Re: [Linphone-developers] ZRTP support for oRTP - Linphone

[Maxim Podbereznyy]

Secure file transfer. Who needs this under voip client?

29.06.2011 14:33 пользователь "Earl" <address@hidden> написал:
> Who needs telecommunications?
> Letters have worked fine since a very long time.
>
> On 6/29/2011 9:54 AM, Maxim Podbereznyy wrote:
>>
>> who needs this?
>>
>> 29.06.2011 1:23 пользователь "Earl" <address@hidden
>> <mailto:address@hidden>> написал:
>> > Dear Gunnar, dear Simon,
>> >
>> > Gunnar you make a good point, thanks for your post.
>> >
>> > One other desirable thing would be secure file transfer.
>> >
>> > Simon, the fellow behind anti-sip has written some proprietary code
>> > to do secure file transfer. Werner knows some details about this.
>> > In my opinion, as long as Linphone is always getting better, why not
>> > add secure file transfer at some point in the future?
>> >
>> > Regards, Earl
>> >
>> > On 6/28/2011 4:43 PM, Gunnar Hellström wrote:
>> >> This is an important decision and development.
>> >> Please remember to enable ZRTP in a media agnostic way, so that it can
>> >> be used for
>> >
>> >> audio, video and real-time text - as desired.
>> >>
>> >> Regards
>> >>
>> >> Gunnar
>> >>
>> ----------------------------------------------------------------------------------
>>
>> >>
>> >>
>> >> Simon Morlat skrev 2011-06-28 15:41:
>> >>> Dear Werner,
>> >>>
>> >>> Thank you for your long email !
>> >>> We apreciate the technical description you wrote regarding zrtp
>> >>> integration, we now have a clear view of what 's to be done and how
>> >>> GNU zrtp is architectured.
>> >>> Guillaume and I have looked into GNU zrtp and the patch you did for
>> >>> pjsip. We have decided to work on this topic so you all can expect a
>> >>> release of linphone with gnu-zrtp in a mid-term future.
>> >>>
>> >>> Best regards,
>> >>>
>> >>> Simon
>> >>>
>> >>> On 26/06/2011 11:07, Werner Dittmann wrote:
>> >>>> Dear all,
>> >>>>
>> >>>> Attention: long email :-)
>> >>>>
>> >>>>
>> >>>> David Sugar, maintainer of GNU Telephony project,
>> >>>> (see http://www.gnutelephony.org/index.php/GNU_Telephony)
>> >>>> pointed me to the oRTP implementation and thus Linphone and asked
>> >>>> if it is possible to have ZRTP support for oRTP/Linphone.
>> >>>>
>> >>>>
>> >>>> Some background:
>> >>>>
>> >>>> ZRTP is a protcol that negotiates the necessary parameters to set-up
>> >>>> a secure RTP connections (SRTP). ZRTP was developed by Phil
>> Zimmermann
>> >>>> (yes, Mr. "PGP") and is now available as RFC 6189, for further
>> details
>> >>>> about ZRTP see:
>> >>>> http://zfoneproject.com/zrtp_ietf.html
>> >>>>
>> >>>> I developed a ZRTP implementation which is part (an extension) of the
>> >>>> GNU ccRTP implementation and was first used in the Twinkle SIP
>> client.
>> >>>> A Java version of this implementation is also available, same SVN
>> >>>> repository
>> >>>> as ccRTP.
>> >>>>
>> >>>> Of course GNU ZRTP is interoperable with Phil's ZRTP implementation
>> >>>> and we
>> >>>> did a lot of interop-tests to make this happen.
>> >>>>
>> >>>> About 7 months ago I got some information about the CSipSimple
>> >>>> project that
>> >>>> aims to implement a SIP client for Android and uses the PJSIP stacks
>> >>>> to get
>> >>>> the SIP, RTP, and media support. To enable ZRTP for CSipSimple I
>> >>>> added a
>> >>>> C-wrapper to the GNU ZRTP C++ implementation and we implemented a
>> PJSIP
>> >>>> transport module to enable PJSIP/PJSUA based applications to use ZRTP
>> >>>> "out-of-the-box". For those who are more interessted in this just
>> >>>> have a
>> >>>> look at:
>> >>>> http://github.com/wernerd/ZRTP4PJ
>> >>>>
>> >>>>
>> >>>> oRTP / Linphone
>> >>>>
>> >>>> Because a C-wrapper is available and oRTP supports transport plugins
>> >>>> (the
>> >>>> current SRTP transport seems to use this, but Linphone does not use
>> >>>> SRTP
>> >>>> currently) it is IMHO possible to integrate GNU ZRTP into oRTP
>> and thus
>> >>>> Linphone. The following "artwork" :-) depicts how such an
>> >>>> integration could
>> >>>> be done:
>> >>>>
>> >>>>
>> >>>> : +-----------+
>> >>>> : | SRTP for |
>> >>>> : | ZRTP |
>> >>>> : +-----------+
>> >>>> : | C Wrapper |
>> >>>> : +-----+-----+
>> >>>> uses : |
>> >>>> +----------------+
>> >>>> | :
>> >>>> +----------------+ +------------+---+ :
