2012-05-21

iOS SSL renegotiation issue

It seams that the iOS SDK has some issues with SSL renegotiations.
I have filed this bug report:


http://openradar.appspot.com/11495354
1 comments
Posted by Unknown at 17:56

2012-04-30

Few iOS Security API hints

Sharing a RSA public key

On the iOS you can generate a RSA key pair using the SecKeyGeneratePair function. However this function doesn't pack the public key into a complete PublicKeyInfo structure. It generates only the public key data annotated below:
So if you need to share the public key (e.g. with the backend) you would usually need to manually add the header. When doing this pay attention to properly adjust the lengths of the first SEQUENCE and the BIT_STRING.



Getting an identity reference for a certificate created in runtime

Let's say you have created your key pair, and shared the public key with the backend. And you have received a certificate containing your public key, which should be used as a client certificate for establishing a 2-way SSL:
  1. DO NOT add the certificate to the keychain by simply inserting it's bytes using the SecItemAdd function. If you do this, you would be able to access the certificate, even get a proper reference for it, but it want get associated  to your private key. So, you want be able to get a proper identity reference for establishing the SSL connection.
  2. You should first use the SecCertificateCreateWithData function, to create a proper certificate reference (SecCertificateRef), which then you provide to the SecItemAdd function, to insert the certificate.
  3. Now you should be able to query the keychain and get a valid SecIdentityRef instance. You can use the same filtering parameters (e.g. keychain item label) which you have used for your certificate.

0 comments
Posted by Unknown at 13:35

2011-07-06

http://0.mk/tc01

0 comments
Posted by Unknown at 21:39

SSCC - TLS / SSL

This blog covers it:
http://www.symantec.com/connect/articles/introduction-openssl-part-four-ssl-and-tls-protocols
0 comments
Posted by Unknown at 19:58

2011-02-03

iOS Simulator - testing over different connection types

I've been using trafic shaping for quite a long time to simulate slow or noisy connections, but finally made a script for that :)






#!/bin/sh




if [ "$#" -ne "3" ]



then



    echo "Usage:\n$0 <bandwidth in kpbs> <delay in ms> <packet loss ratio>";



    exit 1



fi  







BW=$1



DELAY=$2



PLR=$3







sudo ipfw pipe 1 config bw ${BW}Kbit/s delay $DELAY plr $PLR



sudo ipfw add 1 pipe 1 all from me to not me



sudo ipfw add 2 pipe 1 all from not me to me








echo "RETURN to stop connection noise"



read



sudo ipfw delete 1



sudo ipfw delete 2



exit 0
The script will simply add a pipe to your firewall with the bandwidth, delay and packet loss you specify and redirect all of your Mac's trafic over that pipe. It than waits for RETURN to delete the rule and get your trafic to normal.

Here is a table with some usefull parameters taken from :
ScenarioBw (Kbit)delay (ms)pr (ratio)
2.5G mobile (GPRS)502000.2
3G mobile10002000.2
VSAT50005000.2
Busy LAN on VSAT3005000.4

For more bandwidth info check:
2 comments
Posted by Unknown at 16:50
Subscribe to: Posts (Atom)