forked from Mirrors/freeswitch
d2edcad66e
Thanks to Phil Zimmermann for the code and for the license exception we needed to include it. There remains some build system integration work to be done before this code will build properly in the FreeSWITCH tree.
198 lines
13 KiB
Plaintext
198 lines
13 KiB
Plaintext
#
|
|
# Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
|
|
# Contact: http://philzimmermann.com
|
|
# For licensing and other legal details, see the file zrtp_legal.c.
|
|
#
|
|
# Viktor Krykun <v.krikun at zfoneproject.com>
|
|
|
|
/**
|
|
* \file changelog.dox
|
|
* \brief libzrtp ChangeLog
|
|
*/
|
|
|
|
/*!
|
|
\page changelog libzrtp ChangeLog
|
|
|
|
****************************************************************************************************
|
|
\section v091 DEVELOPERS BUILD Release Notes - libzrtp - Version 0.91 build XXX (ZRTP ID v16x, protocol 1.X)
|
|
****************************************************************************************************
|
|
\note To build Libzrtp Enterprise with Elliptic Cure Diffie-Hellman support on Unix platform, use
|
|
<c>"./configure --enable-enterprise".</c> By default libzrtp will be build with no ECDH support.
|
|
|
|
<HR>
|
|
***\subsection v091_feature New features and improvements.
|
|
|
|
***\subsection v091_bugs Bug fixes
|
|
*- [LZRTP-179] Fixed bug in build scripts when commercial version of libzrtp v0.90 was built
|
|
with ZRTP_ENABLE_EC set to 1 by default.
|
|
*- [LZRTP-181] Fixed zrtp_init() crash on Mac OSX 10.6
|
|
*- [LZRTP-182] Fixed libzrtp build issue on Free-BSD
|
|
|
|
|
|
****************************************************************************************************
|
|
\section v090 Release Notes - libzrtp - Version 0.90 build 577 (ZRTP ID v15x, protocol 1.1)
|
|
****************************************************************************************************
|
|
<HR>
|
|
***\subsection v090_feature New features and improvements.
|
|
*- [LZRTP-178] After the cache mismatch don't update the cache automatically, wait for the SAS verification. More details at this feature could be found in ZRTP ID section 4.6.1.1
|
|
*- [LZRTP-151] Add secrets flags to \ref zrtp_info_t to allow user monitor secrets state
|
|
*- [LZRTP-169] Check and optimize build process on Windows mingw and msys.
|
|
|
|
***\subsection v090_bugs Bug fixes
|
|
*- [LZRTP-176] Added -fPIC flag to Linux and Mac builds to be able to link the library into 64bit applications.
|
|
*- [LZRTP-175] Change SHA1 definition name to SRTP_SHA1 and move to private part of the API to eliminate ambiguity.
|
|
*- [LZRTP-155] Session info should display current, updated value of the TTL, not the old one from previous negotiation.
|
|
*- [LZRTP-177] Diffie-Hellman secret exponent for DH2K should be 256bits instead of 128.
|
|
|
|
|
|
****************************************************************************************************
|
|
\section v082 Release Notes - libzrtp - Version 0.82 build 540 (ZRTP ID v15, protocol 1.1)
|
|
****************************************************************************************************
|
|
<HR>
|
|
Minor improvements. Zfone and libZRTP projects moved to public bug-tracking and wiki system.
|
|
|
|
***\subsection v082_feature New features and improvements.
|
|
*- Improved libzrtp resistance to long delays during DH calculations on slow hardware.
|
|
*- Structures Members alignment in Microsoft Visual Studio projects was changed from 1 byte to "Default".
|
|
*- Implemented entropy collection from dropped RTP messages. Don't forget to store RNG seed when you done with libzrtp and upload it agan on next session.
|
|
*- Implement default entropy collector for Win32 platform. RtlGenRandom() system call is used. Together with the entropy collection from dropped RTP message, it should guaranty good enough entropy.
|
|
*- zrtp_def_cache_reset_since() was implemented as call-back, similar to the rest of ZRTP cache interfaces.
|
|
*- Eliminated secure logs from the public build.
|
|
*- Public bug-tracker and wiki launched (in addition to our internal tools)
|
|
*- libzrtp API documentation is available at developers.zfoneproject.com
|
|
|
|
|
|
****************************************************************************************************
|
|
\section v081 Release Notes - libzrtp - Version 0.81 build 514 (ZRTP ID v15, protocol 1.1)
|
|
****************************************************************************************************
|
|
<HR>
|
|
***\subsection v081_bugs Bug
|
|
*- [LZRTP-161] <b>Improvement in ZRTP state-machine</b>\n
|
|
libzrtp state-machine didn't process incoming Hello message in StartInitiatingSecure state.
|
|
In some situations this issue could cause libzrtp not responding on incoming HELLO messages and freeze the protocol.
|
|
|
|
*- [LZRTP-166] <b>Fixed "Secure Since" logic.</b>\n
|
|
Previous version of libzrtp computed secure since in a wrong way. libzrtp 0.81 remembers secure since date when new RS1 secret is generated and keep it unchanged while RS secrets are matched for all next calls.
