Closed GoogleCodeExporter closed 9 years ago
[deleted comment]
AFAIK, twinkle & sflphone are not built on pjsip. I've already studied their
source code and both has their own sip implementation independent from pjsip.
However, on pjsip mailing list somebody talked once of an existing port of
libzrtp that he did and want to release.... But nothing were released...
The only thing I found is this project :
http://code.google.com/p/smartcryptovoip/
Seems to be recent, but having a closer look on the code and it seems to be not
really completely implemented... or maybe I missed something on the code !
In this project I see the import of pjsip & the import of a zrtp lib... but
nothing that make the glue between the zrtp lib and the pjsip lib...
So I'll try to contact the author of the project to see what his his
advancement on this point.
If he don't support his project, he may have some good starting points for the
pjsip integration.
Anyway, yes ZRTP is a "must have" since really more suitable than srtp (zrtp is
negociated inside the rtp stream while srtp is done on the sip sdp which make
exchanges more complicated).
Using something existing could save me a lot of time... but if I have to code
it myself, I'll do.
Original comment by r3gis...@gmail.com
on 7 Oct 2010 at 8:23
Mhhh, finally I'm not so sure that sflphone is not based on pjsip... twinkle
that's sure.. but finally there is maybe some dependancy on sflphone... I'll
dive a little bit more in their implementation :)
Original comment by r3gis...@gmail.com
on 7 Oct 2010 at 8:31
Well, sflphone used some parts of pjsip, but everything related to rtp / srtp &
zrtp is done on their side and that's not integrated to pjsip-ua module :
they directly use some parts of pjsip (such as sending a sdp, sending a sip
msg) without using the wrapping object...
That's the reason why I didn't seen the link with pjsip the first time I looked
the code.
So it would be hard to integrate directly.
Original comment by r3gis...@gmail.com
on 7 Oct 2010 at 9:54
Sorry for the bad info.. and making it sound so easy. r3gis.3R thanks for
doing this research.
Original comment by wheresau...@lavabit.com
on 7 Oct 2010 at 8:20
zrtp on android, that would be so awesome. i'll send flowers and pizza to the
developer if that ever becomes true! really.
Original comment by nilsjan...@gmail.com
on 28 Oct 2010 at 1:56
found this, thought it may help with getting things running on android
GNU ZRTP is a Java implementation of Phil Zimmermann's ZRTP specification
http://www.gnutelephony.org/index.php/GNU_ZRTP4J
it is being used by this project
http://www.sip-communicator.org/
Original comment by wheresau...@lavabit.com
on 1 Nov 2010 at 5:01
Also really interesting project :
https://projects.savoirfairelinux.com/repositories/entry/sflphone/sflphone-commo
n/src/audio/audiortp/AudioZrtpSession.cpp
They use pjsip too, but not at the user agent level (just for sip messages
treatment). But still interesting.
Besides their project support iax which is also really interesting.
Original comment by r3gis...@gmail.com
on 1 Nov 2010 at 5:33
perhaps recrute werner? :)
http://code.google.com/p/sipdroid/issues/detail?id=63
Original comment by nilsjan...@gmail.com
on 11 Nov 2010 at 3:06
great idea :)
Original comment by r3gis...@gmail.com
on 11 Nov 2010 at 3:36
Just to inform about the good news :
http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/2010-November/012174.html
Werner has sent a great proposal for zrtp inside pjsip ! (which indirectly mean
that it could be available on CSipSimple too ;) ).
I hope that pjsip guys will help to him on the mailing list and anyway you can
encourage the effort and say on the mailing list that it is a very interesting
improvement for the sip stack ;).
Original comment by r3gis...@gmail.com
on 22 Nov 2010 at 10:16
Good news #2 :
I've just made my first ZRTP call using CSipSimple + pjsip + the excellent work
of Werner Dittmann to a twinkle phone in SIP direct (local to local).
It's with hardcoded stuff everywhere but... it worked :)...
Next step is to get the latest code organization up to date with Werner's work,
and add the UI to allow you to accept ZRTP :)
Original comment by r3gis...@gmail.com
on 7 Dec 2010 at 2:13
Original comment by r3gis...@gmail.com
on 8 Dec 2010 at 10:54
Exciting news! Any way I can pitch in to help with the UI or testing? Just
getting up to speed on your effort here.
Side note - I am the lead on an open-source effort to bring as many security
features to Android as possible. So far we have Tor, OTR IM and a few others,
and are just eager to support anyone working in this area. You can see what we
are up to at https://guardianproject.info and find us on #guardianproject on
freenode.
Keep up the great work and happy new year!
