ccrtp-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ccrtp-devel] SRTP proposal for ccRTP


From: Werner Dittmann
Subject: [Ccrtp-devel] SRTP proposal for ccRTP
Date: Tue, 18 Jul 2006 21:05:50 +0200
User-agent: Thunderbird 1.5 (X11/20060317)

All,

during some work on a SIP client project (minisip) I did some stuff
regarding SRTP and ZRTP (Phil Zimmermann's key exchange protocol). I
would like to contribute this to the ccRTP implementation.

The minisip project itself uses GPL/LGPL, the SRTP implementation
is implemented in C++. I've successfully tested this SRTP against the
libsrtp implementation (srtp.sourceforge.net/srtp.html, developed by
Cisco in C and put in open domain).

Looking at the ccRTP implementation I see that it is fairly easy to
enhance ccRTP with the C++ SRTP implementation.

My proposal to add SRTP to ccRTP based on the existing SRTP code:

New public methods / functions to enable SRTP:
Add methods to IncomingDataQueue and OutgoindDataQueue to set a
SRTP crypto context. Each SSRC uses an own crypto context. There
are different crypto contexts required for incoming and outgoing.

Outgoing case:
In methods "putData" "sendImmediate" include a check if a crypto
context is active (set) for the SSRC. This check will be done after
the normal RTP packet was set up. If the check is true, process the
RTP packet for SRTP and perform SRTPprocessing (encryption, add
authentication tags, etc). Then put the packet in the queue or send
it immediately. SRTP encrypts the contents only, not the headers
fields.

Incoming case:
Extend the "takeInDataPacket" method to check for an active (set)
crypto context for the received SSRC. This check would be done after
the basic validity checks but before the call "onRTPPacketRecv" hook.
If there is an active crypto context perform SRTP processing (decryption,
check replay, authenticate, etc.). If it's successful accept the packet
and handle it like a normal RTP packet.

I've done the necessary hacking to enhance ccRTP as described.
Currently the SRTP uses  openSSL as the crypto backend. The overall
changes to existing ccRTP code  is small, new classes are added, e.g.
to handle the SRTP crypto conext, perform encryption etc.


Regarding ZRTP:
I've implemented PZ's ZRTP protocol in C++ and tested it against the
original implementation. I'm also in contact with PZ because of the
interop tests.

Because ZRTP is a protocol "on top" of RTP/SRTP I would implement a
ZRTPQueue that inherits from AVPQueue and performs the ZRTP handling.
ZRTP provides ways to exchange and negotiate keys to setup the
SRTP crypto context. After this is done, ZRTP is transparent with
respect to RTP/SRTP handling.

IMHO this is also somewhat straightforward given the existing C++ ZRTP
implementation.

There is one major question that I haven't solved yet: does ccRTP
provide some functions for "timeout" / timer handling with callback?
ZRTP requires protocol timers (only one at a time) to trigger resend
data. Any idea/hint is welcomed here.

What do you think? How to contribute the code? (after I did the necessary
tests - of course you will find some test code as well)

I appreciate any ideas or hints. Don't hesitate to bring up
questions as well.

Regards,
Werner




reply via email to

[Prev in Thread] Current Thread [Next in Thread]