|
|
\n
|
|
Use zrtp_def_cache_get_since() to get secure since for the particular pair of ZIDs.
|
|
\warning Secure since function is available for the build-in implementation of ZRTP cache.
|
|
|
|
***\subsection v081_feature New Feature
|
|
*- [LZRTP-157] <b>Implement algorithms negotiation according to ZRTP ID v15 section 4.1.2</b>\n
|
|
This method is provided to allow the two parties to mutually and deterministically choose the same DH key size and algorithm before a Commit message is sent. No API changes required.
|
|
|
|
*- [LZRTP-158] <b>Zfone Ping response implemented.</b>\n
|
|
New Zfone3 software uses specific VoIp calls detection algorithms and uses ZRTP Ping to discover the call topology. Each ZRTP endpoint may response with PingAck to be compatible with Zfone3. libzrtp based products don't need to do anything more to support Zfone3. The library handles this automatically. Ping-Response doesn't affect res of ZRTP logic.
|
|
\n
|
|
\sa Check ZRTP RFC sec 5.16 for more information.
|
|
|
|
***\subsection v081_improv Improvement
|
|
*- [LZRTP-164] <b>New ZRTP security event was added.</b>\n
|
|
Libzrtp rises special event when after switching to secure state, the secrets are not expired, cached, but don't match. In other words: it is typical condition for the MitM attacks. Developer should use this event to notify user about the situation. Check zrtp_security_event_t#ZRTP_EVENT_MITM_WARNING for more detail information.
|
|
|
|
*- [LZRTP-153] <b>New Project files to build libzrtp on Windows CE.</b>\n
|
|
Check ./projects/win_ce directory to find appropriate Microsoft Visual Studio projects.
|
|
|
|
|
|
|
|
****************************************************************************************************
|
|
\section v080 Release Notes - libzrtp - Version 0.80
|
|
****************************************************************************************************
|
|
<HR>
|
|
***\subsection v080_bugs Bug
|
|
- [LZRTP-97] <b>zrtp_hex2str and zrtp_st2hex don't work correct.</b>\n
|
|
Fixed bug in str2hex() providing wrong converting. Previous versions of libzrtp were affect,
|
|
but str2hex wasn't used in crypto logic and there was no security weakness.
|
|
- [LZRTP-154] zrtp_register_with_trusted_mitm() on storing MiTM secret didn't set the "matches" flag for ZRTP_BIT_PBX. In result, zrtp_is_user_enrolled() returned false right after ZRTP_STATE_SECURE event. This issue affected ZRTP MitM endpoints only and for the very first enrollment stream with the endpoint. In all next calls with the endpoint zrtp_is_user_enrolled() worked correct.
|
|
|
|
***\subsection v080_improv Improvement
|
|
*- [LZRTP-26] <b>Refactoring in the test-unite</b>\n
|
|
Test-unite was redesigned: platform independent test-core and UI parts, specific for every
|
|
target platform. test-core has cleaner API and internal structure. UI part allow to simplify
|
|
application and separate business logic from UI routine.
|
|
|
|
*- [LZRTP-46] <b>Change zrtp_time_t to literal integer type.</b>\n
|
|
zrtp_tim_now() just returns current time in milliseconds instead of zrtp_time_t structure.
|
|
|
|
*- [LZRTP-83] <b>Refactoring in libzrtp debug logging.</b>\n
|
|
Made logs easy to read and analyze. Used indention.
|
|
|
|
*- [LZRTP-84] <b>Refactoring in libzrtp terms.</b>\n
|
|
Following changes in functions names and data structures were made:
|
|
zrtp_stream_ctx_t - zrtp_stream_t\n
|
|
zrtp_conn_ctx_t - zrtp_session_t\n
|
|
zrtp_global_ctx_t - zrtp_global_t\n
|
|
(in zrtp.h more explicitly reflect meaning of data types)\n
|
|
\n
|
|
ZSTR_GET_VALUE/P - ZRTP_GV/P\n
|
|
SET_EMPTY_ZRTP_STRING - ZSTR_SET_EMPTY\n
|
|
(in zrtp_string.h just cleaner and shorter names)\n
|
|
\n
|
|
zrtp_init() (Allocates memory)\n
|
|
zrtp_init_session_ctx() - zrtp_session_init(). (Allocates memory)\n
|
|
zrtp_add_entropy() - zrtp_entropy_add() \n
|
|
zrtp_secure_stream() - zrtp_stream_secure()\n
|
|
zrtp_clear_stream() - zrtp_stream_clear()\n
|
|
zrtp_done_session_ctx - zrtp_session_down()\n
|
|
zrtp_attach_stream - zrtp_stream_attach()\n
|
|
zrtp_start_stream() - zrtp_stream_start()\n
|
|
zrtp_stop_stream() - zrtp_stream_stop()\n
|
|
zrtp_set_verified - zrtp_verified_set()\n
|
|
zrtp_check_profile - zrtp_profile_check()\n
|
|
(in zrtp.h used following approach: zrtp prefix; module name; action name)
|
|
|
|
*- [LZRTP-85] <b>Hide private fields in zrtp_session_ctx and zrtp_stream_ctx.</b>\n
|
|
zrtp_stream_t and zrtp_session_t structures were hidden inside libzrtp internal data-types. General libzrtp-based application shouldn't use these structures directly. zrtp_stream_info_t and zrtp_session_info_t structures should be used instead. To implement data encapsulation, libzrtp provides following functions:
|
|
zrtp_stream_get(), zrtp_session_get()\n
|
|
zrtp_stream_set_userdata(), zrtp_stream_get_userdata()\n
|
|
zrtp_session_set_userdata(), zrtp_session_get_userdata()\n
|
|
\n
|
|
Advanced zrtp products may access zrtp_stream_t and zrtp_session_t directly but implementer can avoid this in most of the cases.
