Wiki
Clone wikiminisip-mikey-sakke / MinisipAndroid
MIKEY-SAKKE Android demonstrator -- SELEX Elsag Ltd
Authors
Adam Butcher <adam.butcher@selexelsag.com>
- MIKEY-SAKKE Key Management Service HTTPS server and C++ client library.
- Key-storage abstraction, parameter set sharing, ECCSI signing and SAKKE key exchange C++ cryptography library.
- Re-entrant thread-safe C++ front-end for multi-precision arithmetic libraries OpenSSL and LibGMP.
- Efficient thread-specific scratch support for OpenSSL and LibGMP integers.
- Reclaim of terminated thread's bigint scratch pools by new threads, avoiding costly reallocations. (GMP only)
- Efficient octet-string and bigint conversion routines (octet-string <=> bigint (OpenSSL and GMP), and GMP bigint <=> OpenSSL bigint)
- Port of Minisip to Android
- New OpenSL-ES native Android audio device.
- Portability and build fixes.
- Java JNI front-end for Minisip including client interfaces for GUI applications.
- MinisipService (Android background service running the Minisip core.)
- MinisipTest application (Android UI for command-based interaction with Minisip core.)
- Android build fixes for Boost, libcurl and libgmp.
- MIKEY-SAKKE for Minisip
- Extensions to Minisip's libmikey to support ECCSI/SAKKE.
- Extensions to Minisip's user-accounts interface and profile configuration to support MIKEY-SAKKE parameters such as KMS location, authorization and test-vector support.
- Enhancement to Wireshark MIKEY dissector to support ECCSI/SAKKE dissection.
Paul Roberts <paul.m.roberts@selexelsag.com>
- Android Secure Phone GUI as a remote client to the MinisipAndroid library.
- Android boot service to start MinisipAndroid backend at handset startup allowing secure MIKEY-SAKKE calls to be received using the Secure Phone GUI without the user having to explicitly load the application.
- Configuration interface for Minisip parameters.
- Use of Android's build-in contact details (address book) to make secure internet (SIP) calls with MIKEY-SAKKE.
Building
All of the software (save for the android-specific GUI parts) can be build for any supported platform. For instance it is possible to build the MIKEY-SAKKE enhanced GTK GUI for Minisip on x86 which can be useful for testing and demonstration.
Though the build instructions below detail the Android build,
targeting a different platform can be done by simply replacing
the android-cross
prefix in the command-lines below with another
environment front-end or nothing to build for the build platform.
Locations
Note that it is important to checkout the correct branch from the repositories below.
- Repository for KMS and crypto libraries:
- git clone https://bitbucket.org/secollab/libmikey-sakke.git
- git checkout selex-crypto
- git clone https://bitbucket.org/secollab/libmikey-sakke.git
- Repository for Minisip with Android port and MIKEY-SAKKE extensions:
- git clone https://bitbucket.org/secollab/minisip-android.git
- git checkout mikey-sakke
- git clone https://bitbucket.org/secollab/minisip-android.git
Online browsing
- MIKEY-SAKKE KMS (server/client) and Crypto libraries
- Minisip Android
- https://bitbucket.org/secollab/minisip-android/src/mikey-sakke
- https://bitbucket.org/secollab/minisip-android/src/mikey-sakke/libminisip/source/java
- https://bitbucket.org/secollab/minisip-android/src/mikey-sakke/libminisip/source/android
- https://bitbucket.org/secollab/minisip-android/src/mikey-sakke/minisip/minisip/gui/android
Locations relative to these roots will be specified below for each component discussed.
Build environment
The whole environment can be set up in a local user account. There is no need to install system-wide or require root access.
Base dir and checkout
# establish base dir for android stuff
#
mkdir -p ~/src/android
cd ~/src/android
# clone the minisip-android tree
#
git clone https://bitbucket.org/secollab/minisip-android.git minisip
(cd minisip && git checkout mikey-sakke)
# clone the libmikey-sakke tree
#
git clone https://bitbucket.org/secollab/libmikey-sakke.git
(cd libmikey-sakke && git checkout selex-crypto)
Tooling prerequisites (One-time setup for Android cross-compiling)
# ensure that ~/bin is on your PATH.
# Add to ~/.profile or ~/.environment.local for persistence across logins.
#
export PATH=$HOME/bin:$PATH
# enter build base directory
#
cd ~/src/android
# fetch and extract sdk and ndk if you dont have them already
#
wget http://dl.google.com/android/android-sdk_r16-linux.tgz
tar zxvf android-sdk_r16-linux.tgz
wget http://dl.google.com/android/ndk/android-ndk-r7b-linux-x86.tar.bz2
tar jxvf android-ndk-r7b-linux-x86.tar.bz2
# ensure that ANDROID_SDK and ANDROID_NDK are set in your profile.
# Add to ~/.profile or ~/.environment.local for persistence across logins.
#
export ANDROID_SDK=$PWD/android-sdk-linux
export ANDROID_NDK=$PWD/android-ndk-r7b
# fetch and install android-cross tool (front-end environment setup tool)
#
svn co https://subversion.assembla.com/svn/ajb-tools/trunk/android/android-cross/
