ZRTP passthrough mode allows two ZRTP-capable clients to negotiate an
end-to-end security association through FreeSWITCH. The clients are
therefore able to be certain that the FreeSWITCH instance mediating
the call cannot eavesdrop on their conversation.
Importantly, this capability is maintained across multiple FreeSWITCH
hops. If widely deployed, this enables a global network architecture
where two people can speak securely with strong cryptographically
protected authentication and confidentiality.
With this commit we implement a zrtp-passthru mode that handles all
the details of the negotiation intelligently. This mode can be
selected by setting the boolean parameter inbound-zrtp-passthru in the
sofia profile. This will also force late-negotiation as it is
essential for correctly negotiating an end-to-end ZRTP security
association.
When an incoming call with a zrtp-hash is received and this mode is
enabled, we find the first audio and the first video zrtp-hash in the
SDP and store them as remote values on this channel. Once a b-leg is
available, we set the local zrtp-hash values on that channel to the
remote zrtp-hash values collected from the a-leg.
Because zrtp-passthru absolutely requires that the channels negotiate
the same codec, we offer to the b-leg only codecs that the a-leg can
speak. Once the b-leg accepts a codec, we will force that choice onto
the a-leg.
If the b-leg sends us zrtp-hash values in the signaling, we store
those as remote values on the b-leg and copy them to the local values
on the a-leg.
At this point, each leg has the zrtp-hash values from the other, and
we know we can do ZRTP passthrough mode on the call. We send the
b-leg's zrtp-hash back to the a-leg in the 200 OK.
We then enable UDPTL mode on the rtp streams for both the audio and
the video so that we don't interfere in the ZRTP negotiation.
If the b-leg fails to return a zrtp-hash in the signaling, we set up a
ZRTP security association with the a-leg ourselves, if we are so
equipped. Likewise, if the a-leg fails to send a zrtp-hash in the
signaling, we attempt to set up a ZRTP security association ourselves
with the b-leg.
The zrtp-passthru mode can also be enabled in the dialplan by setting
the boolean channel variable zrtp_passthru. If enabled in this
manner, we can't force late-negotiation, so the user would need to be
sure this is configured.
If ZRTP passthrough mode is not enabled in either manner, this change
should have no effect.
Channel variables for each of the various zrtp-hash values are set,
though it is anticipated that there is no good reason to use them, so
they may be removed without warning. For checking whether zrtp
passthrough mode was successful, we provide the channel variable
zrtp_passthru_active which is set on both legs.
Though not implemented by this commit, the changes here should make it
more straightforward to add correct zrtp-hash values to the signaling
and verify that correct hello hash values are received when FreeSWITCH
is acting as a terminating leg of the ZRTP security association.
This prior method sets a channel variable from the a-leg's zrtp-hash,
then relies on the dialplan to export this channel variable to the
b-leg, where it is put into the SDP.
While it was a great start and wonderful for testing, this approach
has some drawbacks that motivated the present work:
* There's no good way to pass the zrtp-hash from the b-leg back to
the a-leg. In fact, the implementation seems to send the a-leg's
zrtp-hash back to the originating client in the 200 OK. This is
not correct.
* To support video, we'd need to have a separate dialplan variable,
and the dialplan author would need to deal with that explicitly.
* The API is problematic as it requires the dialplan author to
understand intricate details of how ZRTP works to implement a
correct dialplan. Further, by providing too fine-grained control
(but at the same time, not enough control) it would limit our
ability to make the behavior smarter once people started relying on
this.
Travis Cross [Thu, 24 May 2012 15:13:11 +0000 (15:13 +0000)]
debian: remove support for building sounds and music
The various sounds and music have their own source packages now as
they have their own conventions and version numbers which fortunately
update less frequently than FreeSWITCH itself.
We changed away from using unsigned here because it caused a warning
on Windows. Using the more specific type, however, is causing a
warning on gcc-4.7 (it notices that the switch statement contains
values not present in the specified enum type). So we're switching
back to unsigned here while keeping the type casts and hoping that
keeps Windows happy.
Mathieu Rene [Tue, 22 May 2012 18:00:39 +0000 (14:00 -0400)]
Update the outgoing channel handler so it passes the "var_event" event down towards rtmp_send_incoming_call since variables passed using originate are not yet in the session before the outgoing channel function returns.
block any inbound messages when queue is full; add debounce for mwi and pres on register; fix missing detach attr on new mode to process reg in new thread
Using the more explicit typedef causes gcc to warn about the
incompatible types for the reasons noted in the earlier commit
message. This is why we just used the unsigned type earlier so we
could avoid all this casting.
Travis Cross [Thu, 17 May 2012 06:13:32 +0000 (06:13 +0000)]
squelch a Windows VS warning about null termination on the ZID
According Jeff Lenk, Windows Visual Studio doesn't understand that
people use the char type for non-null-terminated byte arrays, so it
throws a warning about this that causes the build to fail on Windows.
As the initial value for the ZID doesn't really matter here one iota,
just null-terminate it on Windows.
Travis Cross [Thu, 17 May 2012 05:33:44 +0000 (05:33 +0000)]
work around libzrtp API mistake for VS
libzrtp's sas_is_verified field is a uint32_t, but zrtp_verified_set
expects a uint8_t. This is a boolean field, so it doesn't matter one
way or the other. gcc doesn't care, but Windows Visual Studio
apparently throws a warning about this.
Travis Cross [Wed, 16 May 2012 21:26:50 +0000 (21:26 +0000)]
use the typedef for an enum rather than unsigned
The callback here receives both zrtp_protocol_event_t and
zrtp_security_event_t events. The latter is numbered contiguously to
the former. Still, it's a bit confusing to have to pick one as a
type, but apparently this fixes a warning on Visual Studio on Windows.
Travis Cross [Wed, 16 May 2012 02:41:24 +0000 (02:41 +0000)]
Revert "disable these options if zrtp isn't enabled"
Brian and I talked about this and concurred on the reversion here.
Part of the point of the ZRTP pass-through mode code is that it allows
two legs to have a ZRTP-enabled call even if FS doesn't have ZRTP.
FS-4183 here is a start, it still needs some work but here are the basic components, initially I am using the algorithim we use to generate artifical silence (static) and using one of those values to sleep a certian number of microseconds plus the cumulative bytes of events but i bet there is still some predictability in there so it needs some more
Travis Cross [Sun, 13 May 2012 05:59:03 +0000 (05:59 +0000)]
debian: handle copyright information for pocketsphinx
Debian expects all copyright information to be in one place, so we
copy the license details to debian/copyright and remove the COPYING
files when we install components.
Travis Cross [Sat, 12 May 2012 21:30:53 +0000 (21:30 +0000)]
debian: put mod_ilbc in non-free
The iLBC library in our tree is non-free software. Google has
purchased Global IP Sound and released a newer version of this library
as part of WebRTC as free software, but we need to upgrade to take
advantage of this more favorable licensing.
Until we do that, we also need to remove libs/ilbc from the Debian
source packaging.
Travis Cross [Sat, 12 May 2012 19:51:16 +0000 (19:51 +0000)]
debian: put mod_siren in non-free
Despite the relatively-generous patent grant from Polycom, the
requirement to execute further agreements to use the code and patents
means this module fails the DFSG.
We'll need to exclude this code from the source package as well.
projects / thirdparty / freeswitch.git / log
