|
NAMEZebedee a simple, free, secure TCP and UDP tunnel program
SYNOPSIS
DESCRIPTIONZebedee is a simple program to establish an encrypted, compressed tunnel for TCP/IP or UDP traffic between two systems. This allows data from, for example, telnet, ftp and X sessions to be protected from snooping. You can also use compression, either with or without data encryption, to gain performance over low-bandwidth networks. The main goals for Zebedee are to:
Of course, Zebedee is by no means the first, or only secure tunnel program available. It does not pretend to compete with the likes of ssh or SSL in terms of breadth of function but if you want something quick, simple and completely free then it may be the tool for you. This document describes the features of Zebedee as at release 2.1.0.
Whats in a name?In case you were wondering, or even if you werent, Zebedee is named after its three main components:
So now you know!
Basic UsageTo set up a secure connection between your local machine and a remote host you need first to run Zebedee in server mode on the remote system. The easiest way to do this is to run Zebedee with the -s option. Like this: zebedee -s If all goes well (and it should!) Zebedee will detach from the terminal (or console window under Windows) and run in the background. It will then be listening for incoming requests from clients. On your local machine you then run Zebedee in client mode. You need to
specify the name of the remote machine and the name of the service or number
of the port to which the tunnel should be established we will call this
the target port. If the remote machine is called zebedee remhost:telnet In fact, if you dont specify a service or port the default is telnet so zebedee remhost would do just as well in this instance. When you run this command it will
print out a message telling you the port number which is the local end of the
tunnel. Zebedee will then detach from the terminal and run in the
background waiting for you to connect to the local port. If, for example, the
port number it printed out was 1234 then to connect to telnet localhost 1234 By default, Zebedee will continue to listen for connections and tunnel them, handling multiple simultaneous connections if necessary, until you terminate the process. Sometimes you will want to start Zebedee and then run a command that connects to the port straight away. You can do this in a single invocation of Zebedee as follows: zebedee -e "telnet localhost %d" remhost The You may want or need to control the local port number that the client uses. This is necessary if the command whose connection you are trying to protect expects to connect only to a specific port. In this case you can also specify the local port number by invoking Zebedee as follows: zebedee clientport:hostname:targetport So, for example, the command: zebedee 8000:webhost:80 will allow you to secure all HTTP connections to webhost if accessed via port 8000 on the client system. See EXAMPLES for more details. You can also use a single Zebedee client to handle multiple simultaneous tunnels to different target ports on the same remote host. In this case the client and target port specifications are lists of ports. For example: zebedee 9001,9002,9003:somehost:daytime,telnet,ftp This will tunnel traffic on the clientport 9001 to the daytime port on the remote target system, traffic on 9002 to the telnet port and traffic on 9003 to the ftp port. This combination of client listening ports, target host and destination ports is called a tunnel speciification. See the tunnel keyword for more details.
UDP TunnellingOriginally Zebedee was designed only to be able to handle TCP/IP traffic. As of version 2.0.0 it can also handle connectionless UDP data. To enable this start Zebedee with the -u option (or use the udpmode keyword). For example: zebedee -s -u on the server host and zebedee -u 10000:somehost:echo on the client. Note that a single client or server can only handle TCP or UDP data, not both. If you need to tunnel both types of data you must run two separate instances. It is safe run both a TCP-mode and a UDP-mode server on the same system because they use different ports. The tunnel between Zebedee clients and servers still uses a TCP/IP connection even in UDP-mode. This connection is timed out after a certain period of inactivity. It must be re-established if more data arrives. For this reason the performance in UDP mode may appear poor, depending on the nature of the application using it. You should note that there is also a limit on the size of UDP datagrams that can be handled. For further details see the maxbufsize, udpmode and udptimeout keywords.
