#69 SRTP Support

[Denis Doria]

Hi,
Since 2013-03-20 there is srtp support on farstream: https://bugs.freedesktop.org/show_bug.cgi?id=52481

As in the faq is stated that the support issue is the lack of implementation on farstream:"Farstream (formerly known as Farsight) doesn't support SRTP and therefore SIPE is unable to create encrypted calls. The encryption must be disabled in the client you are trying to call. Please check the file contrib/media-patches/README.txt in the source code release for the details."

I would like to know if you guys have any plan to integrate this on pidgin-sipe, looks like the srtp implementation is arriving in the distribuitions, at least this is already the case for gstreamer1.0-plugins-bad that are in debian experimental.

Thanks for the awesome work so far.

[Stefan Becker]

I'm not sure if there are any changes needed in SIPE now that farstream is supposed to support SRTP.

So a stupid question: have you installed the latest gstreamer & farstream with SRTP support and simply tried to set up an encrypted call with SIPE? Does it work? If not, can you provide the --debug log for the failure?

[Denis Doria]

Yep, I installed; I assumed the same as you, that the fact that I have the
srtp installed it would make the connection works, but this is not the case.

dpkg -l gstreamer1.0-plugins-bad
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version
Architecture Description
+++-==========================================-==========================-==========================-==========================================================================================
ii gstreamer1.0-plugins-bad:amd64 1.1.4-3
amd64 GStreamer plugins from the "bad" set

But maybe here is the problem, I'm using the libfarstream-0.1-0; and my
repo already have the libfarstream-0.2-2; but neither my version of pidgin
nor my version of pidgin-sipe are compiled to use the latest. So although I
have the correct version of the plugins-bad, maybe I lack the support on
libfarstream.

The error that I have is the same as before the installation of the latest
plugins-bad:
Reason="Error parsing SDP: SRTP-encrypted media required to establish
connection"

Now I think I need to try to compile pidgin using the libfarstream-0.2, I'm
going to give a shot and let you know.

[David Woodhouse]

I don't believe farstream does support SRTP yet. If you look at the referenced bug https://bugs.freedesktop.org/show_bug.cgi?id=52481 you'll see that it's still open, in NEW state.

The comment (#1) on 2013-03-20 speaks of SRTP now being supported in gstreamer, but there's extra work to be done to ensure that farstream can use that and expose it via its own API.

[Stefan Becker]

This is my understanding of what is missing, based on other discussion threads:

• SRTP support in gstreamer: DONE
• SRTP support in farstream: easy, ongoing
• TCP TURN support in libnice: needed? patch available, ongoing?
• SRTP support in libpurple media API: complicated, as 2.x is dead and nobody knows when 3.x comes out
• SIPE needs to extract SRTP keys from SDP message and pass them through the new libpurple APIs down to farstream

[Denis Doria]

Just to update this, since it being a long time ago.
farstream received the commit to support srtp (some hours ago):
http://cgit.collabora.com/git/user/tester/farstream.git/log/?h=srtp
The bug tracker was update too:
https://bugs.freedesktop.org/show_bug.cgi?id=52481

So srtp should be ready in few weeks, do you guys have any plan to work on the final steps to integrate with sipe?

[Stefan Becker]

That closes only one point on the external dependencies list

[Denis Doria]

The biggest problem would be libpurple.
Is there any change necessary on libnice? From you last message looks
like you are not so sure about it.

[Stefan Becker]

git HEAD has some changes that are for the ongoing libnice TCP transport work. I don't know if that work is related to SRTP support.

I don't think there will be SRTP support in libpurple until Pidgin 3.x.x is released.

[Denis Doria]

Anyway I opened a ticket with pidgin to check when this will be done:
https://developer.pidgin.im/ticket/16225

(editors note: please stop replying to emails. They clutter the ticket system with unnecessary junk)

[Stefan Becker]

Implemented by git commit e319d00

Please note that this will only work with Pidgin 3.0 or later

[David Woodhouse]

I've backported all the APIs, and the gstreamer-1.x support and should all work in the latest Pidgin 2.x (from hg; not the 2.10 release but whatever comes next).

We are shipping those latest 2.x patches in Fedora 22. The only thing we need to get SRTP as well as file transfer and screen sharing (1:1 only; no meetings yet) is the pidgin-sipe parts. I have those in a COPR at https://copr.fedoraproject.org/coprs/dwmw2/sipecollab/builds/ (note the only thing built for Fedora 22 is pidgin-sipe).

I think Jakub has now committed the SRTP parts to the 'mob' branch of siplcs. The file transfer and screen sharing need more work; last time I looked they were blocking the main thread by sending TCP data from it. But we're getting there, slowly...

[Denis Doria]

Stefan; from the link that you sent looks like it should work on pidgin 2.x too; but it could have some problems with encryption, that can be fixed using a .reg file. Breaking the commit message:

• minimum: pidgin >= 2.8.0, libnice >= 0.1.0, farsight2 >= 0.0.26
  if you get errors on
  incompatible encryption levels when making a call, change to peer's registry
  is needed to allow unencrypted media transfer; use the .reg file in this
  directory.

• recommended: pidgin 3.0, libnice >= 0.1.13, farstream >= 0.2.7

As this ticket is closed; should we open another one for meeting and sharing screen?