Original comment by nathanfr...@gmail.com
on 29 Dec 2010 at 11:10
Just for info, I do not forget this issue ;). I had hard time with some hot
bugs and trying to refactor the call screen UI.
Good news is that with android 2.3 it's possible to build ZRTP with official
NDK which would make thing easier for the future.
I'll try to introduce the very first step of ZRTP (without any UI integration)
in future nightly builds.
Really sorry for the delay.
Original comment by r3gis...@gmail.com
on 1 Feb 2011 at 7:16
thanks for the update! looking forward to testing coming nightly builds :D
Original comment by wheresau...@lavabit.com
on 1 Feb 2011 at 7:36
Revision 632 ship a first usable integration of ZRTP :
http://nightlies.csipsimple.com/tls/CSipSimple-r632-tls.apk
UI is not fancy but at least it will allow to use the great work done by Werner
on ZRTP4PJ.
Tested quickly with Twinkle on the other side and seems to work correctly. I
did no wireshark trace to check but feed back from twinkle and zrtp4pj.
For now known limitation (due to my bad) :
* You need a sdcard (mounted on /sdcard/)
* Only one session at a time (anyway for "now" CSipSimple does not handle multiple calls)
Original comment by r3gis...@gmail.com
on 13 Feb 2011 at 4:45
Im having trouble with this, I went and created a few fresh accounts on
create.tanstagi.net . Loaded them in both twinkle and csisimple. turned zrtp
on, in settings on both. But as far as I can tell neither are using zrtp. Is
there a particular way csisimple needs to be configured, or is this strange and
should I be sending you my logCat..
Original comment by wheresau...@lavabit.com
on 13 Feb 2011 at 5:29
Oh yes sorry, forgot to say :
You have to go in settings > network > Security > on the bottom, Use ZRTP.
Change the value of the option ;)
Original comment by r3gis...@gmail.com
on 13 Feb 2011 at 6:07
Hi Regis,
great stuff - thanks for integrating it. I had a quick look at the code
(very quick indeed) and it looks great for the first shot. As Niklaus Wirth
said: program development by stepwise refinement :-) .
Regis, please keep in mind that the PJSUA callback structuce/name changes as
soon
as Benny implements his proposal to add transports in a more generic way. I did
that
(simulated) in my sandbox, no big changes in your structure - just another name
of the pjsua callback mainly, the rest stays the same.
@comment #18: you need to enable ZRTP in Twinkle as well and make sure Twinkle
uses
a decent ZRTP library, I propose to use 1.6.0. Some distributions have 0.9.0 or
1.2, 1.3. These libzrtpcpp versions will not work because the ZRTP specification
changed in the meantime. You may check your libzrtpcpp.so files.
Regards,
Werner
Original comment by werner...@googlemail.com
on 13 Feb 2011 at 7:28
ok, didnt get farther with twinkle. is there any way for me to tell if zrtp at
this point by just using csipsimple between two handsets? I have
everything(TLS,SRTP,ZRTP) turned on, on fresh csipsimple installs.. and srtp
is set to manditory still(is this ok?). I havnt been able to tell from my logs
if anything is working.. calls are crystal clear.. and srtp under the info
button is reporting null. It would be great if the zrtp handshake 'shared
phrase' could be included under the info button for now.. in order to avoid
drastic overhauls to the UI.
Original comment by wheresau...@lavabit.com
on 14 Feb 2011 at 12:44
Yes, as I said, the UI integration for now is not what should be finally done.
There is some ongoing refactoring on the call screen. I previously hoped to be
able release the new UI screen before but it took me too much time and that's
not yet finished.
As I didn't want to let you wait anymore for testing ZRTP, I decided to have
this weird UI integration to allow to test while final call screen is not
finished. But the true support of ZRTP (when this issue will be marked as
closed), the UI integration will be fancier (much more like what is done in
twinkle or sipcommunicator).
But if you get the little alert dialog, it and click Ok, it means that the ZRTP
is activated then. (There is no more feedback for now when using between two
CSipSimple -- reason why I test between CSipSimple and Twinkle where the
integration with the softphone give a good feedback about what is happening -
also logs of CSipSimple can inform you about what is happening).
Just thought, I think that you should disabled SRTP when using ZRTP. I didn't
test with SRTP activated in addition to ZRTP but if you have ZRTP, you probably
don't need SRTP anymore.
Maybe Werner could confirm this point.
Original comment by r3gis...@gmail.com
on 14 Feb 2011 at 7:43
Yes! Werner du bist ein Held. Will start testing tonight. Already switched from
sipdroid to
Csipsimple. :) awesome!
