[guardian-dev] ZRTP hard phone?

Lee Azzarello lee at guardianproject.info
Tue Jun 17 15:09:08 EDT 2014


If you are moving away from Asterisk, I recommend Freeswitch. It's
modular, can be customized to do only the functions you need and has
ZRTP built in. With that ZRTP would "just work" for unverified connections.

To do verification, you would have to do some custom programming to pass
the SAS data from Freeswitch to the user and get into the guts of how
the SAS confirmation functions.

-lee

On 6/17/14, 3:06 PM, Steve Song wrote:
> Hi Lee,
> 
> The as yet unpublished source for the FXS module consists of a kernel
> module and an adapted DAHDI module for the SiLabs chipset so I suppose
> you're right, we could just implement this in Asterisk.  I hadn't really
> looked into ZRTP it was my own ignorance that assumed something lower
> level was required.
> 
> That being said our medium term plan is to move away from Asterisk which
> is a little top-heavy for the function it serves on the MP.
> 
> Cheers... Steve
> 
> 
> On 17 June 2014 15:20, Lee Azzarello <lee at guardianproject.info
> <mailto:lee at guardianproject.info>> wrote:
> 
>     Steve, are you saying that the unpublished driver source has DSP and/or
>     RTP functions in that part of the code? It seems like for ZRTP it would
>     be simpler to do that on the Asterisk end since I gather that you are
>     running Asterisk on the device. Is that correct?
> 
>     -lee
> 
>     On 6/17/14, 10:55 AM, Steve Song wrote:
>     > Thanks Lee (and Nathan!),
>     >
>     > We'll start looking at this more closely.  The links below point
>     to the
>     > driver for the first generation MP which was entirely driven via a
>     > serial interface which sacrificed something in terms of efficiency but
>     > had the virtue of being completely open.  We haven't posted the
>     code for
>     > the MP2 drivers yet I as I am still trying to work out what can be
>     > published and what is covered by SiLabs/Atheros NDAs :(  We'll get
>     this
>     > figured out shortly. Would that they would take a page from Elon Musk.
>     >
>     > We're exploring how we can get the MP2 to integrate more
>     seamlessly with
>     > other VoIP/Messaging systems so that Village Telco mesh networks can
>     > more easily integrate with desktop and mobile applications.  Most
>     > recently we've been looking at Jitsi and having MP2s automatically set
>     > up Jitsi XMPP accounts.  We like Jitsi because of its integration of
>     > XMPP and voice calling (including ZRTP).  There are also interesting
>     > possibilities for matching XMPP accounts with asterisk accounts
>     > (https://jitsi.org/Documentation/CUSAX).
>     >
>     > Are there other place we should be looking?  What is the general
>     > perspective on Jitsi from a security perspective?
>     >
>     > Cheers... Steve
>     >
>     >
>     >
>     >
>     >
>     >
>     > On 14 June 2014 12:44, Lee Azzarello <lee at guardianproject.info
>     <mailto:lee at guardianproject.info>
>     > <mailto:lee at guardianproject.info
>     <mailto:lee at guardianproject.info>>> wrote:
>     >
>     >     Hey Steve,
>     >
>     >     Thanks for writing! Village Telco looks like an awesome project.
>     >
>     >     It looks like I was wrong about the DAHDI interface as the
>     point for the
>     >     ZRTP exchange. Looking over the driver, it doesn't seem to do
>     anything
>     >     for I/O other than set up ioctls for voltage/signaling, so I
>     wouldn't
>     >     expect it to have access to the digital audio stream.
>     >
>     >    
>     https://github.com/tgillett/vt-firmware-mp01/blob/RC3/SECN-build/MP-01/drivers/driver/mp.c
>     >
>     >     It looks like you can modify your Asterisk driver to put ZRTP
>     >     information directly into the voice frames during call setup.
>     >
>     >    
>     https://github.com/tgillett/vt-firmware-mp01/blob/RC3/SECN-build/MP-01/drivers/asterisk/chan_mp.c