Some TerminologyUsually there will only be two systems involved when you set up a tunnel using Zebedee. You will run a client on one and communicate with it via connections to local ports. On the other you will run a server which will speak to services local to that machine. However, there can be up to four different systems involved, as shown below: [source] <===> [client] <=====> [server] <===> [target] | | | +- insecure | + insecure connection | connection +- secure tunnel The Zebedee client runs on the client system and the server runs on the server host. The inital connection that causes a tunnel to be established between client and server originates from the source machine. This could be a different system than where the Zebedee client is running, although it is usually the same. The server will ultimately communicate with the target system. Again, this is usually the local machine but does not have to be. Most of the time you will not have to be concerned with the distinction between source and client and server and target. The terminology is, however, reflected in a number of the keywords described in the following section so you should bear it in mind when reading their descriptions. In addition to the different systems involved in Zebedee tunnel there are also several different types of keys used to secure connection. The client and server generate or are provided with private key values. These are used to calculate public values which are exchanged and used to derive a shared secret key using the Diffie-Hellman key agreement mechanism. From this shared key a unique session key is derived to secure an individual connections between client and server.
Multiple DestinationsPrior to version 2.1.0 a single Zebedee client/server pair could only handle tunnels to a single target system. It is now possible, however, to direct tunnels to multiple targets. When a server is started it can be given a list of valid targets either on the command-line or by using the target keyword. Each target is a host name optionally followed by a list of ports to which connections may be made. Consider the following command run on a machine called serverhost: zebedee -s target1:daytime,telnet target2:telnet target3 the server will allow connections to the daytime and telnet ports on target1, the telnet port on target2 and any port on target3. Given this server invocation, a client may be started as follows: zebedee serverhost 10000:target1:telnet 20000:target3:telnet This will connect to the Zebedee server on serverhost and use it to establish tunnels to the telnet port on target1 via the client port 10000 and tunnels to the telnet port on target3 via 20000. Note that the name of the host on which the server is running is given as the first parameter. If the server name is omitted it is determined from the first tunnel specification. So if the server had been running on target3 then the above command could have been given as: zebedee 20000:target3:telnet 10000:target1:telnet In fact, a server also maintains a notion of a default target. This is the host name of the last target specified. In the example above the default target becomes target3. This is the target used when the server and target names specified by the client are the same. Be careful of this because you may get results that you not expect. For example, if the server was started as: zebedee -s target2:telnet target3 target1:daytime,telnet then the previous client invocation would result in connections to port 20000 being tunnelled to target1 and not target3. This is because when the server and target specified by the client are the same then the traffic goes to the servers default target. To avoid confusion, if you want to include the server host in a list of multiple destinations then always name it last. Note that as well as a default target host it is also possible to specify a list of default target ports where none are otherwise given. See the redirect keyword for more details. As with the target keyword for the server, the equivalent of the command-line parameter for the client is the tunnel keyword (and serverhost in order to specify the server host explictly).
Server-Initiated ConnectionsIn normal use a Zebedee client inititates connections to the server when a connection has been made to it from a source system. Sometimes, for example when using Zebedee through a restrictive firewall, it may be necessary for the server to initiate the connection back to the client to operate in reverse. For details on how to do this see the clienthost and listenmode keywords.
Configuration FileThe behaviour of Zebedee is probably best controlled through the use of a configuration file. A configuration file can be specified using the -f command-line option. The file is read at the point at which the option is encountered so later command-line options may override the contents of the file. Lines are of the form: keyword value # optional comment The keyword is a single, case-insensitive word. The value is either a single
word or a string. Strings are enclosed either in double quotes ( Blank lines and lines beginning with a server false # This comment continues on the next line \ server true will leave the value of server as false. The keywords and their meanings are as described below. There is a brief description of all the keywords in the Quick-Reference Summary section. Some, but not all, keywords have equivalent command-line options. These are shown where available. There are also a few command-line options that have no equivalent in the configuration file. These are described at the end of this section. If a keyword is described as being a boolean then its value must be one of the words true or false. Several keywords require a list of ports to be specfied. Where this the case
the value is string that consists of a comma or white-space delimited list of
port names, numbers or numeric ranges. For example A number of the keywords are either only applicable to clients or only applicable to servers. The same Zebedee program runs as either client or server and will silently ignore inappropriate options for the current type of usage. The choice of client or server behaviour is controlled by the server keyword:
Client-Only KeywordsThe following keywords apply only to Zebedee clients:
Server-Only KeywordsThe following keywords apply only when running as a server:
Compression and Encryption KeywordsThe following keywords control the compression and encryption of data passing through the tunnel. They apply to both clients and servers:
Miscellaneous KeywordsThe following keywords apply equally to clients and servers:
Obsolete KeywordsAs Zebedee has evolved over time some of the keywords have been changed to reflect this. In a few cases keywords have been superseded and made obsolete. These obsolete keywords are still recognised in order to retain backwards compatibility with old configuration files but they should not be used in new ones.
