Hi,<br><br>Some good news, thanks to this very handy excel sheet I was able to fix a couple problems that was holding up my Java RTMPE client-side implementation and now it is working !!<br><br>You can find all the details here:<br>
<br><a href="http://flazr.svn.sourceforge.net/viewvc/flazr/trunk/flazr/src/main/java/com/flazr/Handshake.java?revision=5&view=markup">http://flazr.svn.sourceforge.net/viewvc/flazr/trunk/flazr/src/main/java/com/flazr/Handshake.java?revision=5&view=markup</a><br>
<br>You can see that I am using standard Java crypto stuff. Also, I am using Apache Mina (just like Red5) and here is the filter code for the encryption / decryption layer:<br><br><a href="http://flazr.svn.sourceforge.net/viewvc/flazr/trunk/flazr/src/main/java/com/flazr/RtmpeIoFilter.java?revision=5&view=markup">http://flazr.svn.sourceforge.net/viewvc/flazr/trunk/flazr/src/main/java/com/flazr/RtmpeIoFilter.java?revision=5&view=markup</a><br>
<br>I am pretty sure that with this done, RTMPE support for Red5 is just a matter of time. Feel free to ask me questions.<br><br>Thanks again to Gavriloaie Eugen-Andrei [ <a href="http://www.rtmpd.com">http://www.rtmpd.com</a> ] for the handshake analysis and for helping me today over chat and of course to Luke [ <a href="http://lkcl.net/rtmp">http://lkcl.net/rtmp</a> ] for making all of this possible.<br>
<br>Regards,<br><br>Peter.<br><br>P.S. maybe you should do an SVN checkout of the code before it disappears :P<br><br><div class="gmail_quote">On Wed, Jun 3, 2009 at 2:27 PM, Daniel Rossi <span dir="ltr"><<a href="mailto:electroteque@gmail.com">electroteque@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style=""><br><div><div><div></div><div class="h5"><div>On 03/06/2009, at 6:44 PM, Gavriloaie Eugen-Andrei wrote:</div>
<br><blockquote type="cite"><div style=""><div><div>On Jun 3, 2009, at 11:14 AM, Daniel Rossi wrote:</div><br><blockquote type="cite"><div style="">Is this of importance so basically an extension to the current handshake ?<div>
<br></div><div><div style="margin: 0px;"><span style="color: rgb(170, 13, 145);">if</span> (encrypted) {</div><div style="margin: 0px; color: rgb(0, 116, 0);"><span style="color: rgb(0, 0, 0);"> </span>//prepare the in/out keys</div>
<div style="margin: 0px;"> uint32_t clientDHOffset = GetDHOffset(pInputBuffer + <span style="color: rgb(28, 0, 207);">1532</span>);</div><div style="margin: 0px;"> uint8_t secretKey[<span style="color: rgb(28, 0, 207);">128</span>];</div>
<div style="margin: 0px;"> <span style="color: rgb(170, 13, 145);">if</span> (DHComputeSharedSecretKey(pDH, pInputBuffer + clientDHOffset, <span style="color: rgb(28, 0, 207);">128</span>, secretKey) != <span style="color: rgb(28, 0, 207);">128</span>) {</div>
<div style="margin: 0px; color: rgb(196, 26, 22);"><span style="color: rgb(0, 0, 0);"> FATAL(</span>"Unable to compute shared"<span style="color: rgb(0, 0, 0);">);</span></div><div style="margin: 0px;">
<span style="color: rgb(170, 13, 145);">return</span> <span style="color: rgb(170, 13, 145);">false</span>;</div><div style="margin: 0px;"> }</div><div style="margin: 0px; min-height: 14px;"><br></div><div style="margin: 0px;">
_pKeyIn = <span style="color: rgb(170, 13, 145);">new</span> RC4_KEY;</div><div style="margin: 0px;"> _pKeyOut = <span style="color: rgb(170, 13, 145);">new</span> RC4_KEY;</div><div style="margin: 0px;"> InitRC4Encryption(</div>
<div style="margin: 0px;"> secretKey,</div><div style="margin: 0px;"> (uint8_t*) & pInputBuffer[clientDHOffset],</div><div style="margin: 0px;"> (uint8_t*) & _pOutputBuffer[serverDHOffset],</div>
<div style="margin: 0px;"> _pKeyIn,</div><div style="margin: 0px;"> _pKeyOut);</div><div style="margin: 0px; min-height: 14px;"><br></div><div style="margin: 0px; color: rgb(0, 116, 0);"><span style="color: rgb(0, 0, 0);"> </span>//bring the keys to correct cursor</div>
<div style="margin: 0px;"> uint8_t data[<span style="color: rgb(28, 0, 207);">1536</span>];</div><div style="margin: 0px;"> RC4(_pKeyIn, <span style="color: rgb(28, 0, 207);">1536</span>, data, data);</div><div style="margin: 0px;">
RC4(_pKeyOut, <span style="color: rgb(28, 0, 207);">1536</span>, data, data);</div><div style="margin: 0px;"> }</div><div style="margin: 0px;"> DHFree(pDH);</div><div><font size="2" face="Monaco"><span style="font-size: 10px;"><br>
</span></font></div><div><font size="2" face="Monaco"><span style="font-size: 10px;">So just have to figure out what DHComputeSharedSecretKey is and what it does ? Is this a library method ? </span></font></div></div></div>
</blockquote>Is the shared key from DH key pair and remote DH public key. In java you can generate secretKey using a KeyAgreement. </div><div>For example, suppose we have 2 endpoints: A and B. Both endpoints have a DH key pair, thus we have:</div>
