I'm just going to push a new ZRTP library and some code cleanup
in SRTP related classes. These modifications do not add new functions
that a visible outside the related code.
The main topics are:
1) fix the F8 crypto mode for SRTP. Because it was never used it also
was not tested in depth . This fix and some other cleanup for
F8 mode was necessary to implement the next enhancement.
2) Delete (overwrite with null bytes) all secret SRTP keys as soon as
possible. This makes it much harder to detect key material in memory
or forced memory dumps because the secret key material only lives
for a very short amount of time.
As it stood up to now _several_ copies of secret key material were held
at various places in long living objects. These objects live at least as
long as the audio/video session lasts. Also the key material was not
destroyed during garbage collection thus it could remain in memory for
quite some time.
Topic 2 involved code in normal Jitsi SRTP code as well as code in ZRTP
I have tested the modifications with ZRTP and SRTP that was created and
controlled by ZRTP. Bacuse I don't have a SDES environment I couldn't test
it. However, I checked the SDES related SRTP code and this also looks ok
to me. Ingo, can you retest with SDES please?
I'm doing some more analysis (there are still some places to check) but
this will take some more time and testing. Stay tuned .