#262 Add support for ZRTP

[Anonymous]

Originally created by: wheresau...@lavabit.com
Originally owned by: r3gis...@gmail.com

Not a bug - enhancement

please add ZRTP support this allows for a more secure handling of handset to handset key exchanges.   Two linux softphones I know of built on pjsip allow SRTP and ZRTP, allow using them at the same time.

other pjsip implementations:
http://www.sflphone.org/
http://twinklephone.com/

[Anonymous]

Originally posted by: r3gis...@gmail.com

AFAIK, twinkle & sflphone are not built on pjsip. I've already studied their source code and both has their own sip implementation independent from pjsip.

However, on pjsip mailing list somebody talked once of an existing port of libzrtp that he did and want to release.... But nothing were released...
The only thing I found is this project :
https://code.google.com/p/smartcryptovoip/
Seems to be recent, but having a closer look on the code and it seems to be not really completely implemented... or maybe I missed something on the code !
In this project I see the import of pjsip & the import of a zrtp lib... but nothing that make the glue between the zrtp lib and the pjsip lib...
So I'll try to contact the author of the project to see what his his advancement on this point.

If he don't support his project, he may have some good starting points for the pjsip integration.
Anyway, yes ZRTP is a "must have" since really more suitable than srtp (zrtp is negociated inside the rtp stream while srtp is done on the sip sdp which make exchanges more complicated).
Using something existing could save me a lot of time... but if I have to code it myself, I'll do.

[Anonymous]

Originally posted by: r3gis...@gmail.com

Mhhh, finally I'm not so sure that sflphone is not based on pjsip... twinkle that's sure.. but finally there is maybe some dependancy on sflphone... I'll dive a little bit more in their implementation :)

[Anonymous]

Originally posted by: r3gis...@gmail.com

Well, sflphone used some parts of pjsip, but everything related to rtp / srtp & zrtp is done on their side and that's not integrated to pjsip-ua module  :
they directly use some parts of pjsip (such as sending a sdp, sending a sip msg) without using the wrapping object...
That's the reason why I didn't seen the link with pjsip the first time I looked the code.
So it would be hard to integrate directly.

[Anonymous]

Originally posted by: wheresau...@lavabit.com

Sorry for the bad info.. and making it sound so easy.  r3gis.3R thanks for doing this research.

[Anonymous]

Originally posted by: nilsjan...@gmail.com

zrtp on android, that would be so awesome. i'll send flowers and pizza to the developer if that ever becomes true! really.

[Anonymous]

Originally posted by: wheresau...@lavabit.com

found this, thought it may help with getting things running on android

GNU ZRTP is a Java implementation of Phil Zimmermann's ZRTP specification
http://www.gnutelephony.org/index.php/GNU_ZRTP4J

it is being used by this project
http://www.sip-communicator.org/

[Anonymous]

Originally posted by: r3gis...@gmail.com

Also really interesting project : https://projects.savoirfairelinux.com/repositories/entry/sflphone/sflphone-common/src/audio/audiortp/AudioZrtpSession.cpp

They use pjsip too, but not at the user agent level (just for sip messages treatment). But still interesting.
Besides their project support iax which is also really interesting.

[Anonymous]

Originally posted by: nilsjan...@gmail.com

perhaps recrute werner? :) https://code.google.com/p/sipdroid/issues/detail?id=63

[Anonymous]

Originally posted by: r3gis...@gmail.com

great idea :)

[Anonymous]

Originally posted by: r3gis...@gmail.com

Just to inform about the good news :
http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/2010-November/012174.html

Werner has sent a great proposal for zrtp inside pjsip ! (which indirectly mean that it could be available on CSipSimple too ;) ).

I hope that pjsip guys will help to him on the mailing list and anyway you can encourage the effort and say on the mailing list that it is a very interesting improvement for the sip stack ;).

[Anonymous]

Originally posted by: r3gis...@gmail.com

Good news #2 :

I've just made my first ZRTP call using CSipSimple + pjsip + the excellent work of Werner Dittmann to a twinkle phone in SIP direct (local to local).

It's with hardcoded stuff everywhere but... it worked :)...
Next step is to get the latest code organization up to date with Werner's work, and add the UI to allow you to accept ZRTP :)

[Anonymous]

Originally posted by: r3gis...@gmail.com

(No comment was entered for this change.)

Status: Started

[Anonymous]

Originally posted by: nathanfr...@gmail.com

Exciting news! Any way I can pitch in to help with the UI or testing? Just getting up to speed on your effort here.

Side note - I am the lead on an open-source effort to bring as many security features to Android as possible. So far we have Tor, OTR IM and a few others, and are just eager to support anyone working in this area. You can see what we are up to at https://guardianproject.info and find us on #guardianproject on freenode.

Keep up the great work and happy new year!

[Anonymous]

Originally posted by: r3gis...@gmail.com

Just for info, I do not forget this issue ;). I had hard time with some hot bugs and trying to refactor the call screen UI.
Good news is that with android 2.3 it's possible to build ZRTP with official NDK which would make thing easier for the future.

I'll try to introduce the very first step of ZRTP (without any UI integration) in future nightly builds.

Really sorry for the delay.

[Anonymous]

Originally posted by: wheresau...@lavabit.com

thanks for the update!  looking forward to testing coming nightly builds :D

[Anonymous]

Originally posted by: r3gis...@gmail.com

[r632] ship a first usable integration of ZRTP :
http://nightlies.csipsimple.com/tls/CSipSimple-r632-tls.apk

UI is not fancy but at least it will allow to use the great work done by Werner on ZRTP4PJ.

Tested quickly with Twinkle on the other side and seems to work correctly. I did no wireshark trace to check but feed back from twinkle and zrtp4pj.

For now known limitation (due to my bad) :
* You need a sdcard (mounted on /sdcard/)
* Only one session at a time (anyway for "now" CSipSimple does not handle multiple calls)

[Anonymous]

Originally posted by: wheresau...@lavabit.com

Im having trouble with this, I went and created a few fresh accounts on create.tanstagi.net . Loaded them in both twinkle and csisimple.  turned zrtp on, in settings on both.  But as far as I can tell neither are using zrtp.  Is there a particular way csisimple needs to be configured, or is this strange and should I be sending you my logCat..

[Anonymous]

Originally posted by: r3gis...@gmail.com

Oh yes sorry, forgot to say :

You have to go in settings > network > Security > on the bottom, Use ZRTP. Change the value of the option ;)

[Anonymous]

Originally posted by: werner...@googlemail.com

Hi Regis,

great stuff - thanks for integrating it. I had a quick look at the code
(very quick indeed) and it looks great for the first shot. As Niklaus Wirth
said: program development by stepwise refinement :-) .

Regis, please keep in mind that the PJSUA callback structuce/name changes as soon
as Benny implements his proposal to add transports in a more generic way. I did that
(simulated) in my sandbox, no big changes in your structure - just another name
of the pjsua callback mainly, the rest stays the same.

@comment #18: you need to enable ZRTP in Twinkle as well and make sure Twinkle uses
a decent ZRTP library, I propose to use 1.6.0. Some distributions have 0.9.0 or
1.2, 1.3. These libzrtpcpp versions will not work because the ZRTP specification
changed in the meantime. You may check your libzrtpcpp.so files.

Regards,
Werner

[Anonymous]

Originally posted by: wheresau...@lavabit.com

ok, didnt get farther with twinkle.  is there any way for me to tell if zrtp at this point by just using csipsimple between two handsets?   I have everything(TLS,SRTP,ZRTP) turned on, on fresh csipsimple installs..  and srtp is set to manditory still(is this ok?).  I havnt been able to tell from my logs if anything is working.. calls are crystal clear.. and srtp under the info button is reporting null.  It would be great if the zrtp handshake 'shared phrase' could be included under the info button for now.. in order to avoid drastic overhauls to the UI.

[Anonymous]

Originally posted by: r3gis...@gmail.com

Yes, as I said, the UI integration for now is not what should be finally done.

There is some ongoing refactoring on the call screen. I previously hoped to be able release the new UI screen before but it took me too much time and that's not yet finished.
As I didn't want to let you wait anymore for testing ZRTP, I decided to have this weird UI integration to allow to test while final call screen is not finished. But the true support of ZRTP (when this issue will be marked as closed), the UI integration will be fancier (much more like what is done in twinkle or sipcommunicator).

But if you get the little alert dialog, it and click Ok, it means that the ZRTP is activated then. (There is no more feedback for now when using between two CSipSimple -- reason why I test between CSipSimple and Twinkle where the integration with the softphone give a good feedback about what is happening - also logs of CSipSimple can inform you about what is happening).

Just thought, I think that you should disabled SRTP when using ZRTP. I didn't test with SRTP activated in addition to ZRTP but if you have ZRTP, you probably don't need SRTP anymore.
Maybe Werner could confirm this point.

[Anonymous]

Originally posted by: nilsjan...@gmail.com

Yes! Werner du bist ein Held. Will start testing tonight. Already switched from sipdroid to
Csipsimple. :) awesome!

[Anonymous]

Originally posted by: werner...@googlemail.com

@comment 21, 22: Regis is right: the 'normal' SRTP where the keys are exchanged
via SIP,mode must be switched off. This is what ZRTP is for: negotiating the
encryption algorithms and exchange key data. Even the users of the call don't know the
keys and after the call the keys are destroyed and not recoverable (except you modify
the source to store them somewhere :-) ). When you use ZRTP you don't need SIP/TLS
(SIPS) but I reommend that also if your SIP provider supports this.

During the next days I prepare a small ZRTP FAQ and send it to Regis so he can
put it in the Wiki.

Regards,
Werner

[Anonymous]

Originally posted by: nilsjan...@gmail.com

just tested the nightlie CSipSimple-[r632]-tls.apk on a motorola defy (with froyo) and zrtp worked. At least Twinkle said so. Yippieee!!! Thank you so much Werner and r3gis.3R. This is a huge step.

But the ui hang already after seconds with this error: "Tut uns leid! Aktivität CSipsimple (in Anwendung CSipSimple) reagiert nicht. [Schließen] [Warten]" Shall i translate? And i could only hang up in twinkle, which wasnt recognized on csipsimple. But this happened also with zrtp deactivated, so probably not related...

[Anonymous]

Originally posted by: nilsjan...@gmail.com

@r3gis.3R is there a way to automaticly get updates for the latest nightly.apk? I know some people who are only waiting for this feature running stable before they get an android device...

Or which issue do i have to subscribe to if i want to get a mail when your call screen ui rewriting is finished? It hangs after every call now. Also the green active call icon in the topbar...