Original comment by nilsjan...@gmail.com
on 14 Feb 2011 at 11:19
@comment 21, 22: Regis is right: the 'normal' SRTP where the keys are exchanged
via SIP,mode must be switched off. This is what ZRTP is for: negotiating the
encryption algorithms and exchange key data. Even the users of the call don't
know the
keys and after the call the keys are destroyed and not recoverable (except you
modify
the source to store them somewhere :-) ). When you use ZRTP you don't need
SIP/TLS
(SIPS) but I reommend that also if your SIP provider supports this.
During the next days I prepare a small ZRTP FAQ and send it to Regis so he can
put it in the Wiki.
Regards,
Werner
Original comment by werner...@googlemail.com
on 14 Feb 2011 at 11:38
[deleted comment]
just tested the nightlie CSipSimple-r632-tls.apk on a motorola defy (with
froyo) and zrtp worked. At least Twinkle said so. Yippieee!!! Thank you so much
Werner and r3gis.3R. This is a huge step.
But the ui hang already after seconds with this error: "Tut uns leid!
Aktivität CSipsimple (in Anwendung CSipSimple) reagiert nicht. [Schließen]
[Warten]" Shall i translate? And i could only hang up in twinkle, which wasnt
recognized on csipsimple. But this happened also with zrtp deactivated, so
probably not related...
Original comment by nilsjan...@gmail.com
on 14 Feb 2011 at 7:39
@r3gis.3R is there a way to automaticly get updates for the latest nightly.apk?
I know some people who are only waiting for this feature running stable before
they get an android device...
Or which issue do i have to subscribe to if i want to get a mail when your call
screen ui rewriting is finished? It hangs after every call now. Also the green
active call icon in the topbar...
Original comment by nilsjan...@gmail.com
on 16 Feb 2011 at 3:36
I'll update the issue when something more stable will be there. Unfortunately,
for now no other way than subscribing the rss feed of code changes on the
google code project to get updated of the nightlies build changes.
About the hang problem, did you try to reboot the phone? And make sure there is
no pending registration. I know that pjsua has a possible dead lock when you
get two simultaneous incoming sip calls (due to 2 registrations on the same
server, that could be to a crash or a reinstall without unregister or due to
what is explained in the FAQ entry about two simultaneous incoming calls -> if
so the solution is explained in the FAQ).
If not due to that point, maybe could be interesting if you can describe me the
scenario to reproduce so that I can have a look where it goes wrong.
Original comment by r3gis...@gmail.com
on 16 Feb 2011 at 3:56
@r3gis.3R about comment 22,24:
Will my RTP streams still be encrypted? if i disable SRTP option when using ZRTP
Original comment by dothangb...@gmail.com
on 21 Feb 2011 at 4:47
[deleted comment]
[deleted comment]
@comment #29
Please refer to comment #24 - the "normal" SRTP must be disabled. This SRTP
uses key that are exchanged via SIP and thus require an end-to-end secure SIP
which is a very rare case - if at all possible in the current infrastructure.
ZRTP uses it's own key negotiation mechanism and switches on SRTP automatically
once the SRTP keys are available and checked.
Regards,
Werner
Original comment by werner...@googlemail.com
on 21 Feb 2011 at 8:35
hi r3gis.3R,
This is great project, with TLS&ZRTP support!
Can you share source code (and lib) of TLS&ZRTP version?
thanks!
Original comment by nguyentr...@gmail.com
on 22 Feb 2011 at 10:51
@werer & r3gis.3R:
thanks mans. I have tested your zrtp implement and the result is perfect. I
install TCPdump on my android phone to capture data (in & out). When i disable
zrtp, i can use wireshark to replay voice call (from captured data) and when i
enable zrtp, i only hear noise.
Original comment by dothangb...@gmail.com
on 22 Feb 2011 at 11:19
The whole code isavailable in csipsimple's repository, also ZRTP (and it's
associated
SRTP code) for PJSIP is available at github: https://github.com/wernerd/ZRTP4PJ
.
Other implementations are available in Java and are also in use.
GNU ZRTP C++ and GNU ZRTP4J are the implementations for C++ and Java. PJSIP's
ZRTP
is the same as GNU ZRTP C++ only C wrappers added and a PJSIP driver.
Regards,
Werner
Original comment by werner...@googlemail.com
on 23 Feb 2011 at 12:27
Can I suggest that it should be possible to have SRTP and ZRTP enabled?
You can not always influence what the other party uses. Of course only one can
be used in each call, but amything is better than no encryption
Original comment by josef.schneider
on 30 Mar 2011 at 3:50
Just for info regarding the status of ZRTP in general:
ZRTP is now an official IETF RFC: RFC 6189 -
Congratulations to Phil who did it again.
