Commit 8ae53818 authored by powelld's avatar powelld

Adding sample demonstrator usage

parent f7d6fc57
Essential
- Fix bug that stops the last context being given r/w access
- Find some way of getting certificate details out of client and server to demonstrate that the details are passed through
Nice to have
- Ideally allow cert files to be supplied at command line or in config
-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIJALSFyHa6alS0MA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNDEyMjgyMjEz
MzBaFw0xNTAxMjcyMjEzMzBaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFf
P79u/Y0g+pUMxXuzUuF7L3Fo8pIyNigeaFNSIE9L86QOfJZEjuZE2tIdAbYzIAzE
JEOGRremcqA3kLQaT6H6qi9YacChJEVDQDnCf9tDzxFKrLDiFPnFLhGDrdXaxZJV
oSipmyz6iCCJV2FpHVcqofTWcmQJ5RavFJ78DA/B62B+Iy+q5n1DrIquZYMSqWpp
Em50dY+wz0uAHDjkCtudyN3aqIZEqaR/NoMXzbK7aaJoUhD1Mj4aHs/ei+JFx4iU
f3DW4zXJj9XfUa8G1DqcBl+qLqCuGUOnyW+GLutrk9axkUZCIpQNNfRvPQVxtCeF
tuh9ZuwpTJXdUZUnZ8MCAwEAAaNQME4wHQYDVR0OBBYEFLIcln/y41ddl1EBHY9S
J5efVl9BMB8GA1UdIwQYMBaAFLIcln/y41ddl1EBHY9SJ5efVl9BMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBADLIVXyUjIgg41HsuAzZXDQkGVXmhmmH
OeWmGzntfW98Ct73N7NrOa+3R7ZVuwUdwRQZQPb7MtshYlrILN/rpB25iWXAtzfS
1mLPqhbJtlauIFtEmV+/rGfgPrmKcAgAD3Zm0gvv9soSNwSp9jba29S6NNEkTz7S
4/u0rr9vt4J74N6ggtpgmVPnku5RWg9XhIAB2CXAOa7rgDb0+1HDz8LTFCc0bCcH
Dw9smQ5kkvWWFPi2Txk8xb9xXFMuuD8kSfxRhjOraSPx99B174l96xof0Yrcx3r8
aPv3qkfiVPU3gmgTYSerXgNGX1rNVWQs/b1RoSmnl6GdOCSKA3xSAUQ=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDHH/fTFwKTMHDaFXw6LvyDMhHcXwbN3dfI+RGMbBqrQmb7M0+M
vDsx5pVo/d0k4HzKnVuLe9mRUmxRWKrC6yk6R+ginrbvdPGEsP97bJxZdaxa4HvZ
eVVs7I20gYbY9oHCw9fdMluaPgLKn+QTQz+Bu+xXeXVxnkZikbXRI4l0UQIDAQAB
AoGALVj1amhKGNUmTjQoZ2O98+7aLHKjrQyBkO5P9cfExw3HQBvuWOGhJXsauZ9e
1oAdS1NMvtZEtRitPFVSBjPh3lGPcJcYrWWQ6Sc4wldAMLZEOM3e8IhQKFDMtJz0
bdw4YubZxbIZKY1/9u27HpMZ3ZXGIVziqSZ3mWyPEbDUbKUCQQD6ghyUVd+CMwlM
U6mJmjGlS6TfykgD5eUHdpbif724jrYzpj0yp8SAAegmsfeH8RIpd3jmV41d1lcT
UV5uYTujAkEAy318TB6sh1ApkupmQU2pQWnVt0kewZA/NCDZ6MPsa//cHuhbi7P6
ZxmyZn+u+0KfiVYYeyMjv3BFDfeGn5PPewJAKE6hLJj4oql1mItpnxNpY5BdUgjp
N39ZL688Leuh6j1EQeFAvZLTAknMQdWm33/BjVyE3oM94thnIFuaVyZcAwJAYmly
xqGDEQHcyVehUm3LsH4NxNGRFU28s2o72M2ANo8MFsqLE5pcPKZ52AZiStPishm4
