Re: wtls branch merged

[Nikos Balkanas]

I don't believe so. The openssl RC5 is licensed under the openssl license 
(similar to kannel's).

http://www.openssl.org/source/license.html
Yes it is necessary, as mentioned in a previous mail. Incorrectly I said 
that it is used in key generation. Actually it is one of the 3 cipher 
algorithms used for content according to the wtls spec:

enum bulk_algorithms {
       NULL_bulk,
       RC5_CBC_40,
       RC5_CBC_56,
       RC5_CBC,
       DES_CBC_40,
       DES_CBC,
       TRIPLE_DES_CBC_EDE,
       IDEA_CBC_40,
       IDEA_CBC_56,
       IDEA_CBC
};

This implementation supports the RC5 and DES algorithms. Not the IDEA.

Kannel already has wtls with RC5 for all these years, except that it doesn't 
work.

BR,
Nikos

----- Original Message ----- 
From: "Milan P. Stanic" <m...@arvanta.net>
To: <devel@kannel.org>
Sent: Sunday, September 12, 2010 7:42 PM
Subject: Re: wtls branch merged


On Sun, 2010-09-12 at 17:35, Nikos Balkanas wrote:
But you don't need an rpm if you build from sources. You have all
the includes and sources that you need.
If you are referring about the binary kannel rpms, these are
seriously outdated. Besides rpms are for the masses, and wtls is for
the few...You should disable wtls when building for the masses.

It could be problem for distributors (RH, Debian, Suse, xxxBSD and
others) if they cannot distribute Kannel with WTLS enabled because RC5
is patented and distributors don't want to go court.

Is the RC5 mandatory for WTLS?

Nikos
.
----- Original Message ----- From: "Rene Kluwen"
<rene.klu...@chimit.nl>
To: "'Nikos Balkanas'" <nbalka...@gmail.com>; "'Alexander Malysh'"
<amal...@kannel.org>
Cc: "'Kannel Devel'" <devel@kannel.org>
Sent: Sunday, September 12, 2010 5:29 PM
Subject: RE: wtls branch merged