Other OptionsThere are a few command-line options that have no equivalent in the configuration file. These are described below.
Quick-Reference SummaryThe following table lists the recognised keywords, their argument types, command-line equivalents, validity for client, server or both and a brief description. checkidfile filename CS Checks peer identities against the clienthost hostname -c S Server initiates connection to client host command string -e C Specified command to run connected to tunnel compression level -z CS Requested maximum compression level connecttimeout seconds CS Timeout for connections to be accepted debug boolean CS Run in single-threaded "debug" mode detached boolean -d CS Detach from the terminal/console generator string CS Hexadecimal Diffie-Hellman generator value include filename -f CS Read in the named configuration file keygencommand string CS Command to run to generate key keygenlevel level CS Key generation strength level (0 to 2) keylength bits CS Requested maximum keylength in bits keylifetime seconds CS Lifetime of shared secret keys listenmode boolean -l C Client listens for server connections localsource boolean C Only accepts connections from local machine logfile filename -o CS Set the output log file maxbufsize bytes CS Specify buffer size for data reads message string CS Output the specified string minkeylength bits CS Acceptable minimum keylength in bits modulus string CS Hexadecimal Diffie-Hellman modulus value multiuse boolean -m C Handle multiple connections name string CS Specify the name of the program privatekey string CS Hexadecimal private key string redirect ports -r S Ports to which server will redirect traffic server boolean -s CS Selects server-mode or client-mode serverhost hostname C Name of server host to which to connect serverport port -T CS Set the port on which the server listens target spec S Specifies allowed target host and ports timestamplog boolean -t CS Add timestamps to the log file tunnel spec C Specifies client ports and matching targets udpmode boolean -u CS Handle UDP traffic udptimeout seconds CS Inactivity timeout for UDP tunnels verbosity level -v CS Set the message logging level Other options that have no keyword equivalents: -p Generate a private key -P Generate a public "identity" -h file ... Hash file contents and print results -H string ... Hash string arguments and print results -Sinstall=file Install Windows service with specified configuration file -Sremove Remove Windows service -x string Parse option string
Identity CheckingBy default Zebedee just establishes an encrypted channel between two points. While you know that the data is protected from snooping on the wire there is no guarantee that the channel ends up where you think it does. It is open to man-in-the-middle attacks. If you are concerned primarily with using data compression or protecting against casual network sniffing then you may be happy with this situation. If, however, you want more assurance that your connection is not being redirected then Zebedee provides some basic facilities for doing so. If the same modulus, generator and private key are used they will always generate the same public value for use in the Diffie-Hellman key exchange protocol. If you use a fixed private key (specified using the privatekey) keyword in a configuration file) then Zebedee can generate a key fingerprint by hashing together the modulus, generator and public key value. This is done using the -P option, for example, if the file server.key contains the following value: privatekey "1e34d6769502bae1087c18d2e8c8776e4a17ddaf" then the command $ zebedee -P -f server.key > server.id will generate output something like this: 135f04050961d37553731250d5c6f7495f088b32 myhostname The initial string of hexadecimal digits is the fingerprint. Anything else on the line is a comment describing the owner of the identity. By default it is the name of the host on which the identity string was generated. If the checkidfile keyword is specified in a configuration file then its value is the name of a file containing fingerprint lines. If the identity of the system at the other end of the connection does not match any of those in the file then the connection will be closed.