>> >>>> +-+-----------------+
>> >>>> | Linphone | | | :
>> >>>> |C| |
>> >>>> | enables | uses | zrtp_transport | uses | | GNU
>> >>>> ZRTP |
>> >>>> | ZRTP transport +------+ implements +------+W|
>> >>>> core |
>> >>>> | and implements | | ZrtpCallback | : |r|
>> >>>> implementation |
>> >>>> |ZrtpUserCallback| | | : |a| (ZRtp et
>> >>>> al) |
>> >>>> +----------------+ +----------------+ :
>> >>>> |p| |
>> >>>> :
>> >>>> +-+-----------------+
>> >>>> :
>> >>>> oRTP application for oRTP transport : Existing GNU ZRTP
>> >>>> with
>> >>>> example Linphone for ZRTP (new) : C-wrapper
>> >>>> (modified)
>> >>>>
>> >>>>
>> >>>> Description:
>> >>>>
>> >>>> GNU ZRTP
>> >>>> GNU ZRTP is the existing ZRTP implementation that handles the ZRTP
>> >>>> protocol, performs necessary ZRTP computations, maintains some data
>> >>>> in a
>> >>>> file etc. I implemented this part in C++ (it's stable, tested to
>> >>>> work with
>> >>>> Phil Zimmermann's implementation) and it's licencse is GPL v3. I also
>> >>>> implemented a C Wrapper to make GNU ZRTP accessible to C
>> >>>> implementations.
>> >>>>
>> >>>> zrtp_transport
>> >>>> This is a new oRTP transport that links into the transport stream,
>> >>>> similar to the current SRTP transport. This transport acts as a
>> >>>> filter that
>> >>>> controls the flow of ZRTP, RTP, and SRTP data. This is obviously
>> a new
>> >>>> module. IMHO it should live in the somewhere parallel to oRTP source,
>> >>>> parallel to the other transport modules (just a proposal). This
>> module
>> >>>> will be the main development during the planned ZRTP integration.
>> >>>> This module
>> >>>> is the "glue" between applications like Linphone and the ZRTP
>> >>>> implementation.
>> >>>> If ZRTP and thus SRTP are not engaged or active the zrtp_transport
>> >>>> behaves
>> >>>> like the normal oRTP RTP implementtaion.
>> >>>>
>> >>>> SRTP-ZRTP
>> >>>> Instead of using the existing SRTP implementation I use an own SRTP
>> >>>> implementation (also a C++ implementation that has a C Wrapper). Some
>> >>>> reasons why: the current libsrtp does not support AES 256
>> >>>> out-of-the-box
>> >>>> which is required for ZRTP. In addition ZRTP defines some more modern
>> >>>> authentiation mechanisms in SRTP (Skein MAC). In addition the
>> >>>> ZRTP/SRTP module
>> >>>> uses either openSSL or libgcrpyt as crypto backends, thus no own
>> >>>> implementation
>> >>>> of the AES cipher or bignum but reusing proven and well tested
>> >>>> implementations.
>> >>>> This module would live in an appropriate third party directory. As a
>> >>>> side
>> >>>> note: openSSL is availabe for Android, have a look at CSipSimple
>> >>>> project thus
>> >>>> ZRTP uses openSSL on Android, for example.
>> >>>>
>> >>>> ZrtpCallback
>> >>>> GNU ZRTP core requires some external support functions, for example
>> >>>> to send
>> >>>> data via RTP, get a mutex, get a timer, etc. Because these
>> >>>> functions are system
>> >>>> dependent the zrtp_transport module implements these functions and
>> >>>> provides
>> >>>> them via callback to GNU ZRTP.
>> >>>>
>> >>>> ZrtpUserCallback
>> >>>> An application may (and should) implement these callback methods.
>> >>>> zrtp_transport
>> >>>> uses the callback methods to inform the application about status
>> >>>> changes, for
>> >>>> example if security was established, which cipher was activated, and
>> >>>> some other
>> >>>> simple user interactions.
>> >>>>
>> >>>>
>> >>>> To implement this I obviously need some help from oRTP / Linphone
>> >>>> gurus, in
>> >>>> particular with the build and configuration stuff and the intrinsics
>> >>>> of the
>> >>>> transport mechanisms. I would start to evaluate the SRTP transport
>> >>>> to lower the
>> >>>> learning curve. However, some support would be highly appreciated
>> >>>> once I had a
>> >>>> first rough draft of the zrtp_transport code.
>> >>>>
>> >>>> Some discussions how to integrate the user callback functions in
>> >>>> Linphone etc
>> >>>> could be the next steps after we have a working zrtp_transport, in
>> >>>> particular
>> >>>> to setup secure connections for audio and video - yes, this works if
>> >>>> the
>> >>>> application supports both :-) .
>> >>>>
>> >>>> Ideas, comments, feedback, "ready-to-run-code" :-) , etc are
>> >>>> appreciated.
>> >>>>
>> >>>> Best regards,
>> >>>> Werner
>>
>