* libZRTP SDK library, implements the ZRTP secure VoIP protocol.
 * Copyright (c) 2006-2009 Philip R. Zimmermann.  All rights reserved.
 * Contact: http://philzimmermann.com
 * For licensing and other legal details, see the file zrtp_legal.c.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
SINCE LIBZRTP v0.80 CHANGELOG IS A PART OF HTML DOCUMENTATION. 
https://developers.zfoneproject.com/libzrtp/wiki/LibzrtpChangeLog
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


libzrtp 0.7.1											18.11.2008
--------------------------------------------------------------------------------
1.	Fixed bug with hardcoded AES128 cipher for generating SRTP keys. In this 
	version is selected according to ZRTP discovery.
	
2.	Added initialization/deinitalization functions to zrtp helper functions.

libzrtp 0.7.0											04.11.2008
--------------------------------------------------------------------------------
1.	Changes in libzrtp sources tree.

2.	Improvements in libzrtp initialization routine:
	- all global zrtp options were combined in zrtp_config_t structure;
	- zrtp_init() allocates memory for zrtp global context;
	- zrtp_config_defaults() 

3.	Improvements for Passive/Active mode support.
	a) A passive endpoint never sends a commit message, period. Also, it 
	declares itself as a passive endpoint by setting the P flag it its own
	Hello message;
	b) A active endpoint does not send a commit to a passive endpoint, which it 
	recognizes by detecting the P flag;
	c) A passive phone, if acting as a SIP initiator (meaning it initiated the 
	call), rejects all commit packets from everyone;
	d) A passive phone rejects all commit messages from a PBX, which is easily 
	recognized by the M flag.
	Passive mode support is built into the library logic and will be used
	automatically if the developer specifies signaling role by setting 
	is_initiator flag in zrtp_init_session_ctx().

4.	Improvements in ZRTP feedback interface and system-dependent functions.
    There are two types of interface functions in libzrtp: system dependent API
	and realization of helper functions and events. System dependent API in
	defined in zrtp_iface_system.h as set of extern functions. System
	functions are already implemented for several basic platforms in
	zrtp_iface.sys.c libzrtp feedback and helper functions were re-factored
	and implemented as set of callbacks. If the developer doesn't want to
	handle one or another event it may just leave necessary pointer empty.
	See zrtp_init() and zrtp_callback_t, zrtp_iface.h for more details.

5. 	ZRTP configuration approach was improved: zrtp_config_xxx.h contains
	adjustments for necessary target platform. libzrtp contains default
	configs for Linux, OS X, Windows, Window CE and Symbian platforms.
	All ZRTP protocol and behavior related adjustments are collected in
	zrtp_config_user.h. Edit this file to configure libzrtp for your
	needs.
	
6.	Implemented new functions in protocol according to the Internet Draft v 10.

7.	Improved realization of built-in libzrtp scheduler. Fixed bug with crashing
	on performing delay call when zrtp session have been already deleted.
	
8. 	Logging function was improved. Use ZRTP_LOG macro to print log messages. See
	zrtp_log.h for more information.


libzrtp 0.6.8											03.09.2008
--------------------------------------------------------------------------------
ZRTP
1.	Fixed bug with incorrect maximum value for T1 retry interval timer which 
    increased delay between LOOKING_FOR_ZRTP and NO_ZRTP_SUPPORT states. 
    Internal fix, no API changes required;
2.	Implemented version negotiation according to the latest specification.
	libzrtp v 0.6.8 supports ZRTP v0.90 only. No changes required in 
	applications that use the SDK.
3. 	Compilation flag WITH_ZFONE was removed. The developer, who wants to use
	built-in ZRTP cache, has to set name of the ZRTP cache explicitly,
	implementing  zrtp_get_cache_path() function.
4. 	New libzrtp licensing scheme was implemented. It allows the licensing policy 
    to be changed at run time.  See zrtp_license_mode_t doc. for more details. 
    Affected API - zrtp_init().
5. 	ZRTP Protocol version was changed to 0.90 according to ZRTP Internet Draft.
6. 	Some changes in Linux config files: surplus configuration flags were removed
	from ./cfg.XXX templates. 
7.	Added experimental ZRTP messages retries scheduler for slow channels. As 
	ex ample for GSM CSD channel with average bandwidth 6Kb/s. To use this
	option build library with BUILD_FOR_CSD flag.


