nonce-> meta field. Meta field possible values. fix phrasing in aes sections. Fix a few small bugs.

docs/application_layer.rst

@@ -42,8 +42,8 @@ The data type specifier is used to compute the CRC, along with the payload.
 Encryption Types
 ----------------
 
-Encryption is optional and disabled by default. The use of it is only
-allowed if local laws allow to doso.
+Encryption is optional. The use of it may be restricted within some radio
+services and countries, and should only be used if legally permissible.
 
 Null Encryption
 ~~~~~~~~~~~~~~~
@@ -52,6 +52,54 @@ Encryption type = :math:`00_2`
 
 No encryption is performed, payload is sent in clear text.
 
+The "Encryption SubType" bits in the Stream Type field then indicate
+what data is stored in the 112 bits of the LSF META field.
+
+.. list-table::  
+   :header-rows: 1
+
+   * - Encryption SubType bits
+     - LSF META data contents
+   * - :math:`00_2`
+     - UTF-8 Text
+   * - :math:`01_2`
+     - GNSS Position Data
+   * - :math:`10_2`
+     - Reserved
+   * - :math:`11_2`
+     - Reserved
+
+All LSF META data must be stored in big endian byte order, as throughout
+the rest of this specification.
+
+GNSS Position Data stores the 112 bit META field as follows:
+
+.. list-table::  
+   :header-rows: 1
+
+   * - Size, in bits
+     - Format
+     - Contents
+   * - 32
+     - 32-bit fixed point degrees and decimal minutes (TBD)
+     - Latitude
+   * - 32
+     - 32-bit fixed point degrees and decimal minutes (TBD)
+     - Longitude
+   * - 16
+     - unsigned integer
+     - Altitude, in feet MSL. Stored +1500, so a stored value of 0 represents -1500 MSL. Subtract 1500 feet when parsing.
+   * - 10
+     - unsigned integer
+     - Course in degrees true North
+   * - 10
+     - unsigned integer
+     - Speed in miles per hour.
+   * - 12
+     - Reserved values
+     - Transmitter/Object description field
+
+
 Scrambler
 ~~~~~~~~~
 
@@ -110,25 +158,46 @@ Advanced Encryption Standard (AES)
 
 Encryption type = :math:`10_2`
 
-This method uses AES block cipher in counter (CTR) mode. 96-bit nonce
-value is extracted from the NONCE field, as the 96 most significant
-bits of it. The highest 16 bits of the counter are the remaining 16
-bits of the NONCE field. FN field value is then used as the
-counter. The 16 bit frame counter and 40 ms frames can provide for
-over 20 minutes of streaming without rolling over the counter [#fn_roll]_. This
-method adapts 16-bit counter to the standard 32-bit CTR for the
-encryption. FN counter always start from 0 (zero).
+This method uses AES block cipher in counter (CTR) mode, with a 96-bit
+nonce that should never be used for more than one separate stream and a 32 bit CTR.
+
+The 96-bit AES nonce value is extracted from the 96 most significant
+bits of the META field, and the remaining 16 bits of the META field
+form the highest 16 bits of the 32 bit counter.  The FN (Frame Number)
+field value is then used to fill out the lower 16 bits of the counter,
+and always starts from 0 (zero) in a new voice stream.
+
+The 16 bit frame number and 40 ms frames can provide for over 20 minutes
+of streaming without rolling over the counter [#fn_roll]_.
 
 .. [#fn_roll] The effective capacity of the counter is 15 bits, as the
-              MSB is used for transmission end signalling
+              MSB is used for transmission end signalling. At 40ms per
+              frame, or 25 frames per second, and 2**15 frames, we get
+              2**15 frames / 25 frames per second = 1310 seconds, or 21
+              minutes and some change.
 
