[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] ZRTP support for oRTP - Linphone

From: Simon Morlat
Subject: Re: [Linphone-developers] ZRTP support for oRTP - Linphone
Date: Tue, 28 Jun 2011 15:41:45 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20110424 Thunderbird/3.1.10

Dear Werner,

Thank you for your long email !
We apreciate the technical description you wrote regarding zrtp integration, we now have a clear view of what 's to be done and how GNU zrtp is architectured. Guillaume and I have looked into GNU zrtp and the patch you did for pjsip. We have decided to work on this topic so you all can expect a release of linphone with gnu-zrtp in a mid-term future.

Best regards,


On 26/06/2011 11:07, Werner Dittmann wrote:
Dear all,

Attention: long email :-)

David Sugar, maintainer of GNU Telephony project,
pointed me to the oRTP implementation and thus Linphone and asked
if it is possible to have ZRTP support for oRTP/Linphone.

Some background:

ZRTP is a protcol that negotiates the necessary parameters to set-up
a secure RTP connections (SRTP). ZRTP was developed by Phil Zimmermann
(yes, Mr. "PGP") and is now available as RFC 6189, for further details
about ZRTP see:

I developed a ZRTP implementation which is part (an extension) of the
GNU ccRTP implementation and was first used in the Twinkle SIP client.
A Java version of this implementation is also available, same SVN repository
as ccRTP.

Of course GNU ZRTP is interoperable with Phil's ZRTP implementation and we
did a lot of interop-tests to make this happen.

About 7 months ago I got some information about the CSipSimple project that
aims to implement a SIP client for Android and uses the PJSIP stacks to get
the SIP, RTP, and media support. To enable ZRTP for CSipSimple I added a
C-wrapper to the GNU ZRTP C++ implementation and we implemented a PJSIP
transport module to enable PJSIP/PJSUA based applications to use ZRTP
"out-of-the-box". For those who are more interessted in this just have a
look at:

oRTP / Linphone

Because a C-wrapper is available and oRTP supports transport plugins (the
current SRTP transport seems to use this, but Linphone does not use SRTP
currently) it is IMHO possible to integrate GNU ZRTP into oRTP and thus
Linphone. The following "artwork" :-) depicts how such an integration could
be done:

                                                :  +-----------+
                                                :  | SRTP for  |
                                                :  |   ZRTP    |
                                                :  +-----------+
                                                :  | C Wrapper |
                                                :  +-----+-----+
                                          uses  :        |
                                        |       :
   +----------------+      +------------+---+   :  +-+-----------------+
   |   Linphone     |      |                |   :  |C|                 |
   |   enables      | uses | zrtp_transport | uses | |    GNU ZRTP     |
   | ZRTP transport +------+   implements   +------+W|      core       |
   | and implements |      |  ZrtpCallback  |   :  |r| implementation  |
   |ZrtpUserCallback|      |                |   :  |a|  (ZRtp et al)   |
   +----------------+      +----------------+   :  |p|                 |
                                                :  +-+-----------------+
   oRTP application for      oRTP transport     :  Existing GNU ZRTP with
   example Linphone          for ZRTP (new)     :  C-wrapper


GNU ZRTP is the existing ZRTP implementation that handles the ZRTP
protocol, performs necessary ZRTP computations, maintains some data in a
file etc. I implemented this part in C++ (it's stable, tested to work with
Phil Zimmermann's implementation) and it's licencse is GPL v3. I also
implemented a C Wrapper to make GNU ZRTP accessible to C implementations.

This is a new oRTP transport that links into the transport stream,
similar to the current SRTP transport. This transport acts as a filter that
controls the flow of ZRTP, RTP, and SRTP data. This is obviously a new
module. IMHO it should live in the somewhere parallel to oRTP source,
parallel to the other transport modules (just a proposal). This module
will be the main development during the planned ZRTP integration. This module
is the "glue" between applications like Linphone and the ZRTP implementation.
If ZRTP and thus SRTP are not engaged or active the zrtp_transport behaves
like the normal oRTP RTP implementtaion.

Instead of using the existing SRTP implementation I use an own SRTP
implementation (also a C++ implementation that has a C Wrapper). Some
reasons why: the current libsrtp does not support AES 256 out-of-the-box
which is required for ZRTP. In addition ZRTP defines some more modern
authentiation mechanisms in SRTP (Skein MAC). In addition the ZRTP/SRTP module
uses either openSSL or libgcrpyt as crypto backends, thus no own implementation
of the AES cipher or bignum but reusing proven and well tested implementations.
This module would live in an appropriate third party directory. As a side
note: openSSL is availabe for Android, have a look at CSipSimple project thus
ZRTP uses openSSL on Android, for example.

GNU ZRTP core requires some external support functions, for example to send
data  via RTP, get a mutex, get a timer, etc. Because these functions are system
dependent the zrtp_transport module implements  these functions and provides
them via callback to GNU ZRTP.

An application may (and should) implement these callback methods. zrtp_transport
uses the callback methods to inform the application about status changes, for
example if security was established, which cipher was activated, and some other
simple user interactions.

To implement this I obviously need some help from oRTP / Linphone gurus, in
particular with the build and configuration stuff and the intrinsics of the
transport mechanisms. I would start to evaluate the SRTP transport to lower the
learning curve. However, some support would be highly appreciated once I had a
first rough draft of the zrtp_transport code.

Some discussions how to integrate the user callback functions in Linphone etc
could be the next steps after we have a working zrtp_transport, in particular
to setup secure connections for audio and video - yes, this works if the
application supports both :-) .

Ideas, comments, feedback, "ready-to-run-code" :-) , etc are appreciated.

Best regards,

Linphone-developers mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]