libzrtp 0.6.6											27.06.2008
--------------------------------------------------------------------------------
ZRTP
1. Small bug was fixed in S0 calculation: when RS1 is corrupted the library uses
   RS2 instead;
2. Some changes in Makefile and building process: unused header were eliminated 	
   from the installation process.
3. -DBUILD_WITH_ZRTP_MUTEXES was replaced with --enable_mutexes option passed to 
   ./configure script. This change allows not to specify any libzrtp compilation 
   flags during user application compilation. --enable-mutexes adds    
   BUILD_ZRTP_MUTEXES definition to the ./config/zrtp_unix_config.h so if you 
   build libzrtp on other platforms - define this flag manually (windows 
   configuration file already includes this option).
4. Clean-up in .h and .c comments was made.


libzrtp 0.6.5											04.06.2008
--------------------------------------------------------------------------------
ZRTP
1. New names for: other_secret - pbxs; srtps - auxs. In bits and secrets storages;
2. RS2 secret was eliminated form DH s0 calculation;
3. Protocol version number was increased to 0.85


libzrtp 0.6.4											19.05.2008
--------------------------------------------------------------------------------
ZRTP
1. According to the new version of the Internet Draft Signaling shared secret was
   removed from the protocol and from the sources. It was not used by interface
   functions and developers may change nothing in libzrtp based applications.
   
2. DH4K Key echange was eleminated from the specification and from the sources.
   Now ECDH is used for all larger AES key sizes.


libzrtp 0.6.2											04.02.2008
--------------------------------------------------------------------------------
ZRTP
1. New behaviour for Secure --> Clear --> Secure scenario was implemnted. According
   to ZRTP ID 06 section 5.7.2.1 new value of ZRTPSess computed as hash(ZRTPSess).

DOC:
   Libzrtp documentation was updated up to version 0.6.2.


libzrtp 0.6.1											03.14.2008
--------------------------------------------------------------------------------
ZRTP
1. Multistream mode was implemented according to ZRTP Internet Draft 05.n:
    - new stream mode zrtp_stream_mode_t:: ZRTP_STREAM_MODE_MULT;
	- Multistream key exchange component was added with ID zrtp_pktype_id_t::
	  ZRTP_PKTYPE_MULT and symbolic name ZRTP_MULT. To allow libzrtp use Multistream
	  mode - ZRTP_PKTYPE_MULT have to be added to the stream profile in the first
	  position;
	- According to the new draft SAS and ZRTPSess key are Session option and
	  were moved to the zrtp_conn_ctx_t structure. New specification defines
	  single SAS values for all streams within the session;
	- ZRTP state-machine was changed to handle Multistream mode. In .Fast. mode
	  DH exchange is omitted and stream skips ZRTP_STATE_WAIT_CONFIRM1 and
	  ZRTP_STATE_PENDINGSECURE for the Initiator and Responder state-machines,
	  respectively;

2. Hash preimages were added to prevent DOS attacks. See ZRTP ID sec 9.0 for detail
   information. This option is available using  zrtp_set_signaling_hash() and
   zrtp_get_signaling_hash() functions. 

3. Hmac values were added to every packet to allow eliminate SAS validation
   if SIP is protected;

4. Autosave. of the default realization of the ZRTP cache to the hard drive was
   implemented;

5. Lot of other internal changes and improvements according to the latest ZRTP
   specification v06.
								 

libzrtp 0.4.5-6										
--------------------------------------------------------------------------------
	1. Full PBX support. Tested on GS-Labs Asterisk
	API:
	DOC:
	
	2. Resolved problem with BG ciphers compilation: initialization of AES hash tables.
	
	3. Fixed bug in SRTP replay protection. (Undeleted nodes for mulsy-stream encryption)
	   (May resulted in a error zrtp_protocol_error_t::zrtp_status_rp_fail)
	
	4. Vrification is a session option. Input parameter of zrtp_set_verified() was
	   changed from stream to ZRTP session structure.

