Great thanks. Let me know when it's updated and I'll test it again and
report back.
Cheers and thanks for your hard work,
Peter
On Sun, Apr 26, 2015 at 10:11 AM, Johan Pascal
<address@hidden <mailto:address@hidden>> wrote:
Peter,
bzrtp submodule in the linphone-android repository is outdated and
older than the insertion of B256 capability...
I'll fix the bug and update the module by tomorrow night.
Johan
On 26/04/15 00:12, Johan Pascal wrote:
Peter,
you're right, something is wrong with B256 SAS. SAS is not correctly
forwarded to linphone from mediastreamer2(only 4 chars in any
case). It
looks like in your case B256 is not used at all while I think it
may be
used but displayed SAS will be anyway, so I'm missing something
else.
If you can send me a wireshark trace of the ZRTP packets it may
help.
I'll fix the error I found in the coming days.
Johan
On 25/04/15 23:39, Peter Villeneuve wrote:
Hi Johan,
Thanks for your reply. I took a look at the code and indeed
EC is not
present yet which would explain why it's never used as you said.
I went ahead and moved the zrtp_XXX_suites settings into
linphonerc_default instead of linphonerc_factory, made sure
they were in
the SIP section and recompiled.
Now indeed one can see in the logs that it is reading the
configuration:
04-25 22:31:05.980 I/linphone(4972): Configured srtp crypto
suite:
AES_CM_128_HMAC_SHA1_80
04-25 22:31:05.985 I/linphone(4972): Configured srtp crypto
suite:
AES_CM_128_HMAC_SHA1_32
04-25 22:31:05.985 I/linphone(4972): Configured srtp crypto
suite:
AES_CM_256_HMAC_SHA1_80
04-25 22:31:05.985 I/linphone(4972): Configured srtp crypto
suite:
AES_CM_256_HMAC_SHA1_32
04-25 22:31:05.985 I/linphone(4972): Configured zrtp cipher:
'MS_ZRTP_CIPHER_AES3'
04-25 22:31:05.985 I/linphone(4972): Configured zrtp hash:
'MS_ZRTP_HASH_S256'
04-25 22:31:05.985 I/linphone(4972): Configured zrtp auth tag:
'MS_ZRTP_AUTHTAG_HS80'
04-25 22:31:05.985 I/linphone(4972): Configured zrtp SAS type:
'MS_ZRTP_SAS_B256'
04-25 22:31:05.985 I/linphone(4972): Configured zrtp key
agreement:
'MS_ZRTP_KEY_AGREEMENT_EC38'
04-25 22:31:05.985 I/linphone(4972): MSAudioMixer
[0x5cc9c550] is
entering bypass mode.
04-25 22:31:05.985 I/linphone(4972): Creating ZRTP engine on
rtp session
[0x5cc06048]
04-25 22:31:06.035 I/linphone(4972): Starting ZRTP engine on
rtp session
[0x5cc06048]
And now indeed the block ciphering seems correct (AES256)
although SAS
rendering is still only 4 character instead of B256.
04-25 22:31:07.640 I/linphone(4972): ZRTP Receive packet
type DHPart2
04-25 22:31:07.755 I/linphone(4972): ZRTP Send packet type
Confirm1 on
rtp session [0x5cc06048]
04-25 22:31:07.755 W/linphone(4972): MSAudio MSTicker: We
are late of
110 miliseconds.
04-25 22:31:07.770 I/linphone(4972): ZRTP Receive packet
type DHPart2
04-25 22:31:07.770 I/linphone(4972): ZRTP Send packet type
Confirm1 on
rtp session [0x5cc06048]
04-25 22:31:07.770 W/linphone(4972): MSAudio MSTicker: We
are late of
116 miliseconds.
04-25 22:31:07.775 I/linphone(4972): ZRTP Receive packet
type Confirm2
04-25 22:31:07.775 I/linphone(4972): ZRTP secrets are ready for
receiver; auth tag algo is *HS80 and cipher algo is AES256*
04-25 22:31:07.775 I/linphone(4972):
media_stream_set_srtp_recv_key():
key 0a..b5 stream sessions is [0x5cc01090]
04-25 22:31:07.775 I/linphone(4972):
media_stream_set_srtcp_recv_key():
key 0a..b5 stream sessions is [0x5cc01090]
04-25 22:31:07.775 I/linphone(4972): ZRTP Send packet type
Conf2ACK on
rtp session [0x5cc06048]
04-25 22:31:07.775 I/linphone(4972): ZRTP secrets are ready
for sender;
auth tag algo is HS80 and cipher algo is AES256
04-25 22:31:07.775 I/linphone(4972):
media_stream_set_srtp_send_key():
key ed..33 stream sessions is [0x5cc01090]
04-25 22:31:07.775 I/linphone(4972):
media_stream_set_srtcp_send_key():
key ed..33 stream sessions is [0x5cc01090]
04-25 22:31:07.775 I/linphone(4972): ZRTP secrets on: *SAS
is essk*
previously verified yes
04-25 22:31:07.780 I/linphone(4972): Event dispatched to
all: secrets
are on
So we're almost there. It seems only SAS is still not working as
expected.
I can send you the full log file directly if you're
interested, but I
don't want to spam the list.
Cheers,
Peter
On Sat, Apr 25, 2015 at 9:15 PM, Johan Pascal
<address@hidden <mailto:address@hidden>
<mailto:address@hidden
<mailto:address@hidden>>> wrote:
Hi Peter,
for EC it's perfectly normal, it had not been
implemented yet. DH2k
and DH3k(default) are the only key agreement available
in bzrtp even
if linphone won't complain if you set EC in your config
file.
For SAS rendering and block ciphering, it's more
surprising.
