Dear all,
some members of this mailing list pointed me to the enhancement request to
implement ZRTP into the pjproject libraries. I browsed through the pj
sources and would like to make the following proposal to implement ZRTP
for pj. The follwing figure depicts at a high level the planned
implementation:
+-----------+
| |
| SRTP-ZRTP |
| |
+-----------+
|C Wrapper |
+-----+-----+
|
| uses
|
+----------------+ +-------+--------+ +-+-----------------+
| App (pjsua) | | | |C| |
| creates a | uses | transport_zrtp | uses | | GNU ZRTP |
| ZRTP transport +------+ implements +------+W| core |
| and implements | | ZrtpCallback | |r| implementation |
|ZrtpUserCallback| | | |a| (ZRtp et al) |
+----------------+ +----------------+ |p| |
+-+-----------------+
Description:
GNU ZRTP
GNU ZRTP is the existing ZRTP implementation that handles the ZRTP
protocol, performs necessary ZRTP computations, maintains some data in a
file etc. I implemented this part in C++ (it's stable, tested to work with
Phil Zimmermann's implementation) and it's licencse is GPL v3. Currently I
implemented a first version of a C Wrapper to make GNU ZRTP accessible to
C implementations. The C Wrapper covers the main functions already and will
be enhanced during the pj project implementation. GNU ZRTP is a library,
no requirement to have it as third party source in pjproject - it's already
available as part of the GNU ccRTP project.
transport_zrtp
This is a new pjmedia transport that links into the transport stream,
similar to the current SRTP transport. Thus transport acts as a filter that
controls the flow of ZRTP, RTP, and SRTP data. This is obviously a new
module. IMHO it should live in the pjmedia source, parallel to the other
transport modules. This module will be the main development during the
planned ZRTP integration.
SRTP-ZRTP
Instead of using the existing SRTP implementation I plan to use an own SRTP
implementation (also a C++ implementation that has a C Wrapper). Some
reasons why: the current libsrtp does not support AES 256 which is implemented
for ZRTP. In addition ZRTP defines some more modern authentiation mechanisms
in SRTP that I will implement step by step. In addition the ZRTP/SRTP module
uses either openSSL or libgcrpyt as crypto backends, thus no own implementation
of the AES cipher or bignum but reusing proven an well tested implementations.
This module would live in an apporpriate third party directory.
The callback stuff is implemented as usual. GNU ZRTP requires some external
support functions, for example to send data via RTP, get a mutex, etc. Because
these functions are system dependent the transport_zrtp module implements these
and provides them via callback to GNU ZRTP. transport_zrtp uses UserCallback
methods to inform the application about status changes, for example if security
was established, which cipher was engaded, and some other user interactions.
To implement this stuff I obviously need some help from pjproject gurus, in
particular with the build and configuration stuff and the intrinsics of the
transport mechanisms. I would start to evaluate the transport_srtp and the
transport example to lower the learning curve. However, some support would
highly appreciated once I had a first rough draft of the transport_zrtp code.
Best regards,
Werner