ln -s $PWD/android-cross/android-cross ~/bin/
# Build GDB 7.4 and overwrite NDK version. Much better for debugging C++ than 6.x.
# (a script is provided in libmikey-sakke/selex/build to perform this)
#
wget http://ftp.gnu.org/gnu/gdb/gdb-7.4.tar.bz2
tar jxvf gdb-7.4.tar.bz2
GDB=$PWD/gdb-7.4 bash libmikey-sakke/selex/build/update-android-gdb.sh
# manual method for build is roughly:
(
cd gdb-7.4
mkdir arm-linux-androideabi
PATH=$(android-cross @PATH) ../configure --prefix=$ANDROID_NDK/prebuilt/linux-x86 --target=arm-linux-androideabi
make install
)
# ensure you have Android 2.3 (API level 10) SDK Platform installed
# via the android GUI and exit
#
android-cross android
# fetch and install make-target-pkg-config to override pkg-config for android
#
svn co https://subversion.assembla.com/svn/ajb-tools/trunk/build/make-target-pkg-config/
./make-target-pkg-config/make-target-pkg-config arm-linux-androideabi
# rehash command cache in case a local version now overrides the system installed version
hash -r || rehash
Prerequisites for C++ libraries (One-time setup)
The build scripts below perform build configuration and perform the
build. To skip the configuration stage prefix the script with
NO_CONFIGURE=1
.
cd ~/src/android
# clone the openssl-android tree
#
git clone https://github.com/eighthave/openssl-android.git
# fetch and extract boost, curl and gmp (use curl -O if you don't have wget)
#
wget http://sourceforge.net/projects/boost/files/boost/1.49.0/boost_1_49_0.tar.bz2/download
tar jxvf boost_1_49_0.tar.bz2
wget http://curl.haxx.se/download/curl-7.25.0.tar.bz2
tar jxvf curl-7.25.0.tar.bz2
wget http://ftp.gnu.org/gnu/gmp/gmp-5.0.5.tar.bz2
tar jxvf gmp-5.0.5.tar.bz2
# build scripts exist for these within the libmikey-sakke/selex/build
# directory. They take care of applying Android fixes and required
# configuration parameters.
#
# To remove the need to configure in various stages, the following
# environment variables should be defined: (it may be convenient to
# add them to some sort of build-env file to be sourced in new
# shells).
#
export BOOST=$PWD/boost_1_49_0
export CURL=$PWD/curl-7.25.0
export GMP=$PWD/gmp-5.0.5
export OPENSSL=$PWD/openssl-android
# build OpenSSL for Android
(cd $OPENSSL && android-cross ndk-build)
# build the others
(
cd libmikey-sakke/selex
android-cross ./build/build-gmp.sh
android-cross ./build/cutdown-build-curl.sh
android-cross ./build/cutdown-build-boost.sh
)
Building the libraries and applications
In the following N
in -jN
is the number of processors to use for the build.
MIKEY-SAKKE C++ libraries and test programs
cd ~/src/android/libmikey-sakke/selex
android-cross make -j8
Individual components can be build with the same command in the
mskms
and mscrypto
subdirectories.
Minisip
cd ~/src/android/minisip-android
# build from scratch -- this will clean build every time.
#
android-cross ./buildmodules.sh -j8
A few options are provided to customize the above. They can be combined where it is logical to do so.
Build stage customization
# don't clean, but still bootstrap and configure
NO_CLEAN=1 android-cross ./buildmodules.sh -j8
# reconfigure but don't clean or bootstrap
NO_BOOTSTRAP=1 android-cross ./buildmodules.sh -j8
# don't configure, just make
NO_CONFIGURE=1 android-cross ./buildmodules.sh -j8
# don't consider the minisip libs at all (just build Android GUIs)
NO_LIBS=1 android-cross ./buildmodules.sh -j8
Build component customization
It is possible to selectively build or skip any of Minisip libraries
using the SKIP
and ONLY
variables. It is also possible to
cause the build to consider additional components via the EXTRA
variable.
# make only the mikey and libminisip libraries
NO_CONFIGURE=1 ONLY="libmikey libminisip" android-cross ./buildmodules.sh -j8
# make everything except the libmutil and libmnetutil libraries
NO_CONFIGURE=1 SKIP="libmutil libmnetutil" android-cross ./buildmodules.sh -j8
# build all libraries and additionally the minisip main desktop
# program. Note that we are not building for android here (no
# android-cross).
#
NO_CONFIGURE=1 EXTRA=minisip ./buildmodules.sh -j8
# build only the minisip desktop application (useful, for example, if
# a GUI change has been made)
NO_CONFIGURE=1 EXTRA=minisip ONLY=minisip ./buildmodules.sh -j8
Installing to PC or target Android phone
Whether you are installing the native Minisip to a local user account
on the development PC or to a USB connected Android device (or
emulator), just pass install
to the script.
# build and install to an attached android device
NO_CONFIGURE=1 android-cross ./buildmodules.sh -j8 install
# build and install the native GTK gui to the local user account
NO_CONFIGURE=1 EXTRA=minisip ./buildmodules.sh -j8 install
MIKEY-SAKKE Key Management Service Server
See https://bitbucket.org/secollab/libmikey-sakke/raw/selex-crypto/selex/mskms/server/README for build and usage details.
Minisip Java/Android front end
The java source is all under the following path:
/libminisip/source/java
The android extras with test UI is at
/libminisip/source/android
The Java interface for a developing a GUI, and the CommandString wrapper for message passing is at:
/libminisip/source/java/se/kth/minisip /libminisip/source/java/se/kth/mutil
Note that the OpenSSL libraries (libssl
and libcrypto
) form part of the android 8 base so it is unnecessary to package them in the APK.
Android Secure Phone GUI
The java source is all under the following path:
/minisip/minisip/gui/android
A README is provided (https://bitbucket.org/secollab/minisip-mikey-sakke/raw/mikey-sakke/minisip/minisip/gui/android/README)
Updated