER_AES3; break;
+			case MS_ZRTP_CIPHER_2FS1:    bzrtpCiphers[bzrtpCount++] = ZRTP_CIPHER_2FS1; break;
+			case MS_ZRTP_CIPHER_2FS2:    bzrtpCiphers[bzrtpCount++] = ZRTP_CIPHER_2FS2; break;
+			case MS_ZRTP_CIPHER_2FS3:    bzrtpCiphers[bzrtpCount++] = ZRTP_CIPHER_2FS3; break;
+		}
+	}
+
+	bzrtp_setSupportedCryptoTypes(ctx, ZRTP_CIPHERBLOCK_TYPE, bzrtpCiphers, bzrtpCount);
+}
+
+static void set_auth_tag_suites(bzrtpContext_t *ctx, const MSZrtpAuthTag *authTags, const MsZrtpCryptoTypesCount count) {
+	int i;
+	uint8_t bzrtpCount = 0;
+	uint8_t bzrtpAuthTags[7];
+
+	for (i=0; i < count; i++) {
+		switch (authTags[i]) {
+			case MS_ZRTP_AUTHTAG_INVALID: break;
+			case MS_ZRTP_AUTHTAG_HS32:    bzrtpAuthTags[bzrtpCount++] = ZRTP_AUTHTAG_HS32; break;
+			case MS_ZRTP_AUTHTAG_HS80:    bzrtpAuthTags[bzrtpCount++] = ZRTP_AUTHTAG_HS80; break;
+			case MS_ZRTP_AUTHTAG_SK32:    bzrtpAuthTags[bzrtpCount++] = ZRTP_AUTHTAG_SK32; break;
+			case MS_ZRTP_AUTHTAG_SK64:    bzrtpAuthTags[bzrtpCount++] = ZRTP_AUTHTAG_SK64; break;
+		}
+	}
+
+	bzrtp_setSupportedCryptoTypes(ctx, ZRTP_AUTHTAG_TYPE, bzrtpAuthTags, bzrtpCount);
+}
+
+static void set_key_agreement_suites(bzrtpContext_t *ctx, const MSZrtpKeyAgreement *keyAgreements, const MsZrtpCryptoTypesCount count) {
+	int i;
+	uint8_t bzrtpCount = 0;
+	uint8_t bzrtpKeyAgreements[7];
+
+	for (i=0; i < count; i++) {
+		switch (keyAgreements[i]) {
+			case MS_ZRTP_KEY_AGREEMENT_INVALID: break;
+			case MS_ZRTP_KEY_AGREEMENT_DH2K:    bzrtpKeyAgreements[bzrtpCount++] = ZRTP_KEYAGREEMENT_DH2k; break;
+			case MS_ZRTP_KEY_AGREEMENT_DH3K:    bzrtpKeyAgreements[bzrtpCount++] = ZRTP_KEYAGREEMENT_DH3k; break;
+			case MS_ZRTP_KEY_AGREEMENT_EC25:    bzrtpKeyAgreements[bzrtpCount++] = ZRTP_KEYAGREEMENT_EC25; break;
+			case MS_ZRTP_KEY_AGREEMENT_EC38:    bzrtpKeyAgreements[bzrtpCount++] = ZRTP_KEYAGREEMENT_EC38; break;
+			case MS_ZRTP_KEY_AGREEMENT_EC52:    bzrtpKeyAgreements[bzrtpCount++] = ZRTP_KEYAGREEMENT_EC52; break;
+		}
+	}
+
+	bzrtp_setSupportedCryptoTypes(ctx, ZRTP_KEYAGREEMENT_TYPE, bzrtpKeyAgreements, bzrtpCount);
+}
+
+static void set_sas_suites(bzrtpContext_t *ctx, const MSZrtpSasType *sasTypes, const MsZrtpCryptoTypesCount count) {
+	int i;
+	uint8_t bzrtpCount = 0;
+	uint8_t bzrtpSasTypes[7];
+
+	for (i=0; i < count; i++) {
+		switch (sasTypes[i]) {
+			case MS_ZRTP_SAS_INVALID: break;
+			case MS_ZRTP_SAS_B32:     bzrtpSasTypes[bzrtpCount++] = ZRTP_SAS_B32; break;
+			case MS_ZRTP_SAS_B256:    bzrtpSasTypes[bzrtpCount++] = ZRTP_SAS_B256; break;
+		}
+	}
+
+	bzrtp_setSupportedCryptoTypes(ctx, ZRTP_SAS_TYPE, bzrtpSasTypes, bzrtpCount);
+}
+
 /***********************************************/
 /***** EXPORTED FUNCTIONS                  *****/
 /***********************************************/
@@ -460,6 +551,13 @@ MSZrtpContext* ms_zrtp_context_new(MSMediaStreamSessions *sessions, MSZrtpParams
 
 	bzrtp_setClientData(context, sessions->rtp_session->snd.ssrc, (void *)userData);
 
+	/* set crypto params */
+	set_hash_suites(context, params->hashes, params->hashesCount);
+	set_cipher_suites(context, params->ciphers, params->ciphersCount);
+	set_auth_tag_suites(context, params->authTags, params->authTagsCount);
+	set_key_agreement_suites(context, params->keyAgreements, params->keyAgreementsCount);
+	set_sas_suites(context, params->sasTypes, params->sasTypesCount);
+
 	bzrtp_initBzrtpContext(context); /* init is performed only when creating the first channel context */
 	return ms_zrtp_configure_context(userData, sessions->rtp_session);
 }
-- 
2.1.4