	5. Fixed bug with malformed ZRTP Hello packet.

	5. fast video
	
libzrtp 0.4.4											31.07.2007
--------------------------------------------------------------------------------
    1. New extra error code for replay protection was added.
	   See zrtp_status_t::zrtp_status_rp_fail.
    
    2. Fixed bug which may resulted in a dammage with decrypt failed 7 error. It
       was happen when libzrtp passed RTP alerts packet to the replay protection
       engine and ROC was broken.
       
    3. Fixed RTCP encryption/decryption.
    
    4. Fixed bug with RS1 and RS2 swapping when one of the sides lost RS1.
       (May resulted in a error zrtp_protocol_error_t::zrtp_error_auth_decrypt )


libzrtp 0.4.3											06.07.2007
-------------------------------------------------------------------------------- 
	1. Beta version of API for PBX support according to the latest ZRTP draft.
	   Not tested. For internal development only. Follow // PBX comments;
	   - secret's cache format was changed.
	   
	2. S0 calculation according to NIST recommendations; Internal change
		- ZRTP protocol version was increased to 0.07.
	
	3. All libzrtp sources was audited with coverity code analyzer. http://coverity.com/
	
libzrtp (0.3.9 - 0.4.2)										27.06.2008
-------------------------------------------------------------------------------- 
	1. Changes according to new draft 04a. All changes are internal.
	   a) new DH packets: pvi/pvr, nonce field is at the end of the DH packet.
	      In "Preshared" mode both DH packets contain nonce value instead of pvi/r;
	   b) new hvi value the same for all modes (DH and Preshared)
	      hvi = hash(initiator's DHPart2 message | responder's Hello message);
	   c) new algorithm of SAS computing: sasvalue = HMAC(hmackeyi,"SAS");

	2. New GUI based test-unite forSymbian platform
	
	3. Default implementation of the packet retries unite for Symbian was added
	   to the libzrtp package. Except besides scheduler, libzrtp includes
	   realization of some synchronization and threading routines. These 
	   components written in C++ and can't be linked with the library. One should
	   add them to own Symbian project project.
	   
	4. Compilation of default realization of ZRTP mutexes was separated from
	   the other system interfaces. To build library with default mutexes
	   BUILD_ZRTP_MUTEXES flag should be used;
	   
	5. New clearing logic. Goals:
	   API:
	      - state-machine states were changed
	      - goclear reason was eliminated. Now we can switch to CLEAR just on
	        user action.
	      - ZRTP_EVENT_IS_INITIATINGCLEAR was removed as a uperfluous event. As a
	        result all event codes were changed.
	      - new clear_hmac = HMAC(hmakkeyi/r, "Clear Hmac")
	6. New Errors handling logic. See updated state-macine diagram and "developers
	   guide".
	   API:
		  - ZRTP_STATE_ERROR was added to handle error requests. Libzrtp switches
		    to this state after the Error exchange. From  ZRTP_STATE_ERROR stream
		    cxan be started again or destroyed, depending on application strategy.		    
	      - ZRTP_ERRORACK and ZRTP_ERROR packets were added
	      - new event ZRTP_ENEVT_NO_ZRTP inform's user that other side doesn't
	        support ZRTP encryption.
	      	      
	7. -D WITH_STACK_MINIM compilation flag allows to minimize coasts for the
	   system stack. In the most critical places dynamic allocation will be used
	   instead of static variables. This option can be useful on mobile platforms
	   in kernel mode, etc.
	   
	8. Several bug fixes in scheduler. Improved built-in realization of Symbian
	   platform. If you use our default realization on Symbian - please update.
	     
	9. David A. McGrew's srtp was replaced with our own. We did it to get control
	   over all crypto functions, generalize interface of crypto component. It
	   allows us to port libsrtp to any platforms more smoothly. We have one 
	   configuration file, all platform-dependent function and definitions are
	   concentrated at one place. We eliminated superfluous functionality from 
	   libsrtp, made it crossplatform and thread-safe. In SRTP engine we use our
	   own crypto-components based on by Dr. Brian Gladman's sources. Each component
	   has strong self-test function allows it to be tested on any platform and
	   in any environment.
	  - project structure was changed;
	  - bgaes folder includes AES and SHA routines by Dr. Brian Gladman. For details
	    see dgaes/howto and bg2zrtp.h files;
	  - libzrtp supports external realizations of SRTP (Use zrtp_srtp.h API and flag
	    -D WITHOUT_BUILTIN_SRTP );
	
	10. Header files were refactored: one can add just single zrtp.h include to use
	   any libzrtp function or data type;
	
	11. Solved problem with deadlock during Video conferences. (One side starts
	    negotioation with Video and another one with Audio stream)
		
	12. Some changes in test-unite:
		- test vectores and test-cases for all cryptio components are available;
		- zrtp_system_test.h checks environment and compilation flags
		- use ZRTP_ENABLE_TEST flag to build library with all tests
	13. Full documentation review and updating.
	
	14. Sources clean up and some refactoring;
	
	15. Fixing in "break the tie" logic. See diagrams and zrtp_preparse_commit(),
	    zrtp_preparse_init_commit();
	
	16. Some changes according to the lates ZRTP specification:
		- sasvalue was trancated to 32 bits and used mostleft parts of the hashvalue.
	
	17. Small bug fixes (zrtp_can_start_dh and zrtp_can_start_preshared() mixed into
	    zrtp_can_start_stream);
	
	18. New key derivation mechanism according to NIST standarts. See ZRTP Draft
		5.4.4 and 5.5.4.
		
libzrtp (0.3.7)
-------------------------------------------------------------------------------- 
	1. New, more clear and useful test-unite
	2. Eliminated zrtp_stop_protocol(). Now zrtp_done_session_ctx() includes 
	   protocol stopping.
	3. Some simplifications in project structure: removed zrtp_inet.h and bnase32.h,
	   zrtp_iface.c was removed to src\iface folder;
	4. ZSTR_GET_VALUE should be used to convert zrtp_stringxx_t to zrtp_stringn_t;
	5. Some changes for windows CE;
	6. Changed default options: SAS base256 enabled by defauld and "staysecure" is on.

libzrtp (0.3.6)							
--------------------------------------------------------------------------------
	FIXES:
	   a) CRC now covers the whole ZRTP packet, not just a body
	   b) improved names of some crypto-components in HELLO/COMMIT packets
	   c) improved messages hash: hash function covers all ZRTP message with
	      magic number and length fields;
	   d) fixed DHPart1 and DHPart2 packets format according to last version
	      of ZRTP Internet draft.
	   e) fixed retain secrets sorting algorithm according to the last version
	      of the internet draft.
	      
	1. Windows CE support. Now library is fully compatible with Windows CE.	   
		- .\libzrtp\projects\libzrtp_wince_vc8.sln project file for MS VS 2005
		- .\libzrtp\test\WinCE contains sources of simple test-unite ( We have
		  just started working in this direction and more intelligent test unite
		  will be available soon. Tested on HTC S620 with Windows CE 2005 )
	   
	2. Added previous state field to ZRTP stream structure. It can be used to
	   analyze conditions of switching from one state to another. (For libzrtp
	   developers only)
	   API:
		- zrtp_stream_ctx_t#_prev_state was added
		- _zrtp_change_state() MUST be used to switch from one state to another
			
	3. Some changes in PENDING_CLEAR state handler. In case of error during
	   transition from CLEAR to SECURE state-machine will switch back to CLEAR
	   without the confirmation by user.
	   
	   
libzrtp (0.3.5)
--------------------------------------------------------------------------------
    Full description is in progress
	
	1. Support of all crypto futures according to the new ZRTP draft v 0.3. Lots
	   of internal changes were provided in ZRTP kernel.

	2. Symbian support. Now you can build libzrtp and test unites on Symbian
	   platforms. There are .inf and .mmp files in corresponded directories.
	   (Symbian project files are a little bit row and we will appreciate any
	   suggestions and advices.)

