Attached is an updated version of the zrtp hash patch I submitted last year. This allows liblinphone to negotiate ZRTP when registered to Freeswitch running in proxy media mode by adding a fake zrtp-hash attribute to the initial SDP. Freeswitch detects this attribute in order to correctly configure the two call legs. This is the exact same technique Groundwire uses.
If you are curious about why the switch would be configured like that, this pretty much covers it:
The patch does a number of things:
1) adds “zrtp_available" to the SalMediaDescription structure, and sal_stream_description_has_zrtp() to return it
2) modifies sal_media_description_find_best_stream to prefer any stream with ZRTP, then SRTP, then AVP
3) modifies linphone_call_make_local_media_description to set zrtp_available based on the settings returned by linphone_core_get_media_encryption() and linphone_core_is_media_encryption_mandatory()
4) modifies stream_description_to_sdp to add a fake zrtp-hash attribute to outbound streams if zrtp_available is set
5) modifies sdp_to_stream_description to detect a zrtp-hash attribute and set zrtp_available on inbound streams
6) modifies initiate_outgoing() and initiate_incoming() to set zrtp_available on the result stream if it is present in both the local and remote streams
My version of liblinphone is able to advertise both SRTP and ZRTP at the same time, so my changes to sal_media_description_find_best_stream() and linphone_call_make_local_media_description() are designed with this in mind. (in “both” mode, the first two streams are audio— one SAVP and one AVP). If there is interest, I’d be willing to make a patch for that feature too, but it’s fairly complex and anyone who integrates it would have to make their own UI changes.