Rz0sWbZjPyj5q41hpwJALbwQYxv9GVVY3hywyzK3t/6ToGmC/jvXYqu5pR+5Khs6
rCD+hZMKQU1AYA4l6n5CMhRYmYk+XdkdjZKUylgcmg==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICojCCAYoCAQIwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE0MTIyODIyMTM1N1oXDTE1MDEyNzIy
MTM1N1owWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNV
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHH/fTFwKTMHDaFXw6LvyDMhHc
XwbN3dfI+RGMbBqrQmb7M0+MvDsx5pVo/d0k4HzKnVuLe9mRUmxRWKrC6yk6R+gi
nrbvdPGEsP97bJxZdaxa4HvZeVVs7I20gYbY9oHCw9fdMluaPgLKn+QTQz+Bu+xX
eXVxnkZikbXRI4l0UQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBaCxFScRowAmHv
d3DF8BugvtWZFq+GS4/BWgH1pAIj6ED6HrFnxZKrs8t67zUI888An1nmxAFNPPST
6ys1VEW2z4xzZEh2EK/ZPiwkz9rWl9jjilypvIAeG4jnhk5OaaqE0X6J/Lx5rxWk
iQmEslthAz4aysUD9kmivr0Cyzz41ZaJR8oMdRnXx88Qeq4Y3dStIIDjPCRfwaYu
nA4G5P4fj1LY4vcjL5Y/Vw2bkn9gh4t0lx5LuCOh5RRyFYpygW2gyc7qSYI5v5dh
/rsDfRapHgbL5bvfO+qkky2lKfmvy0e0QV0CzStq6CALaa8EbMz8cPiyEfcqmgVg
45HRLZut
-----END CERTIFICATE-----
PKCS#3 DH Parameters: (1024 bit)
prime:
00:8c:26:29:59:c0:96:11:92:73:b7:7a:94:e0:4d:
f7:44:a1:93:91:20:1e:93:76:7f:05:89:d5:d0:45:
bd:69:bd:fa:f7:90:4a:12:ad:06:d1:89:80:dd:84:
e2:5c:5b:74:b0:6a:a0:e6:83:46:b4:27:0d:a4:db:
74:ac:a4:d5:58:6c:7b:12:43:24:7d:2b:71:92:be:
84:bf:9a:12:20:04:08:55:b3:bf:d9:1f:bb:26:cd:
ba:02:d4:9b:28:0f:24:d8:06:10:d0:50:9d:b6:5a:
97:fa:d8:60:c4:9a:d4:88:97:a5:db:f6:52:a3:66:
1c:3c:1c:66:13:d1:55:7b:63
generator: 5 (0x5)
-----BEGIN DH PARAMETERS-----
MIGHAoGBAIwmKVnAlhGSc7d6lOBN90Shk5EgHpN2fwWJ1dBFvWm9+veQShKtBtGJ
gN2E4lxbdLBqoOaDRrQnDaTbdKyk1VhsexJDJH0rcZK+hL+aEiAECFWzv9kfuybN
ugLUmygPJNgGENBQnbZal/rYYMSa1IiXpdv2UqNmHDwcZhPRVXtjAgEF
-----END DH PARAMETERS-----
{
"contexts" :
[
"Context A"
],
"middleboxes" :
[
{
"url" : "127.0.0.1:8423",
"readAccess": [0],
"writeAccess": [0]
}
],
"slicedData" : [
{
"slice" : 0,
"data" : "This is slice 0 data from the client, which the middlebox can see"
}
]
}
echo "Starting Middlebox"
../middlebox 8423 127.0.0.1:8423 simpleMiddlebox &
mboxpid=$(pidof ../mcmbox)
sleep .3
echo "Starting Server"
../server ./simpleEchoScript.sh &
serverpid=$(pidof ../mcserver)
sleep .3
echo "Starting Client"
../client simple_input.json
echo "Cleaning up"
kill $mboxpid
