bridging asterisk to the matrix ecosystemmatthew/2015-10-15 matrix astricon.pdf · bridging...
TRANSCRIPT
The problem:
What does it mean to"call someone via WebRTC"?
3
4
5
Why should I have to use Tsahi's app?
6
Why should I trustTsahi's app?
7
Why should the data for this call get trapped in Tsahi's
app?
8
How do I know how to contact Tsahi in future?
9
Users are locked into proprietary communication
apps.
They have no control over their data or their privacy.
Their conversations and contacts are fragmented.
I want to communicate with the apps and services I trust.
13
Not be forced into specific services chosen by my
contacts.
14
If email gives me that flexibility, why not VoIP and
IM?
15
Isn’t SIP meant to fix this?
16
SIP is great and all, but:
17
• It cargo-cults the PSTN
• It’s (almost) all 1:1 communication
• Chat, file transfer etc is clunky
• No synced conversation history
• etc…
Enter Matrix
18
OpenDecentralisedPersistentEventually ConsistentCryptographically SecureMessaging Databasewith JSON-over-HTTP API.
19
Matrix is for:Group Chat (and 1:1)WebRTC SignallingBridging Comms SilosInternet of Things Data
…and anything else which needs to pubsub persistent data to the world.
20
Matrix was built to liberate your scrollback.
21
1st law of Matrix:Conversation history and Group comms are the 1st
class citizens.
22
2nd law of Matrix:No single party own your conversations – they are
shared over all participants.
23
3rd law of Matrix:All conversations may be
end-to-end encrypted.
(real soon now)
24
Matrix is:• Non-profit Open Source Project• De-facto Open Standard HTTP APIs:
– Client <-> Server– Server <-> Server– Application Services <-> Server
• Apache-Licensed Open Source Reference Impls– Server (Python/Twisted)– Client SDKs (iOS, Android, JS, Angular, Python, Perl)– Clients (Web, iOS, Android)– Application Services (IRC, SIP, XMPP, Lync bridges)
• A whole ecosystem of 3rd party servers, clients & services 25
What does it look like?
26
Demo time!
http://matrix.org/blog/try-matrix-now
27
The Matrix Ecosystem
The Matrix Specification (Client/Server API)
client-‐sideserver-‐side
Other Servers and Services
Synapse(Reference Matrix
Server)
Matrix Application Services
Other Clients
Matrix iOSConsole
MatrixKit (iOS)
matrix-‐ios-‐sdk
Matrix Web
Console
matrix-‐angular-‐sdk
matrix-‐js-‐sdk
Android Console
matrix-‐android-‐sdk
matrix-‐react-‐sdk
Matrix Architecture
Clients
Home Servers
IdentityServers
ApplicationServers
Functional Responsibility• Clients: Talks simple HTTP APIs to homeservers to
push and pull messages and metadata. May be as thin or thick a client as desired.
• Homeservers: Stores all the data for a user - the history of the rooms in which they participate; their public profile data.
• Application Services: Optional; delivers application layer logic on top of Matrix (Gateways, Conferencing, Archiving, Search etc). Can actively intercept messages if required.
• Identity Servers: Trusted clique of servers (think DNS root servers): maps 3rd party IDs to matrix IDs.
30
How does it work?