>Okay... suppose you can build it in one step.
>
>That still won't solve the rpm dependency.
>
>== Rene
>
>-----Original Message-----
>From: Nikos Balkanas [mailto:nbalka...@gmail.com]
>Sent: Sunday, 12 September, 2010 16:23
>To: Rene Kluwen; 'Alexander Malysh'
>Cc: 'Kannel Devel'
>Subject: Re: wtls branch merged
>
>Actually it is not that bad. Openssl compiles from sources in one step:
>
>config threads no-krb5 shared enable-rc5 --prefix=/usr/local/64
>
>Clean, nothing to it.
>
>BR,
>Nikos
>----- Original Message ----- From: "Rene Kluwen"
><rene.klu...@chimit.nl>
>To: "'Nikos Balkanas'" <nbalka...@gmail.com>; "'Alexander Malysh'"
><amal...@kannel.org>
>Cc: "'Kannel Devel'" <devel@kannel.org>
>Sent: Sunday, September 12, 2010 5:12 PM
>Subject: RE: wtls branch merged
>
>
>>Hmmm... too much of a bother. I wonder if anybody still uses wap
>>nowadays.
>>
>>Maybe in combination with mbuni, wap might be convenient. But even 
>>then,
>>people won't use wtls.
>>
>>@Alexander: What dependencies does the pre-compiled package need when
>>using
>>this 'feature'? Because otherwise nobody (at least I won't) be able to
>>install it from rpm, because the CentOS packages include openssl 
>>without
>>RC5
>>support. Not sure about other distributions.
>>
>>== Rene
>>
>>-----Original Message-----
>>From: Nikos Balkanas [mailto:nbalka...@gmail.com]
>>Sent: Sunday, 12 September, 2010 15:58
>>To: Rene Kluwen; 'Alexander Malysh'
>>Cc: 'Kannel Devel'
>>Subject: Re: wtls branch merged
>>
>>Actually you get these errors because you didn't solve your rc5 issue 
>>and
>>proceeded nevertheless.
>>
>>rc5 is needed for cryptography of wtls. Otherwise you won't be able to
>>produce the keys. Either install openssl with rc5 enabled or build from
>>sources with --enable-rc5. When you get these, your gw-config.h will 
>>set
>>the
>>
>>correct directives and compile cleanly.
>>
>>After compilation, you will have to configure wtls group in your
>>kannel.conf
>>
>>and produce a pair of self-signed RSA keys for that.
>>
>>BR,
>>Nikos
>>
>>----- Original Message ----- From: "Nikos Balkanas"
>><nbalka...@gmail.com>
>>To: "Rene Kluwen" <rene.klu...@chimit.nl>; "'Alexander Malysh'"
>><amal...@kannel.org>
>>Cc: "'Kannel Devel'" <devel@kannel.org>
>>Sent: Sunday, September 12, 2010 4:45 PM
>>Subject: Re: wtls branch merged
>>
>>
>>>OK. I think you solved the RC5 issue. You need headers (openssl-devel)
>>>with rc5 enabled.
>>>
>>>About the rest:
>>>
>>>After configure --with-wtls=openssl you should end up with 
>>>gw-config.h:
>>>
>>>/* Defined if we're using OpenSSL WTLS */
>>>211: #define HAVE_WTLS_OPENSSL 1
>>>
>>>If not, enable it manually and rebuild.
>>>
>>>BR,
>>>Nikos
>>>----- Original Message ----- From: "Rene Kluwen"
>>><rene.klu...@chimit.nl>
>>>To: "'Rene Kluwen'" <rene.klu...@chimit.nl>; "'Nikos Balkanas'"
>>><nbalka...@gmail.com>; "'Alexander Malysh'" <amal...@kannel.org>
>>>Cc: "'Kannel Devel'" <devel@kannel.org>
>>>Sent: Sunday, September 12, 2010 3:38 PM
>>>Subject: RE: wtls branch merged
>>>
>>>
>>>>Clearly I am missing something. After ./configure
>>>>--with-wtls=openssl, I
>>>>get:
>>>>(openssl-devel is installed).
>>>>
>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:235:
>>>>undefined reference
>>>>to
>>>>`private_key'
>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:236:
>>>>undefined reference
>>>>to
>>>>`private_key'
>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:219:
>>>>undefined reference
>>>>to
>>>>`x509_cert'
>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:220:
>>>>undefined reference
>>>>to
>>>>`x509_cert'
>>>>libwap.a(wtls.o): In function `clientHello':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:453: undefined 
>>>>reference
>>>>to
>>>>`wtls_choose_ciphersuite'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:472: undefined 
>>>>reference
>>>>to
>>>>`wtls_choose_clientkeyid'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:484: undefined 
>>>>reference
>>>>to
>>>>`wtls_choose_snmode'
>>>>libwap.a(wtls.o): In function `wtls_event_handle':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302:
>>>>undefined
>>>>reference to `packet_contains_changecipherspec'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314:
>>>>undefined
>>>>reference to `packet_contains_changecipherspec'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:328:
>>>>undefined
>>>>reference to `is_critical_alert'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:338:
>>>>undefined
>>>>reference to `is_warning_alert'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:397:
>>>>undefined
>>>>reference to `packet_is_application_data'
>>>>libwap.a(wtls.o): In function `serverHello':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:533: undefined 
>>>>reference
>>>>to
>>>>`wtls_get_random'
>>>>libwap.a(wtls.o): In function `wtls_event_handle':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:826: undefined 
>>>>reference
>>>>to
>>>>`wtls_decrypt_pdu_list'
>>>>libwap.a(wtls.o): In function `wtls_event_handle':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:77: 
>>>>undefined
>>>>reference to `packet_contains_clienthello'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:480:
>>>>undefined
>>>>reference to `packet_contains_clienthello'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:210:
>>>>undefined
>>>>reference to `clienthellos_are_identical'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:231:
>>>>undefined
>>>>reference to `is_warning_alert'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:240:
>>>>undefined
>>>>reference to `is_critical_alert'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:281:
>>>>undefined
>>>>reference to `clienthellos_are_identical'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:421:
>>>>undefined
>>>>reference to `is_critical_alert'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:431:
>>>>undefined
>>>>reference to `is_warning_alert'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
>>>>undefined
>>>>reference to `packet_contains_changecipherspec'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
>>>>undefined
>>>>reference to `packet_contains_changecipherspec'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:528:
>>>>undefined
>>>>reference to `is_critical_alert'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:538:
>>>>undefined
>>>>reference to `is_warning_alert'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302:
>>>>undefined