kill $serverpid
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDy8zc6Xe1UTbzGQODwgoubnnKlgBhuNna2h+xWo0FDTfwVdgkN
/J05YHKb7NuR2qp6WzOWRCmFvQsViYRoCalZvMgYxa7G0cylJqL4iUKu6QF/qzYP
yGHE1Jao+Zme/v/LQFL0WcIaYpld+FmTy05AKHaps/tvtOcBkgT9bMb3LQIDAQAB
AoGAUswe0051dpizsCEmR/FFoPiD+/FG4jC/jn+ORQyITmbCdZHvjgu8jXRYOtmj
DvclyGNSlnCOchy2LVXbgRVh2CBgkEoUbRQqzR/6+1L8pupul0TRoe8ptty/JPnz
uz6LDqbJUk6+lSX4DVhIYjUxHkPBX5wlsq/wMMQI8WIQcqECQQD+SJs/ynWpEHeK
DppqiOszzme60UgwGZ64lXg26HTctJqmR8uyVEzccS/mJNwikiNiqrZ9VVvQzJ/N
caGtSGL5AkEA9JcGeRqNduf4cVU1oC/y05FQLXO0r2eFBQAsbUU2/bFQAkoMfdXP
B9tTJXQVkh3sJDwfcE9HdkQGsIg/QPsO1QJANAPqLgxeMS07JrSCBdToN/q64U46
NAypmRyKMMEwVo1jLSx2kI4KAvXsVGmp1jCKqH4/QjgZxgZ1kfLynZ23EQJBAJXy
qMNB5gxJtmQ0qwWjn6jY42CaGOGYA1LHgnUTA92QAM8GepYCqEPW0Cib/EVyFr04
JsYBtHvqxHchcDX0NGkCQE3DjUPc/mQai62zoegMZ7m6Xi0t7M77amtXol4/yrVW
u67wvRq1Q0ylHFr1LKXSWhptCUQ4MgluecZHDW3uDmI=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICojCCAYoCAQEwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE0MTIyODIyMTM0MloXDTE1MDEyNzIy
MTM0MlowWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNV
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDy8zc6Xe1UTbzGQODwgoubnnKl
gBhuNna2h+xWo0FDTfwVdgkN/J05YHKb7NuR2qp6WzOWRCmFvQsViYRoCalZvMgY
xa7G0cylJqL4iUKu6QF/qzYPyGHE1Jao+Zme/v/LQFL0WcIaYpld+FmTy05AKHap
s/tvtOcBkgT9bMb3LQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB2a7xpBpKimr9P
h2Ow5oeEhcEEbY+qo3trVqjeLvzMmAvvt3f1wa8ApnwkjAIdhIhDTFhv/iCRpU1v
gGB6E/l+x95LLoicdvv2i7kJ/QPPjBrQ3zETNbL52oPo1ZWIs3LZtTJnEgchcC9z
zzSpNv3LIfzwEWeW22AI0xPA49JYyxRVpuJQEJWminP+h8jFe+ESKvoKTxcuMvLU
PcRYIojsjWPmoxEDWiVWKjVSikDybS6U1jsZ3RgI9zuXfg9U+xYOKj8capBi94iU
sI1LKWSoSBWiZE8vkI2/jgDC+0QcDFo3pQEMLc8z+7cNLE8sXjRrRijoZkBf8TSQ
v66L2tFL
-----END CERTIFICATE-----
Essential
- Fix modification of traffic by the middlebox (causes MAC integrity failure)
Nice to have
- Ideally allow cert files to be supplied at command line or in config
- Integrate into a proxy and simple web server (e.g. flask / cherrypy )
-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIJALSFyHa6alS0MA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNDEyMjgyMjEz
MzBaFw0xNTAxMjcyMjEzMzBaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFf
P79u/Y0g+pUMxXuzUuF7L3Fo8pIyNigeaFNSIE9L86QOfJZEjuZE2tIdAbYzIAzE
JEOGRremcqA3kLQaT6H6qi9YacChJEVDQDnCf9tDzxFKrLDiFPnFLhGDrdXaxZJV
oSipmyz6iCCJV2FpHVcqofTWcmQJ5RavFJ78DA/B62B+Iy+q5n1DrIquZYMSqWpp
Em50dY+wz0uAHDjkCtudyN3aqIZEqaR/NoMXzbK7aaJoUhD1Mj4aHs/ei+JFx4iU
f3DW4zXJj9XfUa8G1DqcBl+qLqCuGUOnyW+GLutrk9axkUZCIpQNNfRvPQVxtCeF
tuh9ZuwpTJXdUZUnZ8MCAwEAAaNQME4wHQYDVR0OBBYEFLIcln/y41ddl1EBHY9S
J5efVl9BMB8GA1UdIwQYMBaAFLIcln/y41ddl1EBHY9SJ5efVl9BMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBADLIVXyUjIgg41HsuAzZXDQkGVXmhmmH
OeWmGzntfW98Ct73N7NrOa+3R7ZVuwUdwRQZQPb7MtshYlrILN/rpB25iWXAtzfS
1mLPqhbJtlauIFtEmV+/rGfgPrmKcAgAD3Zm0gvv9soSNwSp9jba29S6NNEkTz7S
4/u0rr9vt4J74N6ggtpgmVPnku5RWg9XhIAB2CXAOa7rgDb0+1HDz8LTFCc0bCcH
Dw9smQ5kkvWWFPi2Txk8xb9xXFMuuD8kSfxRhjOraSPx99B174l96xof0Yrcx3r8
aPv3qkfiVPU3gmgTYSerXgNGX1rNVWQs/b1RoSmnl6GdOCSKA3xSAUQ=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDHH/fTFwKTMHDaFXw6LvyDMhHcXwbN3dfI+RGMbBqrQmb7M0+M
vDsx5pVo/d0k4HzKnVuLe9mRUmxRWKrC6yk6R+ginrbvdPGEsP97bJxZdaxa4HvZ
eVVs7I20gYbY9oHCw9fdMluaPgLKn+QTQz+Bu+xXeXVxnkZikbXRI4l0UQIDAQAB
AoGALVj1amhKGNUmTjQoZ2O98+7aLHKjrQyBkO5P9cfExw3HQBvuWOGhJXsauZ9e
1oAdS1NMvtZEtRitPFVSBjPh3lGPcJcYrWWQ6Sc4wldAMLZEOM3e8IhQKFDMtJz0
bdw4YubZxbIZKY1/9u27HpMZ3ZXGIVziqSZ3mWyPEbDUbKUCQQD6ghyUVd+CMwlM
U6mJmjGlS6TfykgD5eUHdpbif724jrYzpj0yp8SAAegmsfeH8RIpd3jmV41d1lcT
UV5uYTujAkEAy318TB6sh1ApkupmQU2pQWnVt0kewZA/NCDZ6MPsa//cHuhbi7P6
ZxmyZn+u+0KfiVYYeyMjv3BFDfeGn5PPewJAKE6hLJj4oql1mItpnxNpY5BdUgjp
N39ZL688Leuh6j1EQeFAvZLTAknMQdWm33/BjVyE3oM94thnIFuaVyZcAwJAYmly
xqGDEQHcyVehUm3LsH4NxNGRFU28s2o72M2ANo8MFsqLE5pcPKZ52AZiStPishm4
Rz0sWbZjPyj5q41hpwJALbwQYxv9GVVY3hywyzK3t/6ToGmC/jvXYqu5pR+5Khs6
rCD+hZMKQU1AYA4l6n5CMhRYmYk+XdkdjZKUylgcmg==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICojCCAYoCAQIwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE0MTIyODIyMTM1N1oXDTE1MDEyNzIy
MTM1N1owWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNV
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHH/fTFwKTMHDaFXw6LvyDMhHc
XwbN3dfI+RGMbBqrQmb7M0+MvDsx5pVo/d0k4HzKnVuLe9mRUmxRWKrC6yk6R+gi
nrbvdPGEsP97bJxZdaxa4HvZeVVs7I20gYbY9oHCw9fdMluaPgLKn+QTQz+Bu+xX
eXVxnkZikbXRI4l0UQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBaCxFScRowAmHv
d3DF8BugvtWZFq+GS4/BWgH1pAIj6ED6HrFnxZKrs8t67zUI888An1nmxAFNPPST
6ys1VEW2z4xzZEh2EK/ZPiwkz9rWl9jjilypvIAeG4jnhk5OaaqE0X6J/Lx5rxWk
iQmEslthAz4aysUD9kmivr0Cyzz41ZaJR8oMdRnXx88Qeq4Y3dStIIDjPCRfwaYu
nA4G5P4fj1LY4vcjL5Y/Vw2bkn9gh4t0lx5LuCOh5RRyFYpygW2gyc7qSYI5v5dh
/rsDfRapHgbL5bvfO+qkky2lKfmvy0e0QV0CzStq6CALaa8EbMz8cPiyEfcqmgVg
45HRLZut
-----END CERTIFICATE-----
PKCS#3 DH Parameters: (1024 bit)
prime:
00:8c:26:29:59:c0:96:11:92:73:b7:7a:94:e0:4d:
f7:44:a1:93:91:20:1e:93:76:7f:05:89:d5:d0:45:
bd:69:bd:fa:f7:90:4a:12:ad:06:d1:89:80:dd:84:
e2:5c:5b:74:b0:6a:a0:e6:83:46:b4:27:0d:a4:db:
74:ac:a4:d5:58:6c:7b:12:43:24:7d:2b:71:92:be:
84:bf:9a:12:20:04:08:55:b3:bf:d9:1f:bb:26:cd:
ba:02:d4:9b:28:0f:24:d8:06:10:d0:50:9d:b6:5a:
97:fa:d8:60:c4:9a:d4:88:97:a5:db:f6:52:a3:66:
1c:3c:1c:66:13:d1:55:7b:63
generator: 5 (0x5)
-----BEGIN DH PARAMETERS-----
MIGHAoGBAIwmKVnAlhGSc7d6lOBN90Shk5EgHpN2fwWJ1dBFvWm9+veQShKtBtGJ
gN2E4lxbdLBqoOaDRrQnDaTbdKyk1VhsexJDJH0rcZK+hL+aEiAECFWzv9kfuybN
ugLUmygPJNgGENBQnbZal/rYYMSa1IiXpdv2UqNmHDwcZhPRVXtjAgEF
-----END DH PARAMETERS-----
{
"contexts" :
[
"Header",
"Content"
],
"middleboxes" :
[
{
"url" : "127.0.0.1:8423",
"readAccess": [0,1],
"writeAccess": [0,1]
}
],
"slicedData" : [
{
"slice" : 0,
"data" : "GET http://www.example.com/index.html HTTP/1.1\r\nUser-Agent: Mozilla/4.0\r\nHost:"
},
{
"slice" : 1,
"data" : "This is slice 1 data from the client, which the middlebox can see but not modify"
}
]
}
import sys
import json
import datetime
import re
infile = sys.argv[1]
def GetHeader(content, code):
return "HTTP/1.1 {0}\r\nDate:{1}\r\nServer:Fake Python Server\r\nContent-Length: {2}\r\nConnection: Closed\r\nContent-Type: text/html\r\n\r\n".format(code, datetime.datetime.now(), len(content));
def ReturnError (errorMessage, sliceA = 2, sliceB = 3):
return { "slices" : [
{
"slice" : sliceA,
"slicePurpose" : "Header",
"data" : GetHeader(errorMessage, "500 Internal Server Error")
},
{
"slice" : sliceB,
"slicePurpose" : "Content",
"data" : errorMessage
}
]}
with open(infile) as f:
request = json.loads(f.read())
inputSlices = request["slices"]
headerSlice = inputSlices[0]
contentSlice = inputSlices[1]
p = re.compile('GET (.