	3. ZRTP stream became more independent. You can use different configurations
	   for different streams. So
	   ZRTP profile:	profile;
	   "staysecure" 	flag: 	staysecure;
	   SAS values:		sas_values;
	   cache TTL:		cache_ttl;
	   and all used crypto components were removed from session context
	   (zrtp_conn_ctx_t) to stream context (zrtp_stream_ctx_t).
	   API:
	    - you should configure every stream in the same way as the whole session in
	      previous version has been done. See zrtp_init_session_ctx()
	      and zrtp_attach_stream()

	4. "Multistream" mode was replaced by "Preshared" (based on retain secrets
	   from previous call. See  http://zfoneproject.com/docs/ietf/draft-zimmermann-avt-zrtp-03.html#anchor19 .
	   Preshared mode is available as a normal ZRTP crypto component e.g."DH3K"
	   or "DH4K". If you enable Preshared mode in profile and libzrtp finds
	   secrets in your cache - "Preshared" mode will be used for all next calls
	   API:
	    - the choice of stream mode was removed from zrtp_start_stream() and
	      from zrtp_secure_stream(). 

	5. Integer enumerations for all crypto components e.g. Hash type, cipher type
	   etc. You should use these values instead of character values for optional
       	   profile configuration. (as an example for enabling "preshared" mode)
	   API:
	    - enumerations types zrtp_hash_id, zrtp_cipher_idzrtp_atl_id,
		  zrtp_pktype_id, zrtp_sas_id in zrtp_crypto.h
		- all crypto components structures now have id field and libzrtp
		  operates with this field to find, register or delete crypto
		  components.
		- ZRTP profile: zrtp_profile_t uses this integer values too. (list of
		  crypto-components is a zero terminated array of values of necessary
		  type)
		- zrtp_find_in_profile() and zrtp_find_comp() operate with component
		  integer identifiers
		- there are two special functions to convert component ID to ZRTP
		  character name: zrtp_comp_id2type(), zrtp_comp_type2id.

	6. Integer error codes were provided instead of 4-character values. One should
	   use them to analyze zrtp_stream_ctx_t#last_error value in your ZRTP
	   errors handlers.
	   API:
		- zrtp_protocol_error_t was added to zrtp_error.h.
		- zrtp_stream_ctx_t#last_error now is an integer value from
		  zrtp_protocol_error_t space.

	7. Special function for verification of SAS value was added. One should use
	   this function to set/unset SAS verification flag from his own
	   application.
	   API:
		- zrtp_set_verified() was added to zrtp.h

	8. Some optimization of types was provided. Here are some possible changes which you 
	   need to make in your product:
		- libzrtp uses it own strings (zrtp_stringXX_t group) to operate with
		  binary and character strings. In this version we made attempt to
		  minimize memory coasts and replaced zrtp_string_t with zrtp_stringXX_t
		  group, where XX - maximum length in bytes. zrtp_stringxx_t contains
		  its length and as a result all functions for work with strings are
		  type independent. So one should use one of these types to store binary
		  strings and zrtp_stringn_t as a type of operand in all global functions.
		- all retain secrets holders and flags were removed to zrtp_secrets
		  structure in zrtp_conn_ctx_t#secrets.
		- zrtp_packet_string4_t was replaced by zrtp_ucharXX_t group  where XX -
		  type length in bytes. These types are used in library for packets
		  construction instead of char arrays.

	9. Packets retries synchronization was added. zrtp_retry_task_t structure
	   from zrtp_types_t is used for all operations with scheduler. One should
	   use #callback and #timeout fields from this structure.
	   API:
		- zrtp_send_packet_later(), zrtp_cancel_send_packet_later()
		
libzrtp (0.3.4)
--------------------------------------------------------------------------------
    1. ZRTP state-macine was fully refactored. All transitions between states
       are absolutely identical to diagram attached to documentation.
       DOC:
	- See doc/img/png/state_mach_ext.png
	
	2. ZRTP uses new packets format according to draft-zimmermann-avt-zrtp-03i
	
	3. Improved some mistakes in libbn make-files for windows. Unused
	   functions were omitted.
	   
	4. Provided types optimization to decrease RAM memory costs.
		
	5. Packets retries were synchronized.
	   
	6. zrtp_voip_proto_t was removed from the library
	   API:
	    - if you need this enumeration see zfone_types.h in zfone project
	
