linphone-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] ZRTP support for oRTP - Linphone


From: Gunnar Hellström
Subject: Re: [Linphone-developers] ZRTP support for oRTP - Linphone
Date: Tue, 28 Jun 2011 16:43:46 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; sv-SE; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11

This is an important decision and development.
Please remember to enable ZRTP in a media agnostic way, so that it can be used for audio, video and real-time text - as desired.

Regards

Gunnar
----------------------------------------------------------------------------------

Simon Morlat skrev 2011-06-28 15:41:
Dear Werner,

Thank you for your long email !
We apreciate the technical description you wrote regarding zrtp integration, we now have a clear view of what 's to be done and how GNU zrtp is architectured. Guillaume and I have looked into GNU zrtp and the patch you did for pjsip. We have decided to work on this topic so you all can expect a release of linphone with gnu-zrtp in a mid-term future.

Best regards,

Simon

On 26/06/2011 11:07, Werner Dittmann wrote:
Dear all,

Attention: long email :-)


David Sugar, maintainer of GNU Telephony project,
    (see http://www.gnutelephony.org/index.php/GNU_Telephony)
pointed me to the oRTP implementation and thus Linphone and asked
if it is possible to have ZRTP support for oRTP/Linphone.


Some background:

ZRTP is a protcol that negotiates the necessary parameters to set-up
a secure RTP connections (SRTP). ZRTP was developed by Phil Zimmermann
(yes, Mr. "PGP") and is now available as RFC 6189, for further details
about ZRTP see:
     http://zfoneproject.com/zrtp_ietf.html

I developed a ZRTP implementation which is part (an extension) of the
GNU ccRTP implementation and was first used in the Twinkle SIP client.
A Java version of this implementation is also available, same SVN repository
as ccRTP.

Of course GNU ZRTP is interoperable with Phil's ZRTP implementation and we
did a lot of interop-tests to make this happen.

About 7 months ago I got some information about the CSipSimple project that aims to implement a SIP client for Android and uses the PJSIP stacks to get
the SIP, RTP, and media support. To enable ZRTP for CSipSimple I added a
C-wrapper to the GNU ZRTP C++ implementation and we implemented a PJSIP
transport module to enable PJSIP/PJSUA based applications to use ZRTP
"out-of-the-box". For those who are more interessted in this just have a
look at:
     http://github.com/wernerd/ZRTP4PJ


oRTP / Linphone

Because a C-wrapper is available and oRTP supports transport plugins (the
current SRTP transport seems to use this, but Linphone does not use SRTP
currently) it is IMHO possible to integrate GNU ZRTP into oRTP and thus
Linphone. The following "artwork" :-) depicts how such an integration could
be done:


                                                :  +-----------+
                                                :  | SRTP for  |
                                                :  |   ZRTP    |
                                                :  +-----------+
                                                :  | C Wrapper |
                                                :  +-----+-----+
                                          uses  :        |
                                        +----------------+
                                        |       :
   +----------------+      +------------+---+   :  +-+-----------------+
   |   Linphone     |      |                |   :  |C|                 |
   |   enables      | uses | zrtp_transport | uses | |    GNU ZRTP     |
   | ZRTP transport +------+   implements   +------+W|      core       |
   | and implements |      |  ZrtpCallback  |   :  |r| implementation  |
   |ZrtpUserCallback|      |                |   :  |a|  (ZRtp et al)   |
   +----------------+      +----------------+   :  |p|                 |
                                                :  +-+-----------------+
                                                :
oRTP application for oRTP transport : Existing GNU ZRTP with
   example Linphone          for ZRTP (new)     :  C-wrapper
   (modified)


Description:

GNU ZRTP
GNU ZRTP is the existing ZRTP implementation that handles the ZRTP
protocol, performs necessary ZRTP computations, maintains some data in a
file etc. I implemented this part in C++ (it's stable, tested to work with
Phil Zimmermann's implementation) and it's licencse is GPL v3. I also
implemented a C Wrapper to make GNU ZRTP accessible to C implementations.

zrtp_transport
This is a new oRTP transport that links into the transport stream,
similar to the current SRTP transport. This transport acts as a filter that
controls the flow of ZRTP, RTP, and SRTP data. This is obviously a new
module. IMHO it should live in the somewhere parallel to oRTP source,
parallel to the other transport modules (just a proposal). This module
will be the main development during the planned ZRTP integration. This module is the "glue" between applications like Linphone and the ZRTP implementation. If ZRTP and thus SRTP are not engaged or active the zrtp_transport behaves
like the normal oRTP RTP implementtaion.

SRTP-ZRTP
Instead of using the existing SRTP implementation I use an own SRTP
implementation (also a C++ implementation that has a C Wrapper). Some
reasons why: the current libsrtp does not support AES 256 out-of-the-box
which is required for ZRTP. In addition ZRTP defines some more modern
authentiation mechanisms in SRTP (Skein MAC). In addition the ZRTP/SRTP module uses either openSSL or libgcrpyt as crypto backends, thus no own implementation of the AES cipher or bignum but reusing proven and well tested implementations. This module would live in an appropriate third party directory. As a side note: openSSL is availabe for Android, have a look at CSipSimple project thus
ZRTP uses openSSL on Android, for example.

ZrtpCallback
GNU ZRTP core requires some external support functions, for example to send data via RTP, get a mutex, get a timer, etc. Because these functions are system dependent the zrtp_transport module implements these functions and provides
them via callback to GNU ZRTP.

ZrtpUserCallback
An application may (and should) implement these callback methods. zrtp_transport uses the callback methods to inform the application about status changes, for example if security was established, which cipher was activated, and some other
simple user interactions.


To implement this I obviously need some help from oRTP / Linphone gurus, in particular with the build and configuration stuff and the intrinsics of the transport mechanisms. I would start to evaluate the SRTP transport to lower the learning curve. However, some support would be highly appreciated once I had a
first rough draft of the zrtp_transport code.

Some discussions how to integrate the user callback functions in Linphone etc could be the next steps after we have a working zrtp_transport, in particular
to setup secure connections for audio and video - yes, this works if the
application supports both :-) .

Ideas, comments, feedback, "ready-to-run-code" :-) , etc are appreciated.

Best regards,
Werner


_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers



_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers



reply via email to

[Prev in Thread] Current Thread [Next in Thread]