>     >
>     >     But it /might/ be as simple as applying a patch to Asterisk,
>     though it's
>     >     been removed from the internet by the author.
>     >
>     >     http://zfone.com/docs/asterisk/man/html/d_guide.html
>     >
>     >     -lee
>     >
>     >     On 6/13/14, 1:34 PM, Steve Song wrote:
>     >     > Hi all,
>     >     >
>     >     > Steve Song from Village Telco here.  Danny Illand mentioned this
>     >     thread
>     >     > to me and I'd love to explore this possibility to see where
>     it goes.
>     >     > Sorry it took me so long.
>     >     >
>     >     > To date we haven't done anything about securing Village
>     Telco networks
>     >     > largely because we believe that fools rush in where angels
>     fear to
>     >     > tread.  The only thing worse than an insecure network is one
>     that
>     >     > advertises itself as secure but isn't.  All that to say that
>     it is not
>     >     > that we aren't interested, we just lack deep expertise in
>     network
>     >     > security.  Which is why I am doing my best to restrain my
>     bubbling
>     >     > enthusiasm about a possible collaboration.
>     >     >
>     >     > The second generation Mesh Potato or MP2 is built on the AR9331
>     >     > platform.  You can see a little bit more about it
>     >     > at http://wiki.villagetelco.org/MP02   The FXS sub-system
>     has taken us
>     >     > way longer than we had hoped to produce but is just going into
>     >     > production this very week.  It took a while to getting
>     working kernel
>     >     > and DAHDI drivers for it.  Getting technical support from
>     >     > Qualcomm/Atheros and SiliconLabs it tough when you're tiny.  :)
>     >     >
>     >     > Everything we have developed is under an open license.  However,
>     >     and it
>     >     > is not an insignificant however, we used some of SiLabs'
>     code for the
>     >     > drivers as we couldn't afford to write everything from scratch.
>     >      Getting
>     >     > access to 100% of the code may require signing an NDA with
>     SiLabs.  I
>     >     > need to investigate this more to find out how that works in
>     practice.
>     >     >  The chip we have used for the FXS subsystem is the Si3217x
>     ProSLIC
>     >     >
>      (http://www.silabs.com/products/voice/slic/Pages/Si3217xProSLIC.aspx)
>     >     >
>     >     > Comments, questions welcome.
>     >     >
>     >     > Cheers... Steve
>     >     >
>     >     > -----------------------
>     >     > [guardian-dev] ZRTP hard phone?
>     >     >
>     >     > Lee Azzarello lee at guardianproject.info
>     <http://guardianproject.info>
>     >     <http://guardianproject.info> <http://guardianproject.info>
>     >     > Fri Jun 6 15:47:43 EDT 2014
>     >     > Previous message: [guardian-dev] ZRTP hard phone?
>     >     > Next message: [guardian-dev] [Report] Week 2: LilDebi: Integrate
>     >     Debian
>     >     > withAndroid
>     >     > Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>     >     > On 6/2/14, 8:51 AM, Peter Villeneuve wrote:
>     >     >> It is indeed a great idea. What exact device are they using for
>     >     the mesh
>     >     >> potato? I can't seem to find any specific info on that.
>     >     >> I'd also like to know how they got the ATA bit working,
>     since all
>     >     I seem
>     >     >> to find on the interwebz is proprietary ATA firmware.
>     >     >>
>     >     >> Anyone know of any open source ATA projects?
>     >     >
>     >     > Yes, but you'll have to build the hardware yourself.
>     >     >
>     >     > http://www.voip-info.org/wiki/view/DAHDI
>     >     >
>     >     > The commercial products took a dumb hardware smart software
>     >     approach and
>     >     > did the DSP in software using the zaptel API. There's over
>     10 years of
>     >     > history and the driver is in the mainline kernel.