Notes on Other Security Issues
TROUBLESHOOTINGAlthough Zebedee should work out of the box you might encounter some problems. These are most likely during connection setup once that has been accomplished the data transfer generally goes smoothly. The eaisest way to see what is happening during the setup process is to use the -v option. You will usually want to combine this with the -d and -D options to stop Zebedee from the terminal and to force it to handle only a single connection at a time. So, for example, you might use the following command to start up a server: zebedee -dD -v 3 -s Setting the logging level to 3 should show you the main exchanges during connection setup. If you believe there is a problem after this then levels 4 and 5 will show you what message traffic is being exchanged.
EXAMPLESIn the Zebedee distribution there are a number of example configuration files. The following sections describe how they can be used as well as how to use Zebedee to tunnel some specific protocols.
Example Server ConfigurationThere is an example server configuration file (server.zbd) shipped with the Zebedee distribution. This shows most of the common options. # # Sample Zebedee server configuration file # # This shows the use of many, but not all, of the configuration file # options available for use by a server. # verbosity 2 # Slightly more than basic messages server true # Yes, its a server! detached true # Run detached from terminal udpmode false # Are we operating in UDP mode? # Uncomment the following line to log messages to a file # # logfile ./server.log # # Or to log to the system logging facility uncomment this: # # logfile SYSLOG # Uncomment the following line if you want to use a fixed private # key stored in a static file. The file should contain a line of # the form "privatekey hexadecimal-key-string" # # include ./server.key keygenlevel 2 # Generate maximum strength private keys # To validate the identity of clients uncomment the following # line: # # checkidfile ./clients.id # Set up allowed redirection ports. # These should be pretty safe -- but its not a good idea # to open up all ports. redirect "telnet ftp" # Basic services redirect 5900-5999 # VNC traffic redirect 6000-6010 # X Window System redirect "daytime chargen" # Ports useful for testing targethost localhost # Redirection is to the local machine compression zlib:9 # Allow maximum zlib compression keylength 256 # Allow keys up to 256 bits keylifetime 36000 # Shared keys last 10 hours maxbufsize 16383 # Allow maximum possible buffer size To test the identity checking facilities you can uncomment the checkidfile line and then use one of the supplied client1.key or client2.key files on the client side.
Use with VNCOne of the reasons behind writing Zebedee was to use it over dial-up lines with VNC. VNC is a free system to provide remote display capabilities using a remote frame-buffer concept. You can use it to display Windows desktops remotely or, with an Xvnc server to access an X desktop from any VNC client machine, or even a Java-enabled browser! See http://www.uk.research.att.com/vnc/ for more details. The supplied sample server configuration file server.zbd is configured to allow redirection of ports 5900-5999 which will allow tunnelling of VNC sessions. This file can be used on both UNIX and Windows but note that on Windows you must set the AllowLoopback flag in the registry in order for tunnelling to work. Saving the following snippet (without any leading spaces) in file a and then importing it into regedit will do the trick: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3] "AllowLoopback"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default] "AllowLoopback"=dword:00000001 You will find a file with these contents in the Zebedee distribution by the name vncloopback.reg. Having set these registry entries then the file vncviewer.zbd can be used to invoke a VNC viewer tunnelled to the host named on the command line. Here are the contents of the file vncviewer.zbd: # # Zebedee configuration file to start up a tunnelled VNC session # # Usage: zebedee -f vncviewer.zbd remote-host:vnc-port # verbosity 1 # Basic messages only server false # Its a client detached true # Detach from terminal message "Starting VNC viewer" # On Windows systems you might use the following: command "c:\Program Files\ORL\VNC\vncviewer.exe" localhost:%d # On UNIX systems you might use the following: # command vncviewer localhost:%d compression 6 # Request normal Zlib compression So using this file as follows: zebedee -f vncviewer.zbd somehost:5901 will start a VNC viewer tunnelled to the VNC server on somehost port 5901 (the server you would usually refer to in VNC-parlance as somehost:1). VNC also supports a Java viewer. If the server is running on port 59xx then the viewer can be downloaded via port 58xx. However, it appears that the Java viewer communicates the main VNC port number to the client. So, to tunnel traffic when using the Java viewer you must make sure that the local and remote ports use the same numbers. So, for example, to tunnel traffic to a VNC server using port 5901 you should do something like: zebedee 5801,5901:remotehost:5801,5901 This will be problematic if you already have a VNC server running locally on port 5901, but you can usually arrange local and remote VNC servers so that there is no clash. There is one last point worth mentioning. If you are using compression with VNC it is worth experimenting a bit with the VNC protocol encoding. I have found that raw encoding often compresses best and sometimes gives better performance with Zebedee over slow links. But, as they say, your mileage may vary!
Use with the X Window SystemThe X Window System uses ports in the range 6000 onwards. Lets assume that your local machine called xlocal is running an X server on port 6000. This would be the port normally used by the display known as xlocal:0. You now want to send a secure xterm session back to your local display from a machine called xremote. To do this you might run the following command on xlocal: zebedee -r 6000 -s Then on xremote you could run: zebedee 6001:xlocal:6000 This means that if the DISPLAY environment variable on xremote is set to
xterm -display localhost:1 Note that in order for this to work correctly you must also add an entry for localhost to the access control list for the X server on xlocal. You can do this by running the following command on xlocal: xhost +localhost
Securing HTTP trafficZebedee can be used to secure or just compress all traffic to and from a Web server. So, for example, if a Web server is running on the machine webhost on port 80 and it is also running a Zebedee server then the command: zebedee 8000:webhost:80 will set up a tunnel via port 8000 on the client host. Now any URLs that previously were addressed via webhost, for example: http://webhost/private/index.html can now be accessed securely as follows: http://localhost:8000/private/index.html You could redirect all HTTP traffic via the secure tunnel by setting
Securing FTP trafficIt is possible to protect the FTP control connection (over which the username and password are sent) for many FTP servers using Zebedee out of the box by following the instructions below. It is also possible to protect the control connection for other servers and even passive-mode data connections by using Zebedee in conjunction with the ftpgw.tcl script in the Zebedee distribution. The simplest approach, which works with some FTP servers, is to run the Zebedee server as follows: zebedee -s -r ftp ftpserverhost Note that even if you are running Zebedee on the same machine as the FTP server you should explictly name it on the command line (or using the redirecthost keyword). Do not refer to it as localhost. On the client system you could then run Zebedee as follows to set up a tunnel via port 10000: zebedee 10000:ftpserverhost:ftp To connect to the FTP server you would then use a command like: ftp clienthost 10000 Again, use the local client host name not, localhost. If your FTP client
does not support specifying the port on the command line, as is the case with
the standard Windows FTP client program, you may be able to use the command
zebedee ftp:ftpserverhost:ftp and then just invoking the FTP client program as: ftp clienthost The approach just described will work for FTP servers that do not check that the FTP control and data connections appear to come from the same source. However, some servers such as the widely-used wu-ftpd are more strict about this for good security reasons. If you can apparently establish a connection to the server but directory listing and file retrievals fail or hang then it is likely that your server is one of the strict ones. To help overcome this problem there is an FTP gateway script in the Zebedee distribution called ftpgw.tcl. This is a program, written using the freely-available Tcl scripting language (see http://www.scriptics.com) that intercepts FTP requests and re-writes them so that a server is shielded from the presence of Zebedee. You should run this on the same system as the Zebedee server. Assuming that the FTP server is also running on the same system you can just run this as: tclsh ftpgw.tcl This will start the gateway listening on port 2121. Obviously, in real usage you will probably want to start this in the background. You then start the Zebedee server as: zebedee -s -r 2121 Note that in this case you do not have to specify the local host name, although you may do so if you wish. On the client side you can now run: zebedee 2121:ftpserverhost:2121 followed by: ftp clienthost 2121 You must still, however, use the client host name here. This configuration will allow you to tunnel the FTP control connection but will not affect any data connections. Using ftpgw.tcl it is, however, also possible to secure the data channels provided that your FTP client can operate in passive mode. Examples of clients that can do this are Netscape Navigator and the Windows program WS_FTP. To secure passive-mode data connections you must choose a range of ports on the server that will be used for data connections. In this example we will use 30000 to 30100. You then start ftpgw.tcl with the -p option to specify this port range: tclsh ftpgw.tcl -p 30000-30100 The Zebedee server would then be started as: zebedee -s -r 2121,30000-30100 and the client as zebedee 2121,30000-30100:ftpserverhost:2121,30000-30100 To access the server with both control and data connections secured using Netscape you would then supply a URL of the form: ftp://username@clienthost:2121/ where username is your user-name on the FTP server host.
CREDITS AND LEGALITIESThe following information can also be found in the file LICENCE.txt in the Zebedee distribution. Copyright (c) 1999, 2000, 2001 by Neil Winton. All Rights Reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. A copy of the GNU General Public License can be found in the file GPL2.txt. You may obtain the latest copy of Zebedee, including full source code from http://www.winton.org.uk/zebedee/ and other enquiries about Zebedee can be e-mailed to the author at zebedee@winton.org.uk Zebedee would not have been possible without the use of a large amount of freely-available software to do all the really hard stuff. I gratefully acknowledge the contributions made by the authors of the following software packages. Zebedee uses the Blowfish encryption algorithm devised by Bruce Schneier. For more information on Blowfish see http://www.counterpane.com/blowfish.html . The implementation used is by Eric Young and is covered by the following copyright: Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) All rights reserved. This package is an Blowfish implementation written by Eric Young (eay@mincom.oz.au). This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution. Copyright remains Eric Youngs, and as such any Copyright notices in the code are not to be removed. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Eric Young (eay@mincom.oz.au) THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The license and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distrubution license [including the GNU Public License.] The reason behind this being stated in this direct manner is past experience in code simply being copied and the attribution removed from it and then being distributed as part of other packages. This implementation was a non-trivial and unpaid effort. Zebedee uses the zlib compression library by Jean-loup Gailly and Mark Adler. It is covered by the following copyright notice: (C) 1995-1998 Jean-loup Gailly and Mark Adler This software is provided as-is, without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Jean-loup Gailly Mark Adler jloup@gzip.org madler@alumni.caltech.edu Zebedee may use the bzip2 compression library by Julian Seward which is covered by the following licence: This program, "bzip2" and associated library "libbzip2", are copyright (C) 1996-1999 Julian R Seward. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 3. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 4. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Julian Seward, Cambridge, UK. jseward@acm.org bzip2/libbzip2 version 0.9.5 of 24 May 1999 By default Zebedee is built using an aribtrary precision integer arithmetic
library derived from the sources to huge-number.c: arbitrary precision integer library from Python sources This has nothing to do with cryptography. Copyright (C) 1998 Paul Sheer This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. This file was taken from the Python source for `long type integers. I have changed it to compile independently of the Python source, and added the optimisation that GNU C can use 31 bit digits instead of Pythons 15 bit. You can download the original from www.python.org. This file bears little resemblance to the original though - paul Copyright 1991-1995 by Stichting Mathematisch Centrum, Amsterdam, The Netherlands. All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the names of Stichting Mathematisch Centrum or CWI or Corporation for National Research Initiatives or CNRI not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. While CWI is the initial source for this software, a modified version is made available by the Corporation for National Research Initiatives (CNRI) at the Internet address ftp://ftp.python.org. STICHTING MATHEMATISCH CENTRUM AND CNRI DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL STICHTING MATHEMATISCH CENTRUM OR CNRI BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Zebedee uses the Secure Hash Algorith (SHA) the code for which was derived from Uwe Hollerbachs SHA module for perl. The code contains the following statement: NIST Secure Hash Algorithm heavily modified by Uwe Hollerbach <uh@alumni.caltech edu> from Peter C. Gutmanns implementation as found in Applied Cryptography by Bruce Schneier This code is in the public domain Under Windows, Zebedee uses an implementation of the getopt function covered by the following copyright: Copyright (c) 1987, 1993, 1994 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
ThanksSpecial thanks go to those people who have taken the trouble to give me feedback and suggestions for improvement! $Id: zebedee.pod,v 1.1.1.1 2001/04/12 18:07:40 ndwinton Exp $ |