[Gaim-devel] Trillian SecureIM preliminary support (read-only) for Oscar

[Ludovic L. <ll...@us...>]

Hello list,

I've just uploaded ( 
http://sourceforge.net/tracker/index.php?func=detail&aid=777300&group_id=235&atid=300235 
) a patch to add preliminary support for encrypted communication, 
compatible with Trillian SecureIM protocol.

It is just a proof-of-concept. Here is the summary :

======================================================
That patch adds preliminary support for receiving
Trillian's SecureIM messages (encrypted IM) over Oscar
protocol.

It may (or may not) work for you. Please report to the
list.

Current limitations :

* Receive only. You'll be able to read (decrypt)
encrypted messages, but you cannot send messages in
encrypted form.
* No UI. Always on.
* Full of bugs, and assumptions about SecureIM protocol.
* Seems only to work with AIM. Should work with ICQ but
currently don't.
* I don't know a thing about encryption.
* I don't know a thing about GAIM's internals so the
implementation may be a complete heresy. (and that's
why I didn't add support for sending messages, I
couldn't understand it enough)
* You need OpenSSL compiled and installed as a library.
I used version 0.9.7b ( http://www.openssl.org/source/ )
* Was developped on a Windows workstation, so the
Makefiles aren't correctly updated (only
Makefile.mingw). You'll have to tweak to link with
OpenSSL. I don't know how.
* Totally unsupported. I may never work on this again.

Known Bugs :

* ICQ doesn't work for me : the server doesn't transmit
our ACCEPT packet to the other party. Don't know why.
Either a problem with my account, or an initialisation
problem.
======================================================

4 more points :

* You will need OpenSSL as noted, I don't know if there is a problem 
with OpenSSL license ( http://www.openssl.org/support/faq.html#LEGAL2 ) 
but don't really care about.

* Many thanks to the Joust project ( they publish JOscar, a Java OSCAR 
library ) for the documentation and all the trial-and-errors work for 
guessing the protocol. You can find JOscar here ( 
http://joust.kano.net/joscar/ ), the classes that concern Trillian 
protocol are in 'net.kano.joscar.rvcmd.trillcrypt', there you will find 
some documentation. They seem very close to a working implementation.

* I don't know about Cerrulean Studio's reaction. I wish to thank them 
for chosing a public key exchange mechanism and a public cipher, and 
giving hints about them on their web site. (If there were any doubts 
about it, I didn't reverse engineer their code nor anything like that.) 
Moreover they chose very standard (and easily guessable) parameters, 
which is a plus for interoperability.

* (for those, like me, who don't really know about encryption : ) Being 
able to interoperate with Trillian doesn't mean that their protocol is 
'weak'. It only means that they chose a public cipher, and that using 
the same one leads to the same results, which is a good thing.


As noted, this work is totally unsupported. I wanted badly to be able to 
make GAIM interoperate with Trillian, so I tried my best and with great 
luck it seems to work. However, I'm not sure I'll improve this and 
maintain it as a separate patch.
My best hope is that it gets included in the CVS and that an 'autoconf' 
master adds the '--with-trillian-secureim' option that I couldn't add. 
Then, people will have to add an UI to enable / disable encryption, 
support for sending IM (that would be so cool !), etc...

Best regards,

Ludovic LANGE.