From 6a53bb92b2d2fc459c4e5aebb59519641d172ccc Mon Sep 17 00:00:00 2001
From: Aaro Altonen <aaro.altonen@tuni.fi>
Date: Tue, 28 Jan 2020 08:34:56 +0200
Subject: [PATCH] Generate H0-H3 as defined in Section 9 of RFC 6189

---
 src/zrtp.cc | 27 ++++++++++++++++++++++-----
 src/zrtp.hh | 14 +++++++++++++-
 2 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/src/zrtp.cc b/src/zrtp.cc
index 0982dbd..bc1b563 100644
--- a/src/zrtp.cc
+++ b/src/zrtp.cc
@@ -18,6 +18,7 @@ using namespace kvz_rtp::zrtp_msg;
 kvz_rtp::zrtp::zrtp():
     receiver_()
 {
+    cctx_.sha256 = kvz_rtp::crypto::sha256();
 }
 
 kvz_rtp::zrtp::~zrtp()
@@ -43,16 +44,26 @@ kvz_rtp::zrtp_capab_t kvz_rtp::zrtp::get_capabilities()
     zrtp_capab_t capabilities = {
     };
 
+    /* TODO:  set zid */
+
     return capabilities;
 }
 
-uint8_t *kvz_rtp::zrtp::generate_zid()
+void kvz_rtp::zrtp::generate_zid()
 {
-    uint8_t *zid = new uint8_t[12];
+    zid_ = new uint8_t[12];
 
-    kvz_rtp::crypto::random::generate_random(zid, 12);
+    kvz_rtp::crypto::random::generate_random(zid_, 12);
+}
 
-    return zid;
+void kvz_rtp::zrtp::init_session_hashes()
+{
+    kvz_rtp::crypto::random::generate_random(session_.hashes[0], 32);
+
+    for (size_t i = 1; i < 4; ++i) {
+        cctx_.sha256.update(session_.hashes[i - 1], 32);
+        cctx_.sha256.final(session_.hashes[i]);
+    }
 }
 
 rtp_error_t kvz_rtp::zrtp::begin_session()
@@ -320,11 +331,14 @@ rtp_error_t kvz_rtp::zrtp::init(uint32_t ssrc, socket_t& socket, sockaddr_in& ad
     bool initiator  = false;
     rtp_error_t ret = RTP_OK;
 
+    generate_zid();
+    init_session_hashes();
+
     ssrc_      = ssrc;
     socket_    = socket;
     addr_      = addr;
     capab_     = get_capabilities();
-    capab_.zid = generate_zid();
+    capab_.zid = zid_;
 
     /* TODO: initialize properly  */
     session_.us.retained1[0]  = 1337;
@@ -332,6 +346,9 @@ rtp_error_t kvz_rtp::zrtp::init(uint32_t ssrc, socket_t& socket, sockaddr_in& ad
     session_.us.aux_secret[0] = 1337;
     session_.us.pbx_secret[0] = 1337;
 
+    /* TODO: what is this doing here? */
+    kvz_rtp::crypto::dh dh__;
+
     /* Begin session by exchanging Hello and HelloACK messages.
      *
      * After begin_session() we know what remote is capable of
diff --git a/src/zrtp.hh b/src/zrtp.hh
index 6db6513..5459a71 100644
--- a/src/zrtp.hh
+++ b/src/zrtp.hh
@@ -63,10 +63,17 @@ namespace kvz_rtp {
         uint32_t sas_type;
         uint32_t hvi[8];
 
+        /* Section 9 of RFC 6189 */
+        uint8_t hashes[4][32];
+
         zrtp_dh_t us;
         zrtp_dh_t them;
     } zrtp_session_t;
 
+    typedef struct zrtp_crypto_ctx {
+        kvz_rtp::crypto::sha256 sha256;
+    } zrtp_crypto_ctx_t;
+
     class zrtp {
         public:
             zrtp();
@@ -91,7 +98,10 @@ namespace kvz_rtp {
             zrtp_capab_t get_capabilities();
 
             /* Generate zid for this ZRTP instance. ZID is a unique, 96-bit long ID */
-            uint8_t *generate_zid();
+            void generate_zid();
+
+            /* Initialize the four session hashes defined in Section 9 of RFC 6189 */
+            void init_session_hashes();
 
             /* Being the ZRTP session by sending a Hello message to remote,
              * and responding to remote's Hello message using HelloAck message
@@ -141,5 +151,7 @@ namespace kvz_rtp {
             zrtp_session_t session_;
 
             uint8_t *zid_;
+
+            zrtp_crypto_ctx_t cctx_;
     };
 };