[sip-comm-dev] GSoC 09 - OTR - First term results

Geekius Caesar geekius.caesar at gmail.com
Fri Jul 10 23:16:13 CEST 2009


Here I present the results from my first term period.

   * Develop a java library that handles encryption (see The current state
of OTR libraries in Java)
         o Build methods to Assemble/Dissasemble OTR Messages and tests to
verify things work properly
               + OTR Query Messages
               + Tagged plaintext messages
               + OTR Error Messages (Completed)
               + D-H Commit Message
               + D-H Key Message
               + Reveal Signature Message
               + Signature Message
               + Data Message (Completed)
         o Handle state transitions for the following actions (detailed
description of state transitions here),build key management infrastructure
(NOTE: key management for the library, not SC) and build tests to verify
things work properly
           In this period functionality for Requesting an OTR conversation,
Authenticated Key Exchange (AKE), and Data Exchange will be added.
               + Plaintext message without the whitespace tag
               + Plaintext message with the whitespace tag
               + Query Message
               + Error Message
               + D-H Commit Message
               + D-H Key Message (Completed)
               + Reveal Signature Message
               + Signature Message
               + Version 1 Key Exchange Message
               + Data Message
               + User requests to start an OTR conversation
               + User requests to end an OTR conversation
               + User types a message to be sent (Completed)
   * Create a transformation operation set (Completed)
   * Implement support for the transformation set in all protocols (Failed)
   * Implement an OTR encryption bundle prototype/proof of concept that
encrypts all conversations (Failed)

I have created a transformation set for jabber as an initial effort to
incorporate otr4j in SIP Communicator. I've chosen jabber because it is an
open standard with server implementation, such as OpenFire, freely
available.

I did not proceed into creating transformation sets for the rest of the
protocols because there is an issue that the DSA signature does not verify
in Pidgin/libotr, this action is taken in the OTR Protocol Draft, High Level
Overview, Authenticated Key Exchange, Step 9. I tried to sign using
BouncyCastle Leightweight API instead of the Standard JCE, but that failed
too.

To make sure the signature I use is correct, I created a set of test cases
to verify signatures created with bouncycastle using the Sun JCE provider
and visa versa, but that failed too.

I posted a question about this issue today in several places (CodeRanch, Sun
Forums, SIP Communicator dev-list), but I have received no answer yet, so I
need to further investigate this issue.

References:
- OTR Protocol Draft: http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
- CodeRunch post:
http://www.coderanch.com/t/453480/Security/DSA-Signature-sign-verify-using
- Sun Forms post: http://forums.sun.com/thread.jspa?threadID=5396849
- SIP Communicator email:
https://sip-communicator.dev.java.net/servlets/ReadMsg?list=dev&msgNo=6617
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jitsi.org/pipermail/dev/attachments/20090710/916d470f/attachment.html>


More information about the dev mailing list