31
http://matrix.org/#about
The client-server APITo send a message:
curl -‐XPOST -‐d '{"msgtype":"m.text", "body":"hello"}' "https://alice.com:8448/_matrix/client/api/v1/rooms/ROOM_ID/send/m.room.message?access_token=ACCESS_TOKEN"
{"event_id": "YUwRidLecu"
}
32
The client-server APITo set up a WebRTC call:
curl -‐XPOST –d '{\"version": 0, \"call_id": "12345”, \"offer": {"type" : "offer”,"sdp" : "v=0\r\no=-‐ 658458 2 IN IP4 127.0.0.1…"
}}' "https://alice.com:8448/_matrix/client/api/v1/rooms/ROOM_ID/send/m.call.invite?access_token=ACCESS_TOKEN"
{ "event_id": "ZruiCZBu” } 33
Basic 1:1 VoIP Matrix Signalling
Caller Calleem.call.invite -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐>m.call.candidate -‐-‐-‐-‐-‐-‐-‐-‐>[more candidates events]
User answers call<-‐-‐-‐-‐-‐-‐ m.call.answer
[media flows]<-‐-‐-‐-‐-‐-‐ m.call.hangup
34
The client-server APITo persist some MIDI:
curl -‐XPOST –d '{\"note": "71",\"velocity": 68,\"state": "on",\"channel": 1,\"midi_ts": 374023441\
}' "https://alice.com:8448/_matrix/client/api/v1/rooms/ROOM_ID/send/org.matrix.midi?access_token=ACCESS_TOKEN"
{ "event_id": “ORzcZn2” }
35
The client-server API…or to persist some tap gestures for animating an Avatar…
curl -‐XPOST –d '{"thumbnail":
"http://matrix.org:8080/_matrix/content/QGtlZ2FuOm1hdHJpeC5vcmcvNupjfhmFhjxDPquSZGaGlYj.aW1hZ2UvcG5n.png",
"actions": [{"x": "0.5521607", "y": "6.224353", "t": "0.9479785"},{"x": "0.5511537", "y": "6.220354", "t": "0.9701037"},{"x": "0.5510949", "y": "6.214756", "t": "0.9804187"},{"x": "0.5499267", "y": "6.213634", "t": "0.9972034"},{"x": "0.5492241", "y": "6.210211", "t": "1.013744"},{"x": "0.5486694", "y": "6.206304", "t": "1.030284"},{"x": "0.5482137", "y": "6.201648", "t": "1.046764"},
...{"x": "0.9997056", "y": "4.022976", "t": "8.970592"},{"x": "0.9995697", "y": "4.043199", "t": "8.987072"}
]}' "https://alice.com:8448/_matrix/client/api/v1/rooms/ROOM_ID/send/org.matrix.demos.unity.stickmen?access_token=ACCESS_TOKEN"
{ "event_id": “ORzcZn2” } 36
The server-server APIcurl –XPOST –H ‘Authorization: X-‐Matrix origin=matrix.org,key=”898be4…”,sig=“j7JXfIcPFDWl1pdJz…”’ –d ‘{
"ts": 1413414391521,"origin": "matrix.org","destination": "alice.com","prev_ids": ["e1da392e61898be4d2009b9fecce5325"],"pdus": [{
"age": 314,"content": {
"body": "hello world","msgtype": "m.text"
},"context": "!fkILCTRBTHhftNYgkP:matrix.org","depth": 26,"hashes": {
"sha256": "MqVORjmjauxBDBzSyN2+Yu+KJxw0oxrrJyuPW8NpELs"},"is_state": false,"origin": "matrix.org","pdu_id": "rKQFuZQawa","pdu_type": "m.room.message","prev_pdus": [
["PaBNREEuZj", "matrix.org"]],"signatures": {
"matrix.org": {"ed25519:auto": "jZXTwAH/7EZbjHFhIFg8Xj6HGoSI+j7JXfIcPFDWl1pdJz+JJPMHTDIZRha75oJ7lg7UM+CnhNAayHWZsUY3Ag"
}},"origin_server_ts": 1413414391521,"user_id": "@matthew:matrix.org"
}]}’ https://alice.com:8448/_matrix/federation/v1/send/916d630ea616342b42e98a3be0b74113 37
Hang on, what about Asterisk?!
38
Application Services (AS)• Extensible custom application logic• They have privileged access to the server (granted
by the admin).• They can subscribe to wide ranges of server
traffic (e.g. events which match a range of rooms, or a range of users)
• They can masquerade as 'virtual users'.• They can lazy-create 'virtual rooms'• They can receive traffic by push.
39
Uses for AS API• Gateways to other comms platforms• Data manipulation
– Filtering– Translation– Indexing– Mining– Visualisation– Orchestration
• Application Logic (e.g. bots, IVR services)• …
40
A trivial application serviceimport json, requests # we will use this laterfrom flask import Flask, jsonify, requestapp = Flask(__name__)
@app.route("/transactions/<transaction>", methods=["PUT"])def on_receive_events(transaction):
events = request.get_json()["events"]for event in events:
print "User: %s Room: %s" % (event["user_id"], event["room_id"])print "Event Type: %s" % event["type"]print "Content: %s" % event["content"]
return jsonify({})
if __name__ == "__main__":app.run()
41
42
Matrix Bridging with ASes
Existing App
ApplicationService
3rd partyServer
3rd partyClients
43
Matrix to IRC
matrix-appservice-irc
ircd(e.g. Freenode)
IRC clients
44
Matrix to
matrix-appservice-irc
slack.com
Slackclients
45
Matrix to
OpenMarketMatrix
Gateway
OpenMarketSMS Gateway
The PSTN
46
Matrix to Skype, Lync, Facebook, AIM, ICQ…?!
matrix-appservice-
purple
skype
skypeclients
Matrix Bridge Stack
47
matrix-‐appservice-‐
irc
matrix-‐appservice-‐bridge
matrix-‐appservice-‐node
matrix-‐js-‐sdk
Node JS
matrix-‐appservice-‐
slack
matrix-‐appservice-‐purple …
No really,what about Asterisk?!!!
48
How to bridge to Asterisk?
49
…in 24 hours?!
50
51
Thought process:
• Write chan_matrix!
• …seek inspiration…
• …need a modern HTTP asterisk channel driver…
• …ask Digium for suggestions…
• “Take a look at chan_respoke”
52
to
asterisk+
chan_respoke
SIP, IAX, H.323, PRI
socket.ioJSON-over-
HTTP transport
53
Taking a look at chan_respoke:
• Really robust asterisk module!
• ~7000 lines of ‘nice’ C
• Respoke’s signaling looks very similar to Matrix, but still would need a rewrite of all the fine detail.
54
Options:
• Fork chan_respoke (not going to happen in 24 hours, alas)
• …or why not just build a bridge?
55
Matrix to Asterisk
matrix-appservice-
respoke
Asterisk+
chan_respoke
SIP, IAX, H.323, PRI
etc
socket.ioJSON-over-
HTTP transport
56
matrix-appservice-respoke
• VERY basic proof of concept
• 478 lines of Node.js
• …plus an SDP stack (393 lines)
• Works with vanilla chan_respoke –just point the transport at the matrix bridge rather than api.respoke.io
matrix-appservice-respokeDemo!
57
Matrix <-> AsteriskMatrix Client Matrix HS matrix-‐bridge-‐respoke chan_respoke
| | | || | |<-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ { /endpoints/$endpoint/connnections }| | |-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐> { connnection details }| | | |
m.call.invite -‐-‐-‐-‐-‐-‐-‐>|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐>| |m.call.candidate -‐-‐-‐-‐>|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐>| |
| | |-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐> { signal ‘offer’ + parsed SDP }| | |<-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ { signal ‘answer’ + parsed SDP }
m.call.answer-‐-‐-‐-‐-‐-‐-‐-‐-‐|<-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐|| | |-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐> { message: success }| | |-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐> { signal ‘connected’ }| | | ||<===================== [media flows] =================>|| | | |
m.call.hangup -‐-‐-‐-‐-‐-‐-‐>|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐>| || | |-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐> { signal ‘bye’ }
58
59
The end goal:
Asterisk
Skype
…
Hangouts
60
Matrix to IOT…
Janus WebRTC Gateway(from MeetEcho)
Parrot BebopDrone
Web Matrix exampleclient (Firefox)
synapse(on laptop)
synapse(on laptop)
Current Progress• Funded: May 2014• Launched alpha: Sept 2014• Entered beta: Dec 2014• Stable v0.9 Beta: May 2015• Crypto & React SDK, Jul 2015• Aug/Sept 2015: Bridges, Perf, Spec,
Conferencing…
61
What's next?• Landing V2 APIs• Use 3rd party IDs by default• Rolling out E2E encryption• Lots more Application Services• Yet more performance work• Spec polishing• New server implementations!