<div><br></div><div>DHa - DH key pair from endpoint A</div><div>DHb - DH key pair from endpoint B</div><div><br></div><div>DH key pair has 2 keys: public key and private key. Thus we have:</div><div>DHaPublic</div><div>DHaPrivate</div>
<div>DHbPublic</div><div>DHbPrivate</div><div><br></div><div>Both endpoints can compute a shared key like this:</div><div><br></div><div>SharedA = KeyAgreement(DHa, DHbPublic) - using key pair A and public B</div><div>SharedB = KeyAgreement(DHb, DHaPublic) - using key pair B and public A</div>
<div><br></div><div>SharedA MUST be equal with SharedB and is guaranteed by the DH algorithm. You can use this like a verification to test the DH algorithm.</div><div><br></div><div>In java, all this is made by a KeyAgreement class/interface in javax.crypto but i can't tell you precisely which one. Sorry... :(</div>
<div><br></div><div>_pKeyIn and _pkeyOut are RC4 keys for encrypting/decrypting the future traffic (immediately after the handshake)</div><div><br></div><div>They are computed using a wrapper function called InitRC4Encryption. Inside, the _pKeyIn and _pkeyOut are initialized with first 16 bytes from HMACSha256 over correspondin DH public keys using secretKey as key.</div>
<div>The implementation is located here:</div><div><a href="http://www.rtmpd.com/browser/trunk/sources/thelib/src/utils/dh.cpp" target="_blank">http://www.rtmpd.com/browser/trunk/sources/thelib/src/utils/dh.cpp</a></div></div>
</blockquote><div><br></div></div></div><div>Yep I was wondering where the wrapper functions were ;)</div><br><blockquote type="cite"><div style=""><div class="im"><div><br></div><div>REMEMBER to encrypt decrypt something (random data) immediately after the computing the in/out keys. The block must have the size of 1536. This will bring the keys to the correct values. RC4 keys are changing after each encryption/decryption. They are dynamic. If you don;t do that, your algorithm will not work. Man.... I've spent 4 hours in my case figuring that out until I've looked with much more attention in the rtmpdump sources.</div>
<div><br></div><div><br></div><div>Btw... many thanks to Luke for making this possible</div><div><br></div><div>Also I'm reattaching that excel file because I forgot to explain the regions :P</div><div><br></div><div>
<br></div><div>Best regards,</div><div>Andrei</div><div><br></div><div></div></div><span><server.xlsx></span></div><div class="im"><div style=""><div></div><div><br></div><div><br></div><div><blockquote type="cite">
<div style=""><div><div><font size="2" face="Monaco"><br></font></div><div><div>On 03/06/2009, at 5:52 PM, Gavriloaie Eugen-Andrei wrote:</div><br><blockquote type="cite"><div>Hi,<br><br>I've made an excel sheet with the every zone in the client/server handshake. Together with the source links below, I hope it is much easy to implement.<br>
I sincerely can't work in java because I have to invest too much time to learn it in order to be at least productive if not proficient.<br>I prefer to invest that time in documents for example.<br><br><a href="http://www.rtmpd.com/browser/trunk/sources/thelib/src/protocols/rtmp/inboundrtmpprotocol.cpp" target="_blank">http://www.rtmpd.com/browser/trunk/sources/thelib/src/protocols/rtmp/inboundrtmpprotocol.cpp</a><br>
<a href="http://www.rtmpd.com/browser/trunk/sources/thelib/src/protocols/rtmp/outboundrtmpprotocol.cpp" target="_blank">http://www.rtmpd.com/browser/trunk/sources/thelib/src/protocols/rtmp/outboundrtmpprotocol.cpp</a><br>
<span><server.xlsx></span><br>_______________________________________________<br>Red5 mailing list<br><a href="mailto:Red5@osflash.org" target="_blank">Red5@osflash.org</a><br><a href="http://osflash.org/mailman/listinfo/red5_osflash.org" target="_blank">http://osflash.org/mailman/listinfo/red5_osflash.org</a><br>
</div></blockquote></div><br></div></div>_______________________________________________<br>Red5 mailing list<br><a href="mailto:Red5@osflash.org" target="_blank">Red5@osflash.org</a><br><a href="http://osflash.org/mailman/listinfo/red5_osflash.org" target="_blank">http://osflash.org/mailman/listinfo/red5_osflash.org</a><br>
</blockquote></div><br></div>_______________________________________________<br>Red5 mailing list<br><a href="mailto:Red5@osflash.org" target="_blank">Red5@osflash.org</a><br><a href="http://osflash.org/mailman/listinfo/red5_osflash.org" target="_blank">http://osflash.org/mailman/listinfo/red5_osflash.org</a><br>
</div></blockquote></div><br></div><br>_______________________________________________<br>
Red5 mailing list<br>
<a href="mailto:Red5@osflash.org">Red5@osflash.org</a><br>
<a href="http://osflash.org/mailman/listinfo/red5_osflash.org" target="_blank">http://osflash.org/mailman/listinfo/red5_osflash.org</a><br>
<br></blockquote></div><br>