-The nonce value should be generated with a hardware random number
-generator or any other method of generating non-repeating
-values. Nonce values must be used only once. It is obvious that with a
-finite number of nonce bits, the probability of nonce collision
-approaches 1. We assume that the transmission is secure for 237 frames
-using a single key. It is recommended to change keys after that
-period.
+The random part of the nonce value should be generated with a hardware
+random number generator or any other method of generating non-repeating
+values. 
+
+To combat replay attacks, a 32-bit timestamp shall be embedded into the
+cryptographic nonce field. The field structure of the 96 bit nonce is
+shown in Table 9. Timestamp is 32 LSB portion of the number of seconds
+that elapsed since the beginning of 1970-01-01, 00:00:00 UTC, minus leap
+seconds (a.k.a. “unix time”).
+
+.. list-table:: 96 bit nonce field structure
+   :header-rows: 1
+
+   * - TIMESTAMP
+     - RANDOM DATA
+     - CTR_HIGH
+   * - 32
+     - 64
+     - 16
+
+**CTR_HIGH** field initializes the highest 16 bits of the CTR, with
+the rest of the counter being equal to the FN counter.
 
 .. warning::
     In CTR mode, AES encryption is malleable [CTR]_ [CRYPTO]_.
@@ -140,24 +209,6 @@ period.
     In the future, use of a different mode, such as Galois/Counter Mode, could
     alleviate this issue [CRYPTO]_.
 
-To combat replay attacks, a 32-bit timestamp shall be embedded into
-the NONCE field. The field structure is shown in Table 9. Timestamp is 32 LSB portion of
-the number of seconds that elapsed since the beginning of 1970-01-01,
-00:00:00 UTC, minus leap seconds (a.k.a. “unix time”).
-
-.. list-table:: NONCE field structure
-   :header-rows: 1
-
-   * - TIMESTAMP
-     - NONCE
-     - CTR_HIGH
-   * - 32
-     - 64
-     - 16
-
-**CTR_HIGH** field initializes the highest 16 bits of the CTR, with
-the rest of the counter being equal to the FN counter.
-
 .. [CTR] McGrew, David A. "Counter mode security: Analysis and recommendations." Cisco Systems, November 2, no. 4 (2002).
 
 .. [CRYPTO] Rogaway, Phillip. "Evaluation of some blockcipher modes of operation." Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan (2011).

docs/data_link_layer.rst

@@ -2,22 +2,28 @@ Data Link Layer
 ===============
 The Data Link layer is split into two modes:
 
-* Packet mode: data are sent in small bursts, on the order of 100s to 1000s of bytes at a time, after
-which the physical layer stops sending data. eg: messages, beacons, etc.
-* Stream mode: data are sent in a continuous stream for an indefinite amount of time, with no
-break in physical layer output, until the stream ends. eg: voice data, bulk data transfers, etc.
+* Packet mode
+   Data are sent in small bursts, on the order of 100s to 1000s of bytes
+   at a time, after which the physical layer stops sending data. e.g. messages, beacons, etc.
+
+* Stream mode
+   Data are sent in a continuous stream for an indefinite amount of time,
+   with no break in physical layer output, until the stream ends. e.g. voice data,
+   bulk data transfers, etc.
 
 When the physical layer is idle (no RF being transmitted or received),
-the data link defaults to packet mode. ~~To switch to stream mode, a
-start stream packet (detailed later) is sent, immediately followed by
-the switch to stream mode; the Stream of data immediately follows the
-Start Stream packet without disabling the Physical layer. To switch
-out of Stream mode, the stream simply ends and returns the Physical
-layer to the idle state, and the Data Link defaults back to Packet
-mode.~~
+the data link defaults to packet mode. 
 
-As is the convention with networking protocols, all quantities
-larger than 8 bits are encoded in bigendian.
+.. ~~To switch to stream mode, a
+.. start stream packet (detailed later) is sent, immediately followed by
+.. the switch to stream mode; the Stream of data immediately follows the
+.. Start Stream packet without disabling the Physical layer. To switch
+.. out of Stream mode, the stream simply ends and returns the Physical
+.. layer to the idle state, and the Data Link defaults back to Packet
+.. mode.~~
+
+As is the convention with other networking protocols, all values are
+encoded in big endian byte order.
 