>>>>reference to `packet_contains_finished'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302:
>>>>undefined
>>>>reference to `packet_contains_userdata'
>>>>libwap.a(wtls.o): In function `exchange_keys':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:627: undefined 
>>>>reference
>>>>to
>>>>`wtls_decrypt_key'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:638: undefined 
>>>>reference
>>>>to
>>>>`wtls_get_rsapublickey'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:654: undefined 
>>>>reference
>>>>to
>>>>`wtls_calculate_prf'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:710: undefined 
>>>>reference
>>>>to
>>>>`wtls_hash'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:710: undefined 
>>>>reference
>>>>to
>>>>`wtls_calculate_prf'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:751: undefined 
>>>>reference
>>>>to
>>>>`wtls_hash'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:751: undefined 
>>>>reference
>>>>to
>>>>`wtls_calculate_prf'
>>>>libwap.a(wtls.o): In function `wtls_event_handle':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:132:
>>>>undefined
>>>>reference to `wtls_get_rsapublickey'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:493:
>>>>undefined
>>>>reference to `packet_is_application_data'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>>>>undefined
>>>>reference to `certificates_are_identical'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:292:
>>>>undefined
>>>>reference to `clienthellos_are_identical'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
>>>>undefined
>>>>reference to `packet_contains_finished'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
>>>>undefined
>>>>reference to `packet_contains_userdata'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
>>>>undefined
>>>>reference to `finishes_are_indentical'
>>>>libwap.a(wtls.o): In function `exchange_keys':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:684: undefined 
>>>>reference
>>>>to
>>>>`wtls_decrypt_pdu_list'
>>>>libwap.a(wtls.o): In function `wtls_event_handle':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>>>>undefined
>>>>reference to `clientkeyexchanges_are_identical'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>>>>undefined
>>>>reference to `certifcateverifys_are_identical'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>>>>undefined
>>>>reference to `changecipherspecs_are_identical'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>>>>undefined
>>>>reference to `finishes_are_indentical'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314:
>>>>undefined
>>>>reference to `packet_contains_finished'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314:
>>>>undefined
>>>>reference to `packet_contains_userdata'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
>>>>undefined
>>>>reference to `packet_contains_finished'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
>>>>undefined
>>>>reference to `packet_contains_userdata'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
>>>>undefined
>>>>reference to `finishes_are_indentical'
>>>>libwap.a(wtls_pdu.o): In function `wtls_pdu_dump':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1156: undefined
>>>>reference
>>>>to `pduName'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1159: undefined
>>>>reference
>>>>to `hsName'
>>>>libwap.a(wtls_pdu.o): In function `wtls_payload_dump':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1128: undefined
>>>>reference
>>>>to `pduName'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1134: undefined
>>>>reference
>>>>to `alertName'
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1131: undefined
>>>>reference
>>>>to `hsName'
>>>>libwap.a(wtls_pdu.o): In function `wtls_pdu_pack':
>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1106: undefined
>>>>reference
>>>>to `wtls_encrypt'
>>>>collect2: ld returned 1 exit status
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: devel-boun...@kannel.org [mailto:devel-boun...@kannel.org] On
>>>>Behalf
>>>>Of Rene Kluwen
>>>>Sent: Sunday, 12 September, 2010 14:35
>>>>To: 'Nikos Balkanas'; 'Alexander Malysh'
>>>>Cc: 'Kannel Devel'
>>>>Subject: RE: wtls branch merged
>>>>
>>>>I get:
>>>>
>>>>Configuring WTLS support ...
>>>>checking for WTLS library... openssl
>>>>checking for RSA_new in -lcrypto... yes
>>>>checking openssl/objects.h usability... yes
>>>>checking openssl/objects.h presence... yes
>>>>checking for openssl/objects.h... yes
>>>>checking openssl/rc5.h usability... no
>>>>checking openssl/rc5.h presence... no
>>>>checking for openssl/rc5.h... no
>>>>configure: WARNING: OpenSSL installation seems to lack RC5 algorithm!
>>>>
>>>>Is this bad?
>>>>
>>>>== Rene
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: devel-boun...@kannel.org [mailto:devel-boun...@kannel.org] On
>>>>Behalf
>>>>Of Nikos Balkanas
>>>>Sent: Sunday, 12 September, 2010 13:16
>>>>To: Alexander Malysh
>>>>Cc: Kannel Devel
>>>>Subject: Re: wtls branch merged
>>>>
>>>>Hi,
>>>>
>>>>Reporting from Solaris 10.5 amd64, 64bit compilation.
>>>>Configured --with-wtls=openssl
>>>>
>>>>1) Compilation: Clean. A couple of unrelated warnings fixed. 
>>>>Attaching
>>>>patch.
>>>>
>>>>2) Emulators used:
>>>>
>>>>a) Openwave SDK 6.2.2 wap: no problems (connection tested)
>>>>b) Nokia NMBS 4.0: no problems (connection & connectionless tested)
>>>>
>>>>Sites tested, following through links:
>>>>
>>>>http://wap.google.com
>>>>http://wap.yahoo.com
>>>>http://m.facebook
>>>>
>>>>Only facebook had a warning with nokia's emulator (b) about 
>>>>unsupported
>>>>content. This was not observed with Openwave (a) and in any case it 
>>>>is
>>>>related to wap, not wtls. The same happens in plain wtp 
>>>>communication.
>>>>
>>>>Overall a succesful merge.
>>>>
>>>>Thanks,
>>>>Nikos
>>>>----- Original Message -----
>>>>From: "Alexander Malysh" <amal...@kannel.org>
>>>>To: "Kannel Devel" <devel@kannel.org>
>>>>Cc: "Nikos Balkanas" <nbalka...@gmail.com>
>>>>Sent: Sunday, September 12, 2010 1:04 PM
>>>>Subject: wtls branch merged
>>>>
>>>>
>>>>>Hi together,
>>>>>
>>>>>just merged and commited wtls branch into trunk.
>>>>>Please check it and let me know if something went wrong.
>>>>>
>>>>>Thanks,
>>>>>Alexander Malysh
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
>
>



--
Kind regards,  Milan
--------------------------------------------------
Arvanta, IT Security        http://www.arvanta.net
Please do not send me e-mail containing HTML code.