[vors.git] / doc / proto.texi

@node Protocol
@unnumbered Protocol

VoRS uses the Opus codec with 20ms frames with 48kHz 1ch 16-bit S-LE
sound. It uses native @code{libopus}'es Packet Loss Concealment (PLC)
feature when the number of lost frame does not exceed 32 count. DTX
(discontinuous transmission) is also on.

Each frame has a single byte stream identifier (unique identifier of the
participant), 24-bit big-endian packet counter and 24-bit big-endian
audio frame counter. Reordered packets are dropped. 24-bit counter is
long enough for very long talk sessions. Audio frame counter is
increased every 20ms data from microphone is read. When peer is muted,
then no packets are sent, but audio frames are still counted. That gives
ability to distinguish jitters and delays from lack of audio
transmission.

Each packet is encrypted with ChaCha20 and authenticated with SipHash24.
Their keys are generated from BLAKE2s-XOF, which is fed with completed
handshake's binding value. Then they are shared among the other
participants. The stream identifier together with the packet counter is
used as a nonce.

It is tuned for 24Kbps bandwidth. But remember that it has additional 8B
of MAC tag, 7B VoRS, 8B UDP and 40B IPv6 headers.

Each client handshakes with the server over TCP connection using the
@url{http://noiseprotocol.org/, Noise}-NK protocol pattern with
curve25519, ChaCha20-Poly1305 and BLAKE2s algorithms.

@itemize

@item Client sends @code{VoRS v3} to the socket. Just a magic number.

@item All next messages are @url{http://cr.yp.to/proto/netstrings.txt,
Netstring} encoded strings. Most of them contain netstring encoded
sequence of netstrings if multiple values are expected:

@example
NS(NS(arg0) || NS(arg1) || ...)
@end example

@item Client sends initial Noise handshake message with his username,
room name and optional BLAKE2s-256 hash of the room's password (or an
empty string) as a payload: @code{"USERNAME", "ROOM", BLAKE2s(PASSWORD)}.

@item Server answers with final noise handshake message with the
@code{"COOKIE", COOKIE}, or @code{"ERR", MSG} failure message.
It may reject a client if there are too many peers, its name is
already taken or it provided an invalid room's password.

@item The 128-bit cookie is sent by client over UDP to the server every
second. If UDP packets are lost, then no connection is possible and
after a timeout the server drops the TCP connection. That cookie means:

    @itemize
    @item confirmation of successful handshake on client side;
    @item UDP hole punching of stateful firewall or NAT;
    @item fact of client's UDP traffic ability to reach the server;
    @item client's UDP address knowledge (after passing NAT, its port
        may differ from known to client one)
    @end itemize

@item Server replies with @code{"SID", X}, where X is single byte
stream number client must use.

@item @code{"PING"} and @code{"PONG"} messages are then sent every ten
seconds as a heartbeat.

@end itemize

@example
S <- C : e, es, NS(NS("USERNAME") || NS("ROOM") || NS("PASSWORD"))
S -> C : e, ee, NS(NS("COOKIE") || NS(COOKIE))
S <- C : UDP(COOKIE)
S -> C : NS(NS("SID") || NS(X))

S <- C : NS(NS("PING"))
S -> C : NS(NS("PONG"))
S <> C : ...

S -> C : NS(NS("ADD") || NS(SID) || NS(USERNAME) || NS(KEY))
S -> C : ...

S -> C : NS(NS("DEL") || NS(SID))
S -> C : ...
@end example

Every second the client sends UDP packet with his single-byte stream
identifier, even if it's muted. That may help punching holes in stateful
firewalls.

Clients are notified about new peers appearance with @code{ADD}
commands, telling their SIDs, usernames and keys. @code{DEL} notifies
about leaving peers. @code{MUTED}, @code{UNMUTED} notifies peer's mute
toggling.