Regards,
Werner
Original comment by werner...@googlemail.com
on 12 Apr 2011 at 6:34
Can't make zrtp work :(
In the current nightlies, using g729 codec and activateed "Create ZRTP" in
secure transport options but when i sniff a call with wireshark i can decode
the content :(
Any tips?
Original comment by francisc...@gmail.com
on 3 May 2011 at 12:56
Same here. Installed the latest nightly enabled ZRTP but somehow it seems not
activiated. Do I mess something here?
Original comment by chhab...@gmail.com
on 3 May 2011 at 4:51
Thanks for the report, I'll have a look. I've maybe lost the alert popuo while
refactoring ui.
Original comment by r3gis...@gmail.com
on 3 May 2011 at 7:01
please post updates here if you get the problem fixed :-)
also, it would be nice to have a stable release that has ZRTP
btw, great work with csipsimple :-)
Original comment by francisc...@gmail.com
on 3 May 2011 at 9:44
Revision 825 re-integrate ZRTP popup dialog to call screen.
It will be built tonight, let me know how it goes.
Original comment by r3gis...@gmail.com
on 3 May 2011 at 10:08
unfortunately, i have never seen the ZRTP popup dialog but i just tested r825
and it's similar behavior to the previous nightlies.
although I haven't been able to sniff the traffic right now to check if it's
encrypted, when I select "create ZRTP" it just does nothing and in-call there
is no sign of ZRTP presence.
I'm going to try and sniff the traffic but I think the changes weren't
effective as i supose i should see ZRTP related dialogs, even in the options,
which i don't :(
Cheers
Original comment by francisc...@gmail.com
on 4 May 2011 at 7:34
can you tell me which was the last release with working zrtp? I want to
wireshark it
Thanks
Original comment by miklosb...@gmail.com
on 5 May 2011 at 10:29
r829 should work (http://nightlies.csipsimple.com/tls/). At least I did a test
yesterday and it was working.
Normally if both side supports ZRTP a popup should appear that allow you to
confirm SAS.
For now there is no other visual feedback but it should be enough to give you
feedback about the fact ZRTP is taken into account once you press ok on this
popup.
Just additional note : do not hold the call else it will not work after
retrieve. And do not multiple calls at the same time (no conference with ZRTP
yet).
Original comment by r3gis...@gmail.com
on 5 May 2011 at 11:30
I just tried it between a nexus s and a htc desire with the r829, and I couldnt
manage to get the popup. Im using a self configured asterisk server placed in a
university network. As I know, for the zrtp theres no need to configure
anything extra in the asterisk. Am I right?
Do you have any suggestion? For example can you give me some step-by-step guide
to the setup that enables using it?(who knows probably I forgot to set
something up)
Original comment by miklosb...@gmail.com
on 5 May 2011 at 12:10
I confirm that ZRTP is working now, I even sniffed in Wireshark to compare.
but I now have a weird issue that I'm not sure if it's csipsimple related.
i have 2 phones that are exactly the same, even the same firmware (from stock)
and same customizations. On the network menu, one phone has the "Secure
transport" submenu and the other one doesn't.
both of them have the r829-tls branch installed :-(
@miklos did you go to "Settings" -> "Network" -> "Secure Transport" -> "ZRTP
Mode" -> select "Create ZRTP" and that should be enough.
Original comment by francisc...@gmail.com
on 5 May 2011 at 6:17
I just found out the solution to my problem, if by some chance you don't see
the "Secure Transport" option. try and configure a valid SIP account somewhere
and when the account is "registered" on the sip server, that option on the menu
WILL show up.
also, make sure SRTP is disabled.
build r829-tls worked fine.
ZRTP+G.729 works wonders :-) csipsimple rox!
Original comment by francisc...@gmail.com
on 5 May 2011 at 6:50
@miklos
Be careful is Asterisk is somehow in the media communication (RTP) path. Most
often
Asterisk modifies the RTP packets or even encodes/decodes them. ZRTP requires a
transparent end-to-end RTP connection, no intermediate system shall deal with
the
RTP packet - only forward them.
Regards,
Werner
Original comment by werner...@googlemail.com
on 6 May 2011 at 11:04
Tested ZRTP and it works, I didn't find any issue. But I have a question: can
you change the "Settings" -> "Network" -> "Secure Transport" -> "ZRTP Mode"
menu so that we can choose between "Disabled", "Optional" and "Mandatory"?
This would be nice 1) for consistency with the "SRTP Mode" and 2) because users
can have mandatory encryption if they want it.
Original comment by jtaylor...@gmail.com
on 7 May 2011 at 3:03
Original issue reported on code.google.com by
wheresau...@lavabit.com
on 5 Oct 2010 at 10:52