From your log it looks like the configuration is never
found as the
log shall mention it right after the Configured srtp
crypto suite
part. Can you send me the complete log file please? Did
you insert
the zrtp_XXX_suites settings in the sip section of the
config file?
I plan to include a more accurate trace on the ZRTP
negotiation(complete set of algo used) and it may even
make its way
to the GUI at least on the desktop version for now.
I'll keep you
updated on this.
regards,
Johan
On 25/04/15 21:00, Peter Villeneuve wrote:
Hi guys,
I just downloaded latest git and compiled from scratch.
I have applied to my linphonerc_factory the
following configs
taken from
here
https://lists.gnu.org/archive/html/linphone-developers/2015-03/msg00022.html
At the end of my linphonerc_factory I have added
zrtp_key_agreements_suites=MS_ZRTP_KEY_AGREEMENT_EC38
zrtp_cipher_suites=MS_ZRTP_CIPHER_AES3
zrtp_auth_suites=MS_ZRTP_AUTHTAG_HS80
zrtp_hash_suites=MS_ZRTP_HASH_S256
zrtp_sas_suites=MS_ZRTP_SAS_B256
So far so good. Everything compiles fine and when I
run the apk
on two
different phones I'm able to establish audio and
negotiate ZRTP
as expected.
However, I have enabled debugging and looking
through logcat it
seems
that the cipher suite used is still AES1. Also, the key
negotiation
seems to be DH instead of EC.
Here are the relevant bits from the logfile:
04-25 17:14:09.609 I/linphone(5863): Configured
srtp crypto
suite:
AES_CM_128_HMAC_SHA1_80
04-25 17:14:09.609 I/linphone(5863): Configured
srtp crypto
suite:
AES_CM_128_HMAC_SHA1_32
04-25 17:14:09.609 I/linphone(5863): Configured
srtp crypto
suite:
AES_CM_256_HMAC_SHA1_80
04-25 17:14:09.609 I/linphone(5863): Configured
srtp crypto
suite:
AES_CM_256_HMAC_SHA1_32
04-25 17:14:09.609 I/linphone(5863): Creating ZRTP
engine on rtp
session
[0x582de150]
and later after the call is established and the key is
negotiated:
04-25 17:14:11.484 I/linphone(5863): New call state
[UpdatedByRemote]
04-25 17:14:11.484 I/linphone(5863): ZRTP Receive
packet type
DHPart2
04-25 17:14:11.544 I/linphone(5863): ZRTP Send
packet type
Confirm1 on
rtp session [0x582de150]
04-25 17:14:11.544 W/linphone(5863): MSAudio
MSTicker: We are
late of 54
miliseconds.
04-25 17:14:11.559 I/linphone(5863): ZRTP Receive
packet type
DHPart2
04-25 17:14:11.564 I/linphone(5863): ZRTP Send
packet type
Confirm1 on
rtp session [0x582de150]
04-25 17:14:11.574 I/linphone(5863): ZRTP Receive
packet type
Confirm2
04-25 17:14:11.574 I/linphone(5863): ZRTP secrets
are ready for
receiver; *auth tag algo is HS80 and cipher algo is
AES128*
04-25 17:14:11.574 I/linphone(5863):
media_stream_set_srtp_recv_key():
key 45..a2 stream sessions is [0x58e0be98]
04-25 17:14:11.574 I/linphone(5863):
media_stream_set_srtcp_recv_key():
key 45..a2 stream sessions is [0x58e0be98]
04-25 17:14:11.574 I/linphone(5863): ZRTP Send
packet type
Conf2ACK on
rtp session [0x582de150]
04-25 17:14:11.579 I/linphone(5863): ZRTP secrets
are ready for
sender;
auth tag algo is HS80 and cipher algo is AES128
04-25 17:14:11.579 I/linphone(5863):
media_stream_set_srtp_send_key():
key da..8e stream sessions is [0x58e0be98]
04-25 17:14:11.579 I/linphone(5863):
media_stream_set_srtcp_send_key():
key da..8e stream sessions is [0x58e0be98]
04-25 17:14:11.579 I/linphone(5863): ZRTP secrets
on: SAS is g5hm
previously verified yes
04-25 17:14:11.579 I/linphone(5863): Event
dispatched to all:
secrets are on
04-25 17:14:11.579 E/linphone(5863):
srtp_unprotect() failed
(7) on
stream ctx [0x589d4860]
As you can see, even though I installed the apk on
both phones,
it seems
linphone still chooses to use AES 128 with DH and
SAS is still
using 4
character SAS instead of B256.
Am I doing anything wrong? How can I test out AES3
and EC with
B256 SAS?
It would be great if we could see in the call's UI
some info
regarding
what type of algo was negotiated so we don't have
to enable
debugging
and look through the logs to find out this useful info.
Thoughts?
Cheers,
Peter
_______________________________________________
Linphone-developers mailing list
address@hidden
<mailto:address@hidden>
<mailto:address@hidden
<mailto:address@hidden>>
https://lists.nongnu.org/mailman/listinfo/linphone-developers
_______________________________________________
Linphone-developers mailing list
address@hidden
<mailto:address@hidden>
<mailto:address@hidden
<mailto:address@hidden>>
https://lists.nongnu.org/mailman/listinfo/linphone-developers
_______________________________________________
Linphone-developers mailing list
address@hidden
<mailto:address@hidden>
https://lists.nongnu.org/mailman/listinfo/linphone-developers
_______________________________________________
Linphone-developers mailing list
address@hidden
<mailto:address@hidden>
https://lists.nongnu.org/mailman/listinfo/linphone-developers
_______________________________________________
Linphone-developers mailing list
address@hidden <mailto:address@hidden>
https://lists.nongnu.org/mailman/listinfo/linphone-developers
_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers