|

»

»

Patch: wtls provision

View: New views

5 Messages — Rating Filter: Alert me

	Patch: wtls provision by Nikos Balkanas :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Dear friends, This is a long overdue contribution to kannel's wap. It will provide wtls functionality. It has been thoroughly tested in Solaris, and compiles cleanly in Linux. I used indent to format the structure, so a lot of the differences will be formatting. Nevertheless, there is a lot of code in there that needed to make it work. Let me know if the cvs diff is the best way to submit it, or whether a tarball of the sources would be better. I've have had some issues with cvs diff in the past, so if you get any compilation warnings, I may have to go with a tarball. In particular it will provide: A) Supported MACs: SHA_0, SHA_40, SHA_80, SHA_NOLIMIT, MD5_40, MD5_80, MD5_NOLIMIT MIA's: SHA_XOR_40 B) Supported Ciphers: RC5_CBC_40, RC5_CBC_56, RC5_CBC, DES_CBC, DES_CBC_40 MIA's: NULL_bulk, TRIPLE_DES_CBC_EDE, IDEA_CBC_40, IDEA_CBC_56, IDEA_CBC C) Supported Keys: RSA_anon MIA's: RSA_anon_512, RSA_anon_768, RSA_NOLIMIT, RSA_512, RSA_768, ECDH_anon, ECDH_anon_113, ECDH_anon_131, ECDH_ECDSA_NOLIMIT Keys might seem a shortcoming, but I have yet to see a mobile that doesn't support RSA_anon. I do expect that a few of the rest of the keys are supported as well (i.e. RSA_anon_512, RSA_anon_768) just didn't have the chance to test them. Please vote and decide, Nikos kannel.diff.gz (76K) Download Attachment
	Re: Patch: wtls provision by Nikos Balkanas :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hi, I forgot to mention that, pretty much all wtls states are supported except 2: 1) Suspend/resume wtls session 2) Cipher change when already connected Again, I have not come across these states when testing with a variety of mobiles. In practice (2) is implemented through another client hello while already connected to the same client. BR, Nikos ----- Original Message ----- From: nbalkanas@... To: devel@... Sent: Monday, November 02, 2009 4:56 PM Subject: Patch: wtls provision Dear friends, This is a long overdue contribution to kannel's wap. It will provide wtls functionality. It has been thoroughly tested in Solaris, and compiles cleanly in Linux. I used indent to format the structure, so a lot of the differences will be formatting. Nevertheless, there is a lot of code in there that needed to make it work. Let me know if the cvs diff is the best way to submit it, or whether a tarball of the sources would be better. I've have had some issues with cvs diff in the past, so if you get any compilation warnings, I may have to go with a tarball. In particular it will provide: A) Supported MACs: SHA_0, SHA_40, SHA_80, SHA_NOLIMIT, MD5_40, MD5_80, MD5_NOLIMIT MIA's: SHA_XOR_40 B) Supported Ciphers: RC5_CBC_40, RC5_CBC_56, RC5_CBC, DES_CBC, DES_CBC_40 MIA's: NULL_bulk, TRIPLE_DES_CBC_EDE, IDEA_CBC_40, IDEA_CBC_56, IDEA_CBC C) Supported Keys: RSA_anon MIA's: RSA_anon_512, RSA_anon_768, RSA_NOLIMIT, RSA_512, RSA_768, ECDH_anon, ECDH_anon_113, ECDH_anon_131, ECDH_ECDSA_NOLIMIT Keys might seem a shortcoming, but I have yet to see a mobile that doesn't support RSA_anon. I do expect that a few of the rest of the keys are supported as well (i.e. RSA_anon_512, RSA_anon_768) just didn't have the chance to test them. Please vote and decide, Nikos
	Re: Patch: wtls provision by Stipe Tolj :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Nikos Balkanas schrieb: > Dear friends, > > This is a long overdue contribution to kannel's wap. It will provide > wtls functionality. It has been thoroughly tested in Solaris, and > compiles cleanly in Linux. > > I used indent to format the structure, so a lot of the differences will > be formatting. Nevertheless, there is a lot of code in there that needed > to make it work. Let me know if the cvs diff is the best way to submit > it, or whether a tarball of the sources would be better. I've have had > some issues with cvs diff in the past, so if you get any compilation > warnings, I may have to go with a tarball. Hi Nikos, first of all, congratulations for the enormous work effort put into the WTLS layer here. We're overwhelmed, and grateful for such a contributer like you are. :) As promised, I gave it a quick shot to see how it works out. In fact I haven't reviewed the code much, bust had just a rudimentary glance over it. I rather tried it in real, against a Nokia Mobile Browser 4.0 Simulator (on top of Win32/XP). wapbox.9202.log contains the log for accessing port 9202 (connection-less