>     >     >
>     >     >
>     >     >
>     >     > I can imagine an ATA that is smart enough to speak ZRTP and
>     do key
>     >     > verification with a recorded voice or print out the SAS on
>     an LCD/LED
>     >     > screen.
>     >     >
>     >     > -lee
>     >     >
>     >     >>
>     >     >> Cheers
>     >     >>
>     >     >>
>     >     >> On Mon, Jun 2, 2014 at 1:40 AM, Nathan of Guardian
>     >     >> <nathan at guardianproject.info
>     <http://guardianproject.info> <http://guardianproject.info>
>     >     <http://guardianproject.info>
>     >     > <mailto:nathan <mailto:nathan> <mailto:nathan
>     <mailto:nathan>> <mailto:nathan <mailto:nathan> <mailto:nathan
>     <mailto:nathan>>> at
>     >     guardianproject.info <http://guardianproject.info>
>     <http://guardianproject.info>
>     >     > <http://guardianproject.info>>> wrote:
>     >     >>
>     >     >>     On 06/01/2014 07:06 PM, Danny Iland wrote:
>     >     >>     > If you're planning to make a ATA+ZRTP box, you might
>     consider
>     >     >>     using the
>     >     >>     > Village Telco Mesh Potato as your hardware platform.
>     It has
>     >     the ATA
>     >     >>     > hardware built in and runs Asterisk on OpenWRT. I'm
>     sure Steve
>     >     >>     Song and
>     >     >>     > the other village telco developers would be happy to
>     provide
>     >     >>     support and
>     >     >>     > take patches.
>     >     >>     >
>     >     >>     > http://villagetelco.org/mesh-potato/
>     >     >>
>     >     >>     That is a great idea. It would really be something to
>     get ZRTP
>     >     > supported
>     >     >>     by the Mesh Potato!
>     >     >>
>     >     >>     >
>     >     >>     >
>     >     >
>     >     >
>     >     > --
>     >     > Steve Song
>     >     > +1 902 529 0046 <tel:%2B1%20902%20529%200046>
>     <tel:%2B1%20902%20529%200046>
>     >     > http://villagetelco.org
>     >     >
>     >     >
>     >     > _______________________________________________
>     >     > Guardian-dev mailing list
>     >     >
>     >     > Post: Guardian-dev at lists.mayfirst.org
>     <mailto:Guardian-dev at lists.mayfirst.org>
>     >     <mailto:Guardian-dev at lists.mayfirst.org
>     <mailto:Guardian-dev at lists.mayfirst.org>>
>     >     > List info:
>     https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>     >     >
>     >     > To Unsubscribe
>     >     >         Send email to:
>     >      Guardian-dev-unsubscribe at lists.mayfirst.org
>     <mailto:Guardian-dev-unsubscribe at lists.mayfirst.org>
>     >     <mailto:Guardian-dev-unsubscribe at lists.mayfirst.org
>     <mailto:Guardian-dev-unsubscribe at lists.mayfirst.org>>
>     >     >         Or visit:
>     >    
>     https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>     >     >
>     >     > You are subscribed as: lee at guardianproject.info
>     <mailto:lee at guardianproject.info>
>     >     <mailto:lee at guardianproject.info
>     <mailto:lee at guardianproject.info>>
>     >     >
>     >
>     >
>     >
>     >
>     > --
>     > Steve Song
>     > +1 902 529 0046 <tel:%2B1%20902%20529%200046>
>     > http://villagetelco.org
> 
>     _______________________________________________
>     Guardian-dev mailing list
> 
>     Post: Guardian-dev at lists.mayfirst.org
>     <mailto:Guardian-dev at lists.mayfirst.org>
>     List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
>     To Unsubscribe
>             Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>     <mailto:Guardian-dev-unsubscribe at lists.mayfirst.org>
>             Or visit:
>     https://lists.mayfirst.org/mailman/options/guardian-dev/steve%40villagetelco.org
> 
>     You are subscribed as: steve at villagetelco.org
>     <mailto:steve at villagetelco.org>
> 
> 
> 
> 
> -- 
> Steve Song
> +1 902 529 0046
> http://villagetelco.org



More information about the Guardian-dev mailing list