	7. "GoClear reasons" support
	
	8. Some internal changes according to draft-zimmermann-avt-zrtp-03i		
		a) Commit hash covers the whole Hello body 
		b) GoClear hmac includes "Reason string"
		c) Confirm body encrypted by AES CDB cipher
		d) Confirm hmac covers whole encrypted part of the packet
	
	9. Use BUILD_ZRTP_DEBUG_LOG flag instead of BUILD_DEBUG_LOG to build the
	   library with debug logs.

libzrtp (0.3.3)											21.02.2007
--------------------------------------------------------------------------------
    1. libzrtp test application refactored for better performance and usability.
       For addition information see test application README file and
       "libzrtp test suite" chapter in main documentation page.    
	
    2. Some changes in documentation for better English

    3. Use microseconds in zrtp_time_t instead of milliseconds.
       API changes:
        - change zrtp_get_time() function realization if needed

    4. Fixed several small mistakes
	

libzrtp (0.3.2)											09.02.2007
--------------------------------------------------------------------------------
    1. Global context allocation removed to user space. 
       This was made to able RNG using before library initialization.
       API changes:
	- zrtp_init(), zrtp_down()
	- zrtp_randstr(), zrtp_add_system_state()
	
    2. Fixed bug in srtp SHA1 calculation for Windows.
	
    3. Confirm and GoClear HMAC was truncated to 64 bits.
	
    4. Calls stack minimized for library using in kernel mode
	
    5. Default realization of secrets' cache is available. Cache was implemented
       as a simple binary file and can be built using  -DBUILD_DEFAULT_CACHE file.
       API:
	- realization at src\iface\zrtp_cache.c
       DOC:
	- 1.4 libZRTP setup and building
	- 2.2 System-dependent functions

    6. Default cross-platform realization of time-out sending unite is available.
       This unite is available for Linux, MacOS and Windows. It can be built using
       -DBUILD_DEFAULT_TIMER flag.
       API:
	- realization at src\iface\zrtp_scheduler.c
       DOC:
	- 1.4 libZRTP setup and building
	- 2.2 System-dependent functions
	   
    7. "HOWTO libzrtp" was added to the library documentation

libzrtp (0.3.1)											06.12.2006
--------------------------------------------------------------------------------
    1. Global variables were removed from c-files. Added global context
       zrtp_global_ctx_t for necessary data storing. This was made to allow
       to build library in some special environment as Symbian OS ed2.
       DOC changes:
	    - 2.1.2 data structure
       API changes:
	    - zrtp_global_ctx_t added
    	- zrtp_init(), zrtp_down(), zrtp_init_session(), zrtp_down_session()
    
    2. Added multithreading support. Now libzrtp is thread-safe. About all
       conditions of usage in multithreading application and synchronization
       schemes see section "2.3.3 Multithreading and concurrent streams" in 
       developers guide.
       DOC changes:
	    - 2.2.3 Multithreading and concurrent streams
       API changes:
	    - mutex were added to main data structures
	    - mutex interface section at zrtp_iface.c, default realization at
	      zrtp_iface.c
    
    3. Session configuration routine was simplified. ZRTP profile is applied on
       session initialization. Some configuration functions were removed and
       changed.
	DOC changes:
    	- 2.3.1 Setup, initialization and deinitialization
	API:
	    - zrtp_profile_autoload() removed
	    - zrtp_init_session(), zrtp_check_profile()

    4. Default realizations of system interfaces was added (for Windows, Linux
       and MacOS).
       API:
	    - zrtp_iface.c added
    
    5. Test suit developed.
       Simple test-unite created. It runs several ZRTP sessions, enters SECURE
       mode, shows statistics and is closed. To build test-suite on Unix - use C
       flags -DBUILD_DEBUG_LOG -DBUILD_WITH_CFUNC -DBUILD_EMPTY_CACHE
       -DBUILD_EMPTY_TIMER and configure param.  --enable-test. To run tests:
       make check. To build test-suite on Windows use necessary project files.
       DOC changes:
	    - 1.4 libZRTP setup and building
	API:
	    - Sources can be found at /test directory
    
    6. Some changes in project structure, configuration and make files according
       to new functionality.
       DOC changes:
    	- 1.4 libZRTP setup and building