 Stream Mode
 -----------
@@ -53,7 +59,7 @@ the **Link Setup Frame (LSF)**, and is not part of any superframes.
 
    * - DST
      - 48 bits
-     -  Destination address - Encoded callsign or a special number (eg. a group)
+     - Destination address - Encoded callsign or a special number (eg. a group)
    * - SRC
      - 48 bits
      - Source address - Encoded callsign of the originator or a
@@ -61,9 +67,9 @@ the **Link Setup Frame (LSF)**, and is not part of any superframes.
    * - TYPE
      - 16 bits
      - Information about the incoming data stream
-   * - NONCE
+   * - META
      - 112 bits
-     - Nonce for encryption
+     - Metadata field, suitable for cryptographic metadata like IVs or single-use numbers, or non-crypto metadata like the sender's GNSS position.
    * - CRC
      - 16 bits
      - CRC for the link setup data
@@ -95,11 +101,12 @@ the **Link Setup Frame (LSF)**, and is not part of any superframes.
 The fields in Table 3 (except tail) form initial LSF. It contains all
 information needed to establish M17 link. Later in the transmission,
 the initial LSF is divided into 6 "chunks" and transmitted
-interleaved with data. The purpose of that is to allow late-joiners to
-receive the LICH at any point of the transmission. The process of
-collecting full LSF takes 6 frames or 6*40 ms = 240 ms. Four TAIL
-bits are needed for the convolutional coder to go back to state 0, so
-also the ending trellis position is known.
+beside the payload data. This allows late-joiners to
+reconstruct the LICH after collecting all the pieces, and start decoding
+the stream even though they missed the beginning of the transmission.
+The process of collecting full LSF takes 6 frames or 6*40 ms = 240
+ms. Four TAIL bits are needed for the convolutional coder to go back to
+state 0, so the ending trellis position is also known.
 
 Voice coder rate is inferred from TYPE field, bits 1 and 2.
 
@@ -137,7 +144,7 @@ Subsequent frames
 
 The most significant bit in the FN counter is used for transmission
 end signalling. When transmitting the last frame, it shall be set to 1
-(one). 
+(one), and 0 (zero) in all other frames.
 
 The payload is used so that earlier data in the voice stream is sent first.
 For mixed voice and data payloads, the voice data is stored first, then the data.
@@ -233,8 +240,8 @@ detecting all errors up to hamming distance of 5 with payloads up to
 As M17’s native bit order is most significant bit first, neither the
 input nor the output of the CRC algorithm gets reflected.
 
-The input to the CRC algorithm consists of DST, SRC (each 48 bits), 16 bits of TYPE field and 128
-bits NONCE, and then depending on whether the CRC is being computed
+The input to the CRC algorithm consists of DST, SRC (each 48 bits), 16 bits of TYPE field and 112
+bits META, and then depending on whether the CRC is being computed
 or verified either 16 zero bits or the received CRC.
 
 The test vectors in Table 6 are calculated by feeding the given
@@ -293,6 +300,16 @@ Raw packet frames have no packet type metadata associated with them.  Encapsulat
 format is discussed in :ref:`packet-superframes` in the Application Layer section.  This
 provides data type information and is the preferred format for use on M17.
 
+When encryption type is :math:`00_2`, meaning no encryption, the
+encryption subtype bits are used to indicate the contents of the
+META field in the LSF.  Since that space would otherwise go be unused,
+we can store small bits of data in that field such as free text or the
+sender's GNSS position.
+
+Encryption type and subtype bits, including the plaintext data formats
+when not using encryption, are described in more detail in the Application
+Layer section of this document.
+
 Currently the contents of the source and destination fields are arbitrary as no behavior
 is defined which depends on the content of these fields.  The only requirement is that
 the content is base-40 encoded.

docs/ip_encapsulation.rst

@@ -40,7 +40,7 @@ Later specifications may require this port.
      - Random bits, changed for each PTT or stream, but consistent from frame to frame within a stream
    * - LICH
      - sizeof(LICH)*8 bits
-     - A full LICH frame (dst, src, streamtype, nonce) as defined earlier
+     - A full LICH frame (dst, src, streamtype, META field) as defined earlier
    * - FN
      - 16 bits
      - Frame number (exactly as would be transmitted as an RF stream frame, including the last frame indicator at (FN & 0x8000)

docs/physical_layer.rst

@@ -101,7 +101,7 @@ Link setup frame (LSF)
 
