Awesome
BZRTP
What's BZRTP
BZRTP is an opensource implementation of ZRTP keys exchange protocol(RFC6189).
The library is written in C and C++ is fully portable and can be executed on many platforms including both ARM processor and x86.
The library extends the ZRTP protocol version 1.1 to support Post Quantum Cryptography algorithms. See Post Quantum Crypto Engine documentation for details.
License
BZRTP library is dual-licensed and can be distributed either under a GNU GPLv3 license (open source, see LICENSE.txt) or under a proprietary license (closed source).
Copyright © Belledonne Communications SARL
Johan Pascal is the original author of BZRTP.
Compatibility with RFC6189 - ZRTP: Media Path Key Agreement for Unicast Secure RTP
Mandatory but NOT implemented
- Sas Relay mechanism (RFC6189 section 7.3)
- Error message generation, emission or reception(which doesn't imply any security problem, they are mostly for debug purpose)
Optional and implementd
- multistream mode
- cacheless implementation
- zrtp-hash attribute in SDP
- Go Clear/Clear ACK messages
Optional and NOT implemented
- SAS signing
Supported Algorithms
- Hash : SHA-256, SHA-384, SHA-512
- Cipher : AES-128, AES-256
- SAS rendering: B32, B256(PGP word list)
- Auth Tag : HS32, HS80
- Key Agreement : DH-2048, DH-3072, X25519, X448
- Post Quantum Hybrid Key Agreement: see the extension section below
Notes:
- X25519 and X448 Key agreements(RFC7748) are not part of RFC6189 and supported only when bctoolbox[1] is linking libdecaf[2]
- SHA-512 hash is not part of RFC6189
Extension
In order to support Post Quantum Key Encapsulation Mechanisms, the original ZRTP protocol was extended to include a KEM mode key agreement.
When Post Quantum Cryptography is enabled, the library also supports the following hybrids:
- X255/Kyber512, X255/HQC128, X255/Kyber512/HQC128
- X448/Kyber1024, X448/HQC256, X448/Kyber1024/HQC256
Notes:
- Post Quantum key agreements are not part of RFC6189 and are available only when linking with PostQuantumCryptoEngine[3]
Dependencies
- bctoolbox[1]: portability layer and crypto function abstraction
- libdecaf[2]: X25519 and X448 implementation. bzrtp does not link directly with libdecaf but uses it through bctoolbox
- PostQuantumCryptoEngine[3]: KEM hybrid scheme and ECDH-based KEM, PQC crypto abstraction layer
- sqlite3[4]: requested to support key continuity
Build BZRTP
cmake . -DCMAKE_INSTALL_PREFIX=<prefix> -DCMAKE_PREFIX_PATH=<search_paths>
make
make install
Build options
-
CMAKE_INSTALL_PREFIX=<string>
: install prefix -
CMAKE_PREFIX_PATH=<string>
: column-separated list of prefixes where to search for dependencies -
ENABLE_STRICT=NO
: build without the strict compilation flags -
ENABLE_UNIT_TESTS=YES
: build non-regression tests -
ENABLE_DOC=NO
: generates API documentation -
ENABLE_PACKAGE_SOURCE=NO
: create package source target for source archive making -
ENABLE_ZIDCACHE=YES
: support cache mechanism, enable key continuity. Requires sqlite3 -
ENABLE_GOCLEAR=YES
: support GoClear packets (see RFC6189 section 4.7.2) -
ENABLE_PQCRYPTO=NO
: support KEM mode extension and Post Quantum Crypto algorithms
Notes for packagers
Our CMake scripts may automatically add some paths into research paths of generated binaries.
To ensure that the installed binaries are striped of any rpath, use -DCMAKE_SKIP_INSTALL_RPATH=ON
while you invoke cmake.
Rpm packaging
bzrtp package can be generated with cmake using the following command:
mkdir WORK
cd WORK
cmake ../
make package_source
rpmbuild -ta --clean --rmsource --rmspec bzrtp-<version>-<release>.tar.gz