secure mode), which bangs (PANICs) after some time. wapbox.9203.log contains the log for accessing port 9203 (connection-orientated secure mode), which seems to do something useful, but starts to loop at some point. In both cases, I don't get any clean page view of the WML deck, adressing http://m.google.de/. In 9203 mode, I get from the Nokia Diagnostic tool at least the following details presented: - WTLS session ID: 76220880 - Algorithms: Bulk Enc: RC5_CBC MAC: SHA1 Key Exchange: RSA_anon Compression: none - Key Size: Bulk Enc: 8 MAC: 20 Key Exchange: 30575 Compression: none - Certificates: none Hope this helps. Actually I would love to try it with a real phone (i.e. my old Nokia 7110), but I don't have it right now available. So if there are some more people out there to give Nikos a hand in debugging, please test with a real device. Stipe -- ------------------------------------------------------------------- Kölner Landstrasse 419 40589 Düsseldorf, NRW, Germany tolj.org system architecture Kannel Software Foundation (KSF) http://www.tolj.org/ http://www.kannel.org/ mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org ------------------------------------------------------------------- wapbox.9202.log.gz (7K) Download Attachment wapbox.9203.log.gz (27K) Download Attachment
	Re: Patch: wtls provision by Nikos Balkanas :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Dear Stipe, Thanks for taking the time to test it. Anybody reading this, hold testing for now. Let me explain: As mentioned, wtls has been thoroughly tested in Solaris, not by sending millions of requests, but by individual requests from real phones and simulators. It shouldn't have such issues! I am afraid that the patch did not come out right and will have to resubmit. The log entry from 9203: 2009-11-13 17:28:16 [17493] [9] DEBUG: You need to create wtls_pdulist_destroy! shows that at least ./wap/wap_events.c is not patched. I am not using it in the final code. My apologies, let me take another look at it over the weekend and resubmit on Monday. BR, Nikos ----- Original Message ----- From: "Stipe Tolj" <st@...> To: "Nikos Balkanas" <nbalkanas@...> Cc: <devel@...> Sent: Friday, November 13, 2009 3:37 PM Subject: Re: Patch: wtls provision > Nikos Balkanas schrieb: >> Dear friends, >> >> This is a long overdue contribution to kannel's wap. It will provide >> wtls functionality. It has been thoroughly tested in Solaris, and >> compiles cleanly in Linux. >> >> I used indent to format the structure, so a lot of the differences will >> be formatting. Nevertheless, there is a lot of code in there that needed >> to make it work. Let me know if the cvs diff is the best way to submit >> it, or whether a tarball of the sources would be better. I've have had >> some issues with cvs diff in the past, so if you get any compilation >> warnings, I may have to go with a tarball. > > Hi Nikos, > > first of all, congratulations for the enormous work effort put into the > WTLS > layer here. We're overwhelmed, and grateful for such a contributer like > you are. :) > > As promised, I gave it a quick shot to see how it works out. In fact I > haven't > reviewed the code much, bust had just a rudimentary glance over it. I > rather > tried it in real, against a Nokia Mobile Browser 4.0 Simulator (on top of > Win32/XP). > > wapbox.9202.log contains the log for accessing port 9202 (connection-less > secure > mode), which bangs (PANICs) after some time. > > wapbox.9203.log contains the log for accessing port 9203 > (connection-orientated > secure mode), which seems to do something useful, but starts to loop at > some point. > > In both cases, I don't get any clean page view of the WML deck, adressing > http://m.google.de/. > > In 9203 mode, I get from the Nokia Diagnostic tool at least the following > details presented: > > - WTLS session ID: 76220880 > - Algorithms: > Bulk Enc: RC5_CBC > MAC: SHA1 > Key Exchange: RSA_anon > Compression: none > - Key Size: > Bulk Enc: 8 > MAC: 20 > Key Exchange: 30575 > Compression: none > - Certificates: none > > Hope this helps. > > Actually I would love to try it with a real phone (i.e. my old Nokia > 7110), but > I don't have it right now available. So if there are some more people out > there > to give Nikos a hand in debugging, please test with a real device. > > Stipe > > -- > ------------------------------------------------------------------- > KΓ¶lner Landstrasse 419 > 40589 DΓΌsseldorf, NRW, Germany > > tolj.org system architecture Kannel Software Foundation (KSF) > http://www.tolj.org/ http://www.kannel.org/ > > mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org > ------------------------------------------------------------------- >
	Re: Patch: wtls provision by Nikos Balkanas :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Dear Stipe, The patch is back, fresh and new. Please take the time to play around. I tested it several times installing/uninstalling, so there should be no issues. It took a while, too, since i had to open ports in the firewall, etc. We have never tested it against the Nokia simulator, only against winwap, openwave (simulators) and various Nokia & Ericson mobiles. The patch was tested in Solaris with winwap. I am surprised last time you got a clean compilation. In the sources, one thing that I definitely intend to change is the interface with wapbox (initialization & dispatching). Enjoy, Nikos ----- Original Message ----- From: "Nikos Balkanas" <nbalkanas@...> To: "Stipe Tolj" <st@...> Cc: <devel@...> Sent: Friday, November 13, 2009 6:11 PM Subject: Re: Patch: wtls provision > Dear Stipe, > > Thanks for taking the time to test it. Anybody reading this, hold testing > for now. Let me explain: > > As mentioned, wtls has been thoroughly tested in Solaris, not by sending > millions of requests, but by individual requests from real phones and > simulators. It shouldn't have such issues! > > I am afraid that the patch did not come out right and will have to > resubmit. The log entry from 9203: > > 2009-11-13 17:28:16 [17493] [9] DEBUG: You need to create > wtls_pdulist_destroy! > > shows that at least ./wap/wap_events.c is not patched. I am not using it > in the final code. > > My apologies, let me take another look at it over the weekend and resubmit > on Monday. > > BR, > Nikos > > > ----- Original Message ----- > From: "Stipe Tolj" <st@...> > To: "Nikos Balkanas" <nbalkanas@...> > Cc: <devel@...> > Sent: Friday, November 13, 2009 3:37 PM > Subject: Re: Patch: wtls provision > > >> Nikos Balkanas schrieb: >>> Dear friends, >>> >>> This is a long overdue contribution to kannel's wap. It will provide >>> wtls functionality. It has been thoroughly tested in Solaris, and >>> compiles cleanly in Linux. >>> >>> I used indent to format the structure, so a lot of the differences will >>> be formatting. Nevertheless, there is a lot of code in there that needed >>> to make it work. Let me know if the cvs diff is the best way to submit >>> it, or whether a tarball of the sources would be better. I've have had >>> some issues with cvs diff in the past, so if you get any compilation >>> warnings, I may have to go with a tarball. >> >> Hi Nikos, >> >> first of all, congratulations for the enormous work effort put into the >> WTLS >> layer here. We're overwhelmed, and grateful for such a contributer like >> you are. :) >> >> As promised, I gave it a quick shot to see how it works out. In fact I >> haven't >> reviewed the code much, bust had just a rudimentary glance over it. I >> rather >> tried it in real, against a Nokia Mobile Browser 4.0 Simulator (on top of >> Win32/XP). >> >> wapbox.9202.log contains the log for accessing port 9202 (connection-less >> secure >> mode), which bangs (PANICs) after some time. >> >> wapbox.9203.log contains the log for accessing port 9203 >> (connection-orientated >> secure mode), which seems to do something useful, but starts to loop at >> some point. >> >> In both cases, I don't get any clean page view of the WML deck, adressing >> http://m.google.de/. >> >> In 9203 mode, I get from the Nokia Diagnostic tool at least the following >> details presented: >> >> - WTLS session ID: 76220880 >> - Algorithms: >> Bulk Enc: RC5_CBC >> MAC: SHA1 >> Key Exchange: RSA_anon >> Compression: none >> - Key Size: >> Bulk Enc: 8 >> MAC: 20 >> Key Exchange: 30575 >> Compression: none >> - Certificates: none >> >> Hope this helps. >> >> Actually I would love to try it with a real phone (i.e. my old Nokia >> 7110), but >> I don't have it right now available. So if there are some more people out >> there >> to give Nikos a hand in debugging, please test with a real device. >> >> Stipe >> >> -- >> ------------------------------------------------------------------- >> KΓ¶lner Landstrasse 419 >> 40589 DΓΌsseldorf, NRW, Germany >> >> tolj.org system architecture Kannel Software Foundation (KSF) >> http://www.tolj.org/ http://www.kannel.org/ >> >> mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org >> ------------------------------------------------------------------- >> > kannel.diff.gz (77K) Download Attachment