who needs this?
29.06.2011 1:23 пользователь "Earl" <address@hidden>
написал:
> Dear Gunnar, dear Simon,
>
> Gunnar you make a good point, thanks for your post.
>
> One other desirable thing would be secure file transfer.
>
> Simon, the fellow behind anti-sip has written some
proprietary code
> to do secure file transfer. Werner knows some details about
this.
> In my opinion, as long as Linphone is always getting
better, why not
> add secure file transfer at some point in the future?
>
> Regards, Earl
>
> On 6/28/2011 4:43 PM, Gunnar Hellström wrote:
>> This is an important decision and development.
>> Please remember to enable ZRTP in a media agnostic way,
so that it can
>> be used for
>
>> audio, video and real-time text - as desired.
>>
>> Regards
>>
>> Gunnar
>>
----------------------------------------------------------------------------------
>>
>>
>> Simon Morlat skrev 2011-06-28 15:41:
>>> Dear Werner,
>>>
>>> Thank you for your long email !
>>> We apreciate the technical description you wrote
regarding zrtp
>>> integration, we now have a clear view of what 's to
be done and how
>>> GNU zrtp is architectured.
>>> Guillaume and I have looked into GNU zrtp and the
patch you did for
>>> pjsip. We have decided to work on this topic so you
all can expect a
>>> release of linphone with gnu-zrtp in a mid-term
future.
>>>
>>> Best regards,
>>>
>>> Simon
>>>
>>> On 26/06/2011 11:07, Werner Dittmann wrote:
>>>> Dear all,
>>>>
>>>> Attention: long email :-)
>>>>
>>>>
>>>> David Sugar, maintainer of GNU Telephony
project,
>>>> (see http://www.gnutelephony.org/index.php/GNU_Telephony)
>>>> pointed me to the oRTP implementation and thus
Linphone and asked
>>>> if it is possible to have ZRTP support for
oRTP/Linphone.
>>>>
>>>>
>>>> Some background:
>>>>
>>>> ZRTP is a protcol that negotiates the necessary
parameters to set-up
>>>> a secure RTP connections (SRTP). ZRTP was
developed by Phil Zimmermann
>>>> (yes, Mr. "PGP") and is now available as RFC
6189, for further details
>>>> about ZRTP see:
>>>> http://zfoneproject.com/zrtp_ietf.html
>>>>
>>>> I developed a ZRTP implementation which is part
(an extension) of the
>>>> GNU ccRTP implementation and was first used in
the Twinkle SIP client.
>>>> A Java version of this implementation is also
available, same SVN
>>>> repository
>>>> as ccRTP.
>>>>
>>>> Of course GNU ZRTP is interoperable with Phil's
ZRTP implementation
>>>> and we
>>>> did a lot of interop-tests to make this happen.
>>>>
>>>> About 7 months ago I got some information about
the CSipSimple
>>>> project that
>>>> aims to implement a SIP client for Android and
uses the PJSIP stacks
>>>> to get
>>>> the SIP, RTP, and media support. To enable ZRTP
for CSipSimple I
>>>> added a
>>>> C-wrapper to the GNU ZRTP C++ implementation
and we implemented a PJSIP
>>>> transport module to enable PJSIP/PJSUA based
applications to use ZRTP
>>>> "out-of-the-box". For those who are more
interessted in this just
>>>> have a
>>>> look at:
>>>> http://github.com/wernerd/ZRTP4PJ
>>>>
>>>>
>>>> oRTP / Linphone
>>>>
>>>> Because a C-wrapper is available and oRTP
supports transport plugins
>>>> (the
>>>> current SRTP transport seems to use this, but
Linphone does not use
>>>> SRTP
>>>> currently) it is IMHO possible to integrate GNU
ZRTP into oRTP and thus
>>>> Linphone. The following "artwork" :-) depicts
how such an
>>>> integration could
>>>> be done:
>>>>
>>>>
>>>> : +-----------+
>>>> : | SRTP for |
>>>> : | ZRTP |
>>>> : +-----------+
>>>> : | C Wrapper |
>>>> : +-----+-----+
>>>> uses : |
>>>> +----------------+
>>>> | :
>>>> +----------------+ +------------+---+ :
>>>> +-+-----------------+
>>>> | Linphone | | | :
>>>> |C| |
>>>> | enables | uses | zrtp_transport | uses | |
GNU
>>>> ZRTP |
>>>> | ZRTP transport +------+ implements +------+W|
>>>> core |
>>>> | and implements | | ZrtpCallback | : |r|
>>>> implementation |
>>>> |ZrtpUserCallback| | | : |a| (ZRtp et
>>>> al) |
>>>> +----------------+ +----------------+ :
>>>> |p| |
>>>> :
>>>> +-+-----------------+
>>>> :
>>>> oRTP application for oRTP transport : Existing
GNU ZRTP
>>>> with
>>>> example Linphone for ZRTP (new) : C-wrapper
>>>> (modified)
>>>>
>>>>
>>>> Description:
>>>>
>>>> GNU ZRTP
>>>> GNU ZRTP is the existing ZRTP implementation
that handles the ZRTP
>>>> protocol, performs necessary ZRTP computations,
maintains some data
>>>> in a
>>>> file etc. I implemented this part in C++ (it's
stable, tested to
>>>> work with
>>>> Phil Zimmermann's implementation) and it's
licencse is GPL v3. I also
>>>> implemented a C Wrapper to make GNU ZRTP
accessible to C
>>>> implementations.