62
We need help!!
63
• We need people to try running their own servers and join the federation.
• We need people to run gateways to their existing services
• We need feedback on the APIs.• Consider native Matrix support for new
apps• Follow @matrixdotorg and spread the
word!
64
matrix-react-sdk• All new web client SDK!• Sensible separation of:– HTTP API wrapper–Matrix client state machine– UI business logic– UI look & feel (skin)• Either customise per-component• …or fork your own skin.
66
matrix-react-sdk
67
matrix-‐react-‐skin
matrix-‐react-‐sdk
matrix-‐js-‐sdk
Browser
matrix-‐react-‐console
Vector
Your App Here!!App
Skin (Views)
Controllers
ReactAPI
Introducing Olm
68
https://matrix.org/git/olm
End to End Encryption with Olm• Apache License C++11 implementation of
an Axolotl-style ratchet, exposing a C API.
• Axolotl is Open Whisper System's better-than-OTR cryptographic ratchet, as used by TextSecure, Pond, WhatsApp etc.
• Supports encrypted asynchronous group communication.
• 130KB x86-64 .so, or 208KB of asm.js69
70
Olm C API
Account• Keys
Session• Initial Key Exchange
Ratchet
• Encrypt• Decrypt
Crypto
• Curve25519• AES• SHA256
Alice BobAlice and Bob both generate identity (I) & ephemeral (E) elliptic curve key pairs
Initial Shared Secret (ISS) =ECDH(Ea, Ib) +ECDH(Ia, Eb) +ECDH(Ea, Eb)
Discard EaDerive chain key from ISS (HMAC)Derive message key (K0) from chain key (HMAC)Derive new chain key ß hash ratchetM0 = Message plaintextC0 = Authenticated Encryption of (M0, K0)Ra0 = generate random ratchet key pairJa0 = incremental counter for each hashratchet advancement
Ia, Ea, Eb, Ra0, Ja0, C0
An Axolotl-style ratchet.Kinda sorta.
Alice BobCompute same Initial Shared Secret =
ECDH(Ea, Ib) +ECDH(Ia, Eb) +ECDH(Ea, Eb)
Compute same K0M0 = Authenticated decryption of (C0, K0)
To respond, B starts new ratchet chain:Rb1 = generate random ratchet key pairNew Initial Shared Secret =
ECDH(Ra0, Rb1) ß ECDH Ratchet
C0 = Authenticated Encryption of (M, K0)Ra0 = generate random ratchet keyJa0 = incremental counter for each hashratchet advancement
Rb1, Jb1, C1
An Axolotl-style ratchet.Kinda sorta.
73
Alice
Sending | Receiving
MK CK RK CK MK-- -- -- -- --
ECDH(A0,B0)||
ECDH(A1,B0) +/|/ |
/ + ECDH(A1,B1)CK-A1-B0 |\
| | \MK-0 ----+ | \
| | CK-A1-B1MK-1 ----+ | |
| | +---- MK-0MK-2 ----+ | |
| +---- MK-1ECDH(A2,B1) +
/|/ |
/ |CK-A2-B1 |
| + ECDH(A2,B2)MK-0 ----+ \
\\CK-A2-B2
|+---- MK-0|+---- MK-1
Demo!
74
http://matrix.org/~markjh/olm/javascript/demo.html
Group chat• Adds a 3rd type of ratchet, used to
encrypt group messages.
• Establish 'normal' 1:1 ratchets between all participants in order to exchange the initial secret for the group ratchet.
• All receivers share the same group ratchet state to decrypt the room.
75
Flexible privacy with Olm• Users can configure rooms to have:– No ratchet (i.e. no crypto)– Full PFS ratchet– Selective ratchet• Deliberately re-use ratchet keys to support
paginating partial eras of history.
• Up to participants to trigger the ratchet (e.g. when a member joins or leaves the room)
– Per-message type ratchets76