pptp, ppp with Microsoft encryption
Hi
I am packaging the pptpd daemon and modified versions of the ppp package
that include support for the Microsoft authentication and encryption.
PPTP is a protocol for building VPNs between a PPTP server/firewall and
PPTP clients (Win95, Win98, WinNT, Win2000, Linux, MacOS, ..). The
clients get an IP address assigned from the server and are able to
communicate with the internal LAN (behind the firewall) over an
encrypted channel.
I am not sure if the packages can go into main or if they have to go
into non-US. I think that pptpd could go into main as it only implements
the PPTP protocol and leaves authentication and encryption up to pppd.
It is ditributed under the GPL. Please look at
http://www.moretonbay.com/vpn/pptp.html for more information. I looked
over the code and could not find any encryption support, bur I wrote a
mail to the author asking him about this. I hope to get an answer soon.
The problem is pppd. For the data encryption (in my opinion the most
important part of a VPN) pppd and the Linux kernel have to be patched.
The patch can be found at
http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff.gz
This patch is applied to pppd and enables MSCHAPv2 and MPPE 40-128 bit
RC4 encryption.
However, to build the modified kernel, two files are needed which are
not included in the patch. The files are 'rc4.h' and 'rc4_enc.c' and are
included in ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz
Is RC4 encryption a problem with the US export laws ?
What about MD4 (it is used as well with mppe and mschap codes) ?
Codes from the patched pppd include following:
from chap_ms.c (examples):
DesEncrypt(challenge, ZPasswordHash + 0, response + 0);
DesEncrypt(challenge, ZPasswordHash + 7, response + 8);
DesEncrypt(challenge, ZPasswordHash + 14, response + 16);
or
SHA1_Init(&Context);
SHA1_Update(&Context, PeerChallenge, 16);
SHA1_Update(&Context, AuthenticatorChallenge, 16);
SHA1_Update(&Context, username, strlen(username));
SHA1_Final(Digest, &Context);
DesEncrypt is implemented in extra_crypto.c (included in the same pppd
patch)
The additional files 'rc4.h' and 'rc4_enc.c' that are needed for
patching the kernel ppp part have this license and I do not know if they
qualify as DFSG-free software:
/* lib/rc4/rc4_enc.c */
/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts
used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
the
* documentation and/or other materials provided with the
distribution.
* 3. All advertising materials mentioning features or use of this
software
* must display the following acknowledgement:
* This product includes software developed by Eric Young
(eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE
LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available
version or
* derivative of this code cannot be changed. i.e. this code cannot
simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
Please could somebody clarify if this software is DFSG-free and if it
falls under US export laws.
Thanks
Rene
Reply to: