libZRTP implements an incorrect calculation of the auxiliary secret hash that is not compliant with the ZRTP standard (RFC 6189 chapter 4.1.3).
RFC 6189 chapter 4.1.3 (https://tools.ietf.org/html/rfc6189#section-4.3.1):
- auxsecretIDr = MAC(auxsecret, Responder's H3)
- auxsecretIDi = MAC(auxsecret, Initiator's H3)
libZRTP implementation in zrtp_protocol.c:_zrtp_protocol_init() and _attach_secret():
- auxsecretIDr = MAC(auxsecret, "Responder")
- auxsecretIDi = MAC(auxsecret, "Initiator")
The current implementation does not work together with a compliant ZRTP implementation like e.g. ZRTPCPP (https://github.com/wernerd/ZRTPCPP).
I implemented a bugfix for libZRTP that is compliant to RFC 6189. I'll create a pull request for the 1.6.9 code base. My bugfix is tested and works together with the latest version of ZRTPCPP.
Apart from accepting that pull request, it might be good idea to plan to migrate from the old unmaintained libZRTP to the current and well maintained ZRTPCPP library in the middle-term future.