Proposal and question to add a new plugin for ZRTP

Sun Feb 5 02:57:32 PST 2012

Dear all,

this is a proposal combined with some questions to create a
gstreamer plugin that supports ZRTP and SRTP/SRTCP to provide
secure, encrypted RTP connections.

I just browsed through gstreamer's RTP stuff and it should be
possible to add such a plugin.

Thus my first questions here:
Would it make sense to develop such a plugin?
Would it be used given that the application needs to just implement
a few additional callbacks to get security status information (the
application does not deal with protocol, encryption and alike)?

Any ideas, feedback?

Best regards,
Werner

Appendix - bit more "meat" to the proposal:

For those who are not familiar with ZRTP here a short introduction
and a link to get more details.

ZRTP is a protcol that negotiates the necessary parameters to
set-up a secure RTP connection (SRTP/SRTCP). ZRTP was developed
by Phil Zimmermann (yes, Mr. "PGP") and is now available as RFC 6189,
for further details about ZRTP see:
   http://zfoneproject.com/zrtp_ietf.html

I developed a C++ ZRTP implementation which is part of several
RTP/RTCP stacks, among them the GNU ccRTP and PJSIP. The PJSIP
is also sort of a PJSIP transport plugin that uses a somewhat
similar callback mechansism (well, conceptually at least :-)  )

A Java version of this implementation is also available and the
Jtisi project makes use of this implementation.

Of course the C++/C implementation ZRTP is interoperable with
Phil's ZRTP C implementation and together we did a lot of
interop-tests and bug fixing to make this happen.

Just as a side note: the Android CSipSimple project uses the PJSIP
variant of the C++/C ZRTP thus we also proved that this ZRTP stack
also runs on Android - if that matters for gstreamer. Therefore
bringing this stuff to Tizen should not be a big deal then :-) .

To show a first rough idea where to place such a plugin I try to
use the gst-launch notation:

gst-launch udpsrc ... ! zrtp ... ! .recv_rtp_sink gstrtpsession

For brevity I omitted any parameters.

The ZRTP plugin would take care of RTP data that belong to ZRTP
and use them internally to perform ZRTP negotiation and don't
forward them to rtp session. In addition the ZRTP plugin would
handle SRTP/SRTCP functions to encrypt/decrypt the RTP packets in
case both are active. Therefore the upper part of rtp session is
not affected.

Because I'm not really familiar with development of gstreamer
plugins and the development of gstreamer stuff (just started to
read docs) I would appreciate some support to have a "quick start"
for this sort of "low level" plugin, maybe even some nice gstraemer
afficionados who could help/counsel during the development of
the plugin?

*** High level structure

                                              :
                                              :
                                              :  +-----------+
                                              :  | SRTP for  |
                                              :  |   ZRTP    |
                                              :  +-----+-----+
                                        uses  :        |
                                      +----------------+
                                      |       :
 +----------------+      +------------+---+   :  +-----------------+
 | other gstreamer|      |                |   :  |                 |
 | plugins        | use  |   zrtp plugin  | uses |      ZRTP       |
 | (UDP, RTP)     +------+   implements   +------+      core       |
 |                |      |  ZrtpCallback  |   :  | implementation  |
 |                |      |                |   :  |  (ZRtp et al)   |
 +----------------+      +----------------+   :  |                 |
                                              :  +-----------------+
                                              :
                           zrtp plugin        :  Existing ZRTP/SRTP
                           between UDP and    :
                           and gstreamer RTP
                           session

*** GNU ZRTP
GNU ZRTP is the existing ZRTP implementation that handles the ZRTP
protocol, performs necessary ZRTP computations, maintains some data
in a file etc. I implemented this part in C++ (it's very stable,
tested to work with Phil Zimmermann's and other ZRTP implementations).
This module is self contained and does not require specific support
exceptfor libcrypto (part of openssl).

*** zrtp plugin
This is a new plugin that links into the RTP stream

This plugin controls the flow of ZRTP, RTP, and SRTP data. This module
is one of main development steps during the proposed ZRTP integration.
This module is the "glue" between other gstreamer plugins, the
gstreamer application and the ZRTP implementation.

*** SRTP-ZRTP
This is the SRTP implementation that implements encryption,
decryption, authentication etc.

*** ZrtpCallback
GNU ZRTP core requires some external support functions, for example to
send data via RTP, get a mutex, get a timer, etc. Because these
functions are system dependent the zrtp plugin implements these
functions and provides them via callback to GNU ZRTP.

*** ZrtpUserCallback (not shown above)
An application may (and should) implement these callback methods.
zrtp plugin uses the user callback methods to inform the application
about status changes, for example if security was established, which
cipher was activated, and some other status information.