Secure file transfer. Who needs this under voip client?
29.06.2011 14:33 пользователь "Earl" <address@hidden>
написал:
> Who needs telecommunications?
> Letters have worked fine since a very long time.
>
> On 6/29/2011 9:54 AM, Maxim Podbereznyy wrote:
>>
>> who needs this?
>>
>> 29.06.2011 1:23 пользователь "Earl" <address@hidden
>> <mailto:address@hidden>>
написал:
>> > Dear Gunnar, dear Simon,
>> >
>> > Gunnar you make a good point, thanks for your
post.
>> >
>> > One other desirable thing would be secure file
transfer.
>> >
>> > Simon, the fellow behind anti-sip has written some
proprietary code
>> > to do secure file transfer. Werner knows some
details about this.
>> > In my opinion, as long as Linphone is always
getting better, why not
>> > add secure file transfer at some point in the
future?
>> >
>> > Regards, Earl
>> >
>> > On 6/28/2011 4:43 PM, Gunnar Hellström wrote:
>> >> This is an important decision and development.
>> >> Please remember to enable ZRTP in a media
agnostic way, so that it can
>> >> be used for
>> >
>> >> audio, video and real-time text - as desired.
>> >>
>> >> Regards
>> >>
>> >> Gunnar
>> >>
>>
----------------------------------------------------------------------------------
>>
>> >>
>> >>
>> >> Simon Morlat skrev 2011-06-28 15:41:
>> >>> Dear Werner,
>> >>>
>> >>> Thank you for your long email !
>> >>> We apreciate the technical description you
wrote regarding zrtp
>> >>> integration, we now have a clear view of
what 's to be done and how
>> >>> GNU zrtp is architectured.
>> >>> Guillaume and I have looked into GNU zrtp
and the patch you did for
>> >>> pjsip. We have decided to work on this
topic so you all can expect a
>> >>> release of linphone with gnu-zrtp in a
mid-term future.
>> >>>
>> >>> Best regards,
>> >>>
>> >>> Simon
>> >>>
>> >>> On 26/06/2011 11:07, Werner Dittmann
wrote:
>> >>>> Dear all,
>> >>>>
>> >>>> Attention: long email :-)
>> >>>>
>> >>>>
>> >>>> David Sugar, maintainer of GNU
Telephony project,
>> >>>> (see http://www.gnutelephony.org/index.php/GNU_Telephony)
>> >>>> pointed me to the oRTP implementation
and thus Linphone and asked
>> >>>> if it is possible to have ZRTP support
for oRTP/Linphone.
>> >>>>
>> >>>>
>> >>>> Some background:
>> >>>>
>> >>>> ZRTP is a protcol that negotiates the
necessary parameters to set-up
>> >>>> a secure RTP connections (SRTP). ZRTP
was developed by Phil
>> Zimmermann
>> >>>> (yes, Mr. "PGP") and is now available
as RFC 6189, for further
>> details
>> >>>> about ZRTP see:
>> >>>> http://zfoneproject.com/zrtp_ietf.html
>> >>>>
>> >>>> I developed a ZRTP implementation
which is part (an extension) of the
>> >>>> GNU ccRTP implementation and was first
used in the Twinkle SIP
>> client.
>> >>>> A Java version of this implementation
is also available, same SVN
>> >>>> repository
>> >>>> as ccRTP.
>> >>>>
>> >>>> Of course GNU ZRTP is interoperable
with Phil's ZRTP implementation
>> >>>> and we
>> >>>> did a lot of interop-tests to make
this happen.
>> >>>>
>> >>>> About 7 months ago I got some
information about the CSipSimple
>> >>>> project that
>> >>>> aims to implement a SIP client for
Android and uses the PJSIP stacks
>> >>>> to get
>> >>>> the SIP, RTP, and media support. To
enable ZRTP for CSipSimple I
>> >>>> added a
>> >>>> C-wrapper to the GNU ZRTP C++
implementation and we implemented a
>> PJSIP
>> >>>> transport module to enable PJSIP/PJSUA
based applications to use ZRTP
>> >>>> "out-of-the-box". For those who are
more interessted in this just
>> >>>> have a
>> >>>> look at:
>> >>>> http://github.com/wernerd/ZRTP4PJ
>> >>>>
>> >>>>
>> >>>> oRTP / Linphone
>> >>>>
>> >>>> Because a C-wrapper is available and
oRTP supports transport plugins
>> >>>> (the
>> >>>> current SRTP transport seems to use
this, but Linphone does not use
>> >>>> SRTP
>> >>>> currently) it is IMHO possible to
integrate GNU ZRTP into oRTP
>> and thus
>> >>>> Linphone. The following "artwork" :-)
depicts how such an
>> >>>> integration could
>> >>>> be done:
>> >>>>
>> >>>>
>> >>>> : +-----------+
>> >>>> : | SRTP for |
>> >>>> : | ZRTP |
>> >>>> : +-----------+
>> >>>> : | C Wrapper |
>> >>>> : +-----+-----+
>> >>>> uses : |
>> >>>> +----------------+
>> >>>> | :
>> >>>> +----------------+ +------------+---+
:
>> >>>> +-+-----------------+
>> >>>> | Linphone | | | :
>> >>>> |C| |
>> >>>> | enables | uses | zrtp_transport |
uses | | GNU
>> >>>> ZRTP |
>> >>>> | ZRTP transport +------+ implements
+------+W|
>> >>>> core |
>> >>>> | and implements | | ZrtpCallback | :
|r|
>> >>>> implementation |
>> >>>> |ZrtpUserCallback| | | : |a| (ZRtp et
>> >>>> al) |
>> >>>> +----------------+ +----------------+
:
>> >>>> |p| |
>> >>>> :
>> >>>> +-+-----------------+
>> >>>> :
>> >>>> oRTP application for oRTP transport :
Existing GNU ZRTP
>> >>>> with
>> >>>> example Linphone for ZRTP (new) :
C-wrapper
>> >>>> (modified)
>> >>>>
>> >>>>
>> >>>> Description:
>> >>>>
>> >>>> GNU ZRTP
>> >>>> GNU ZRTP is the existing ZRTP
implementation that handles the ZRTP
>> >>>> protocol, performs necessary ZRTP
computations, maintains some data
>> >>>> in a
>> >>>> file etc. I implemented this part in
C++ (it's stable, tested to
>> >>>> work with
>> >>>> Phil Zimmermann's implementation) and
it's licencse is GPL v3. I also
>> >>>> implemented a C Wrapper to make GNU
ZRTP accessible to C
>> >>>> implementations.
>> >>>>
>> >>>> zrtp_transport
>> >>>> This is a new oRTP transport that
links into the transport stream,
>> >>>> similar to the current SRTP transport.
This transport acts as a
>> >>>> filter that
>> >>>> controls the flow of ZRTP, RTP, and
SRTP data. This is obviously
>> a new
>> >>>> module. IMHO it should live in the
somewhere parallel to oRTP source,
>> >>>> parallel to the other transport
modules (just a proposal). This
>> module
>> >>>> will be the main development during
the planned ZRTP integration.
>> >>>> This module
>> >>>> is the "glue" between applications
like Linphone and the ZRTP
>> >>>> implementation.
>> >>>> If ZRTP and thus SRTP are not engaged
or active the zrtp_transport
>> >>>> behaves
>> >>>> like the normal oRTP RTP
implementtaion.
>> >>>>
>> >>>> SRTP-ZRTP
>> >>>> Instead of using the existing SRTP
implementation I use an own SRTP
>> >>>> implementation (also a C++
implementation that has a C Wrapper). Some
>> >>>> reasons why: the current libsrtp does
not support AES 256
>> >>>> out-of-the-box
>> >>>> which is required for ZRTP. In
addition ZRTP defines some more modern
>> >>>> authentiation mechanisms in SRTP
(Skein MAC). In addition the
>> >>>> ZRTP/SRTP module
>> >>>> uses either openSSL or libgcrpyt as
crypto backends, thus no own
>> >>>> implementation
>> >>>> of the AES cipher or bignum but
reusing proven and well tested
>> >>>> implementations.
>> >>>> This module would live in an
appropriate third party directory. As a
>> >>>> side
>> >>>> note: openSSL is availabe for Android,
have a look at CSipSimple
>> >>>> project thus
>> >>>> ZRTP uses openSSL on Android, for
example.
>> >>>>
>> >>>> ZrtpCallback
>> >>>> GNU ZRTP core requires some external
support functions, for example
>> >>>> to send
>> >>>> data via RTP, get a mutex, get a
timer, etc. Because these
>> >>>> functions are system
>> >>>> dependent the zrtp_transport module
implements these functions and
>> >>>> provides
>> >>>> them via callback to GNU ZRTP.
>> >>>>
>> >>>> ZrtpUserCallback
>> >>>> An application may (and should)
implement these callback methods.
>> >>>> zrtp_transport
>> >>>> uses the callback methods to inform
the application about status
>> >>>> changes, for
>> >>>> example if security was established,
which cipher was activated, and
>> >>>> some other
>> >>>> simple user interactions.
>> >>>>
>> >>>>
>> >>>> To implement this I obviously need
some help from oRTP / Linphone
>> >>>> gurus, in
>> >>>> particular with the build and
configuration stuff and the intrinsics
>> >>>> of the
>> >>>> transport mechanisms. I would start to
evaluate the SRTP transport
>> >>>> to lower the
>> >>>> learning curve. However, some support
would be highly appreciated
>> >>>> once I had a
>> >>>> first rough draft of the
zrtp_transport code.
>> >>>>
>> >>>> Some discussions how to integrate the
user callback functions in
>> >>>> Linphone etc
>> >>>> could be the next steps after we have
a working zrtp_transport, in
>> >>>> particular
>> >>>> to setup secure connections for audio
and video - yes, this works if
>> >>>> the
>> >>>> application supports both :-) .
>> >>>>
>> >>>> Ideas, comments, feedback,
"ready-to-run-code" :-) , etc are
>> >>>> appreciated.
>> >>>>
>> >>>> Best regards,
>> >>>> Werner
>>
>
_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers