All, during some work on a SIP client project (minisip) I did some stuff regarding SRTP and ZRTP (Phil Zimmermann's key exchange protocol). I would like to contribute this to the ccRTP implementation.
The minisip project itself uses GPL/LGPL, the SRTP implementation is implemented in C++. I've successfully tested this SRTP against the libsrtp implementation (srtp.sourceforge.net/srtp.html, developed by Cisco in C and put in open domain). Looking at the ccRTP implementation I see that it is fairly easy to enhance ccRTP with the C++ SRTP implementation. My proposal to add SRTP to ccRTP based on the existing SRTP code: New public methods / functions to enable SRTP: Add methods to IncomingDataQueue and OutgoindDataQueue to set a SRTP crypto context. Each SSRC uses an own crypto context. There are different crypto contexts required for incoming and outgoing. Outgoing case: In methods "putData" "sendImmediate" include a check if a crypto context is active (set) for the SSRC. This check will be done after the normal RTP packet was set up. If the check is true, process the RTP packet for SRTP and perform SRTPprocessing (encryption, add authentication tags, etc). Then put the packet in the queue or send it immediately. SRTP encrypts the contents only, not the headers fields. Incoming case: Extend the "takeInDataPacket" method to check for an active (set) crypto context for the received SSRC. This check would be done after the basic validity checks but before the call "onRTPPacketRecv" hook. If there is an active crypto context perform SRTP processing (decryption, check replay, authenticate, etc.). If it's successful accept the packet and handle it like a normal RTP packet. I've done the necessary hacking to enhance ccRTP as described. Currently the SRTP uses openSSL as the crypto backend. The overall changes to existing ccRTP code is small, new classes are added, e.g. to handle the SRTP crypto conext, perform encryption etc. Regarding ZRTP: I've implemented PZ's ZRTP protocol in C++ and tested it against the original implementation. I'm also in contact with PZ because of the interop tests. Because ZRTP is a protocol "on top" of RTP/SRTP I would implement a ZRTPQueue that inherits from AVPQueue and performs the ZRTP handling. ZRTP provides ways to exchange and negotiate keys to setup the SRTP crypto context. After this is done, ZRTP is transparent with respect to RTP/SRTP handling. IMHO this is also somewhat straightforward given the existing C++ ZRTP implementation. There is one major question that I haven't solved yet: does ccRTP provide some functions for "timeout" / timer handling with callback? ZRTP requires protocol timers (only one at a time) to trigger resend data. Any idea/hint is welcomed here. What do you think? How to contribute the code? (after I did the necessary tests - of course you will find some test code as well) I appreciate any ideas or hints. Don't hesitate to bring up questions as well. Regards, Werner _______________________________________________ Ccrtp-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/ccrtp-devel