    ECC stages for the link setup frame
 
-240 DST, SRC, TYPE, NONCE and CRC type 1 bits are convolutionally
+240 DST, SRC, TYPE, META and CRC type 1 bits are convolutionally
 coded using rate 1/2 coder with constraint K=5. 4 tail bits are used
 to flush the encoder's state register, giving a total of 244 bits
 being encoded. Resulting 488 type 2 bits are retained for type 3 bits
@@ -241,8 +241,7 @@ The puncturing schemes are defined by their partial puncturing matrices:
 .. math::
    :nowrap:
 
-   .. only:: latex
-      \setcounter{MaxMatrixCols}{32}
+   \setcounter{MaxMatrixCols}{32}
 
    \begin{align}
    P_1 = & \begin{bmatrix}

images/link_setup_frame_encoding.svg

@@ -12,7 +12,7 @@
    viewBox="0 0 252.30742 120.5"
    version="1.1"
    id="svg8"
-   inkscape:version="1.0.2-2 (e86c870879, 2021-01-15)"
+   inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
    sodipodi:docname="link_setup_frame_encoding.svg"
    inkscape:export-filename="C:\Users\SP5WWP\Desktop\frame_1_encoding.png"
    inkscape:export-xdpi="400"
@@ -26,19 +26,19 @@
      borderopacity="1.0"
      inkscape:pageopacity="0.0"
      inkscape:pageshadow="2"
-     inkscape:zoom="11.2"
-     inkscape:cx="501.59347"
-     inkscape:cy="75.127576"
+     inkscape:zoom="0.9899495"
+     inkscape:cx="388.02662"
+     inkscape:cy="335.30996"
      inkscape:document-units="mm"
      inkscape:current-layer="layer1"
      showgrid="false"
-     showguides="false"
+     showguides="true"
      inkscape:guide-bbox="true"
      inkscape:snap-bbox="true"
      inkscape:snap-bbox-midpoints="true"
      inkscape:bbox-nodes="true"
-     inkscape:window-width="1920"
-     inkscape:window-height="1017"
+     inkscape:window-width="1280"
+     inkscape:window-height="962"
      inkscape:window-x="-8"
      inkscape:window-y="-8"
      inkscape:window-maximized="1"
@@ -134,6 +134,11 @@
        orientation="1,0"
        id="guide91"
        inkscape:locked="false" />
+    <sodipodi:guide
+       position="133.63476,110.58277"
+       orientation="1,0"
+       id="guide90"
+       inkscape:locked="false" />
   </sodipodi:namedview>
   <metadata
      id="metadata5">
@@ -219,15 +224,15 @@
          style="font-size:6.35px;stroke-width:0.264583">TYPE</tspan></text>
     <text
        xml:space="preserve"
-       style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
-       x="116.5937"
+       style="font-style:normal;font-weight:normal;font-size:10.58329964px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.26458299"
+       x="119.2716"
        y="84.397797"
        id="text4565-7"><tspan
          sodipodi:role="line"
          id="tspan4563-4"
-         x="116.5937"
+         x="119.2716"
          y="84.397797"
-         style="font-size:6.35px;stroke-width:0.264583">NONCE</tspan></text>
+         style="font-size:6.3499999px;stroke-width:0.26458299">META</tspan></text>
     <text
        xml:space="preserve"
        style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
@@ -405,8 +410,7 @@
            x="913.17792"
            y="740.0545"
            style="font-size:13.33333302px" /></flowRegion><flowPara
-         id="flowPara4856" /></flowRoot>
-    <text
+         id="flowPara4856" /></flowRoot>    <text
        xml:space="preserve"
        style="font-style:normal;font-weight:normal;font-size:3.52778px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
        x="115.46071"