sipwise
/
jitsi
mirror of https://github.com/sipwise/jitsi.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Implement paranoid mode for ZRTP.

Browse Source 
Refer to the in-line documentation of enableParanoidMode flag in ZRTPTransformerEngine.java to read the full description.
cusax-fix
Werner Dittmann 14 years ago
parent 2b3437ac65
commit 2b23c9ccc6
2 changed files with 63 additions and 4 deletions
Show Stats Download Patch File Download Diff File

BIN
lib/installer-exclude/zrtp4j-light.jar
View File

Binary file not shown.

67
src/net/java/sip/communicator/impl/neomedia/transform/zrtp/ZRTPTransformEngine.java
Unescape View File

@ -353,6 +353,39 @@ public void run()
private boolean mitmMode = false;
/**
* Enable or disable paranoid mode.
*
* The Paranoid mode controls the behaviour and handling of the SAS verify
* flag. If Panaoid mode is set to flase then ZRtp applies the normal
* handling. If Paranoid mode is set to true then the handling is:
*
* <ul>
* <li> Force the SAS verify flag to be false at srtpSecretsOn() callback.
* This gives the user interface (UI) the indication to handle the SAS
* as <b>not verified</b>. See implementation note below.</li>
* <li> Don't set the SAS verify flag in the <code>Confirm</code> packets,
* thus the other also must report the SAS as <b>not verified</b>.</li>
* <li> ignore the <code>SASVerified()</code> function, thus do not set the
* SAS to verified in the ZRTP cache. </li>
* <li> Disable the <b>Trusted PBX MitM</b> feature. Just send the
* <code>SASRelay</code> packet but do not process the relayed data.
* This protects the user from a malicious "trusted PBX".</li>
* </ul>
* ZRtp performs alls other steps during the ZRTP negotiations as usual, in
* particular it computes, compares, uses, and stores the retained secrets.
* This avoids unnecessary warning messages. The user may enable or disable
* the Paranoid mode on a call-by-call basis without breaking the key
* continuity data.
*
* <b>Implementation note:</b></br>
* An application shall always display the SAS code if the SAS verify flag
* is <code>false</code>. The application shall also use mechanisms to
* remind the user to compare the SAS code, for example useing larger fonts,
* different colours and other display features.
*/
private boolean enableParanoidMode = false;
private ZRTCPTransformer zrtcpTransformer = null;
/**
@ -503,7 +536,9 @@ public synchronized boolean initialize(String zidFilename,
config = new ZrtpConfigure();
config.setStandardConfig();
}
if (enableParanoidMode) {
config.setParanoidMode(enableParanoidMode);
}
zrtpEngine = new ZRtp(zf.getZid(), this, clientIdString, config, mitmMode);
if (timeoutProvider == null)
@ -1288,12 +1323,36 @@ public void setMitmMode(boolean mitmMode) {
this.mitmMode = mitmMode;
}
/**
* Enables or disables paranoid mode.
*
* For further explanation of paranoid mode refer to the documentation
* of ZRtp class.
*
* @param yesNo
* If set to true then paranoid mode is enabled.
*/
public void setParanoidMode(boolean yesNo) {
enableParanoidMode = yesNo;
}
/**
* Check status of paranoid mode.
*
* @return
* Returns true if paranoid mode is enabled.
*/
public boolean isParanoidMode() {
return enableParanoidMode;
}
/**
* Check the state of the enrollment mode.
*
* If true then we will set the enrollment flag (E) in the confirm
* packets and performs the enrollment actions. A MitM (PBX) enrollment service sets this flagstarted this ZRTP
* session. Can be set to true only if mitmMode is also true.
* packets and performs the enrollment actions. A MitM (PBX)
* enrollment service sets this flag.
*
* @return status of the enrollmentMode flag.
*/
public boolean isEnrollmentMode() {
@ -1308,7 +1367,7 @@ public boolean isEnrollmentMode() {
*
* If true then we will set the enrollment flag (E) in the confirm
* packets and perform the enrollment actions. A MitM (PBX) enrollment
* service must sets this mode to true.
* service must set this mode to true.
*
* Can be set to true only if mitmMode is also true.
*

Write Preview
Loading…
Cancel
Save