>>>>
>>>> zrtp_transport
>>>> This is a new oRTP transport that links into
the transport stream,
>>>> similar to the current SRTP transport. This
transport acts as a
>>>> filter that
>>>> controls the flow of ZRTP, RTP, and SRTP data.
This is obviously a new
>>>> module. IMHO it should live in the somewhere
parallel to oRTP source,
>>>> parallel to the other transport modules (just a
proposal). This module
>>>> will be the main development during the planned
ZRTP integration.
>>>> This module
>>>> is the "glue" between applications like
Linphone and the ZRTP
>>>> implementation.
>>>> If ZRTP and thus SRTP are not engaged or active
the zrtp_transport
>>>> behaves
>>>> like the normal oRTP RTP implementtaion.
>>>>
>>>> SRTP-ZRTP
>>>> Instead of using the existing SRTP
implementation I use an own SRTP
>>>> implementation (also a C++ implementation that
has a C Wrapper). Some
>>>> reasons why: the current libsrtp does not
support AES 256
>>>> out-of-the-box
>>>> which is required for ZRTP. In addition ZRTP
defines some more modern
>>>> authentiation mechanisms in SRTP (Skein MAC).
In addition the
>>>> ZRTP/SRTP module
>>>> uses either openSSL or libgcrpyt as crypto
backends, thus no own
>>>> implementation
>>>> of the AES cipher or bignum but reusing proven
and well tested
>>>> implementations.
>>>> This module would live in an appropriate third
party directory. As a
>>>> side
>>>> note: openSSL is availabe for Android, have a
look at CSipSimple
>>>> project thus
>>>> ZRTP uses openSSL on Android, for example.
>>>>
>>>> ZrtpCallback
>>>> GNU ZRTP core requires some external support
functions, for example
>>>> to send
>>>> data via RTP, get a mutex, get a timer, etc.
Because these
>>>> functions are system
>>>> dependent the zrtp_transport module implements
these functions and
>>>> provides
>>>> them via callback to GNU ZRTP.
>>>>
>>>> ZrtpUserCallback
>>>> An application may (and should) implement these
callback methods.
>>>> zrtp_transport
>>>> uses the callback methods to inform the
application about status
>>>> changes, for
>>>> example if security was established, which
cipher was activated, and
>>>> some other
>>>> simple user interactions.
>>>>
>>>>
>>>> To implement this I obviously need some help
from oRTP / Linphone
>>>> gurus, in
>>>> particular with the build and configuration
stuff and the intrinsics
>>>> of the
>>>> transport mechanisms. I would start to evaluate
the SRTP transport
>>>> to lower the
>>>> learning curve. However, some support would be
highly appreciated
>>>> once I had a
>>>> first rough draft of the zrtp_transport code.
>>>>
>>>> Some discussions how to integrate the user
callback functions in
>>>> Linphone etc
>>>> could be the next steps after we have a working
zrtp_transport, in
>>>> particular
>>>> to setup secure connections for audio and video
- yes, this works if
>>>> the
>>>> application supports both :-) .
>>>>
>>>> Ideas, comments, feedback, "ready-to-run-code"
:-) , etc are
>>>> appreciated.
>>>>
>>>> Best regards,
>>>> Werner