|
|
|
|
*- [LZRTP-88] <b>Create a macro for UNALIGNED constructions on mobile platforms.</b>\n
|
|
|
|
*- [LZRTP-89] <b>Code style for crypto components sources.</b>\n
|
|
Public API not affected. Internal changes:
|
|
- more compact code because fo using more general crypto functions
|
|
- code stayle and comments
|
|
- test-vectors were moved inside c-files fof appropriate crypto components.
|
|
|
|
*- [LZRTP-99] <b>zrtp_session_init should allocate memory for zrtp_session_t.</b>\n
|
|
|
|
*- [LZRTP-112] <b>Modify zrtp logger to be able write \\n and NON \\n logs.</b>\n
|
|
ZRTP_LOG by default doesn't add \\n at the end of the log string. ZRTP_LOGC print plain log message without header and any formatting.
|
|
|
|
*- [LZRTP-116] <b>Review synchronization objects in libzrtp.</b>\n
|
|
- zrtp_global_t#comp_protector was removed. This mutex protected crypto components list. Since v0.80 libzrtp doesn't allow users to manage list of crypto components. libzrtp loads all available components at zrtp_init() and destroys them on zrtp_down(). Any modification with the list performed between these two call - don't need mutex.
|
|
- zrtp_secrets_t#protector was removed, just unused in the code
|
|
- zrtp_global_t#cache_protector was removed. Third-party ZRTP cache implementation should be thread-safe. It was made because it is simpler and more flexible solution.
|
|
|
|
*- [LZRTP-120] <b>Add file with version number to identify builds.</b>\n
|
|
zrtp_version.h have been added to the project.
|
|
|
|
*- [LZRTP-128] <b>Eliminate Sound event from libzrtp.</b>\n
|
|
zrtp_callback_misc_t::on_sound_event() was eliminated. This message was originally deigned for early versions of ZFone project. Event is supernumerary and duplicated other protocol and security events. Users, who need such event may perform the same actions using zrtp_callback_event_t events.
|
|
|
|
*- [LZRTP-133] <b>Move ssrc parameter from stream_create() to stream_start()</b>\n
|
|
SSRC parameter was moved from zrtp_stream_attach() to zrtp_stream_start(). Such improvement should allow users to create zrtp streams before media starts and ssrc is unknown. It may be useful for proxy products: ZFone, UM-Lab software and other.
|
|
|
|
*- [LZRTP-143] <b>Speedup DH key exchange procedure.</b>\n
|
|
DH crypto context data was moved directly to zrtp_stream_t and statically allocated. On creating protocol routine, libzrtp checks is DH context have been already initialized with the same type of key exchange scheme. If so - new DH value will not be recalculated.
|
|
|
|
***\subsection v080_feature New Feature
|
|
- [LZRTP-14] <b>Add DH2K public key exchange scheme</b>\n
|
|
DH2K public key exchange scheme was implemented and available for developers the same way as rest of crypto components.
|
|
|
|
***\subsection v080_tasks Task
|
|
*- [LZRTP-24] <b>Implement Self-tests for DH and ECDH components.</b>\n
|
|
Test cases for DH components were implemented and added to the libzrtp test-unite routine. DH checks algorithm correctness and performance as well. Besides test-vectors, it emulates DH exchange computing public and secret values for both endpoints.
|
|
|
|
*- [LZRTP-122] <b>Print out all zrtp configuration settings and adjustments on initialization.</b>
|
|
|
|
*- [LZRTP-123] <b>Create standard error codes and error text descriptions.</b>\n
|
|
New functions zrtp_log_error2str() and zrtp_log_status2str() were added to convert status codes to text description. Some clean-up in zrtp_status_t was made, removed unused or ambiguous status codes.
|
|
|
|
*- [LZRTP-132] <b>Replace HMAC with KDF function call.</b>\n
|
|
Since ZRTP draft 12b defines ZRTP KDF to be in compliance with the recommendations in NIST SP 800-108. KDF function implemented as _zrtp_kdf() in zrtp_utils_proto.c. All KDF operations were replaced with from hmac to kdf function.
|
|
*/
|