search

mumble-voip / mumble

Mumble is an open-source, low-latency, high quality voice chat software.
https://www.mumble.info
Other
6.41k stars 1.12k forks source link

Change encryption algorithm #5559

Closed herman97 closed 2 years ago

herman97 commented 2 years ago

The issue

Hello!

I am trying to change the encryption algorithm so that mumble uses homomorphic encryption instead of the current implementation.

I was wondering in which files the encryption/decryption happens? After trying to print in different functions to see where and on what encryption and decryption run, I can´t seem to find any time when decryption run?

I am trying to encrypt and decrypt both voice and text.

Help is much appreciated!

Mumble version

1.5.0

Mumble component

Both

OS

Linux

Additional information

No response

Krzmbrzl commented 2 years ago

You could have a look at https://github.com/mumble-voip/mumble/pull/4824

The en- and decryption goes through https://github.com/mumble-voip/mumble/blob/master/src/crypto/CryptState.h

Is that already helpful?

herman97 commented 2 years ago

Yes that is somewhat helpful, thank you!

Do you mean that I should implement my own version that inherits from cryptstate?

Also, how and where is the audio mixing performed? Since i assume that the voice is decrypted at the server for that to be done?

Krzmbrzl commented 2 years ago

Do you mean that I should implement my own version that inherits from cryptstate?

If you want your implementation to fit nicely within the existing code, then I think that would be the easiest way, yes. Alternatively you could also completely bypass this class and then change the actual code where the en- and decryption happens.

client-side decryption: https://github.com/mumble-voip/mumble/blob/00fdfbcf276a284f05cf6e1218e02cb8de7568f5/src/mumble/ServerHandler.cpp#L229-L230 client-side encryption: https://github.com/mumble-voip/mumble/blob/00fdfbcf276a284f05cf6e1218e02cb8de7568f5/src/mumble/ServerHandler.cpp#L304 server-side decryption: https://github.com/mumble-voip/mumble/blob/00fdfbcf276a284f05cf6e1218e02cb8de7568f5/src/murmur/Server.cpp#L969-L970 server-side encryption: https://github.com/mumble-voip/mumble/blob/00fdfbcf276a284f05cf6e1218e02cb8de7568f5/src/murmur/Server.cpp#L1004-L1005

Also, how and where is the audio mixing performed? Since i assume that the voice is decrypted at the server for that to be done?

https://github.com/mumble-voip/mumble/blob/00fdfbcf276a284f05cf6e1218e02cb8de7568f5/src/mumble/AudioOutput.cpp#L354 However, at this point the audio has been decrypted long ago (see above)

Krzmbrzl commented 2 years ago

One additional note to make sure you are aware of this: If you change the used encryption scheme, your adapted client and server will be completely incompatible with the mainline clients and servers.

herman97 commented 2 years ago

Alright, thank you I think this will help very much!

One more question, does this mean that the voice mixing is performed on the client-side and not the server-side? For example when multiple people speak at the same time I assume that their voices get mixed together and before someone else hear it?

Krzmbrzl commented 2 years ago

Yes all audio processing is performed entirely client-side. The server only receives and distributes audio packets but never actually touches the contained audio.

herman97 commented 2 years ago

Alright, would it be possible to move the mixing to the server? Since I am trying to implement homomorphic encryption I don't want to decrypt anything on the server, but I would also like to use the homomorphic encryption features of being able to use addition and multiplication on the data that is encrypted.

herman97 commented 2 years ago

And how come the data being transferred is decrypted on the server although no mixing is performed there?

Krzmbrzl commented 2 years ago

would it be possible to move the mixing to the server?

Not without completely rewriting how audio is handled.

And how come the data being transferred is decrypted on the server although no mixing is performed there?

The encryption is not end-to-end, so the server has to re-encrypt the message depending on the respective recipient.

herman97 commented 2 years ago

Alright, I will have to try that then! Furthermore, I can't seem to understand how text is sent either, are text messages encrypted?

(Thank you for the help, even though I might have stupid questions)

Krzmbrzl commented 2 years ago

Text messages are transferred via TCP by means of the Protobuf message format - see https://github.com/mumble-voip/mumble/blob/c317d57008714edff2f77f7ae6a313fdf1685539/src/Mumble.proto#L259-L272

It is encrypted via TLS (as all TCP messages are)

EDIT: Maybe also relevant for you: https://github.com/mumble-voip/mumble/blob/master/docs/dev/TheMumbleSourceCode.md

herman97 commented 2 years ago

Alright, thank you for your help!

Krzmbrzl commented 2 years ago

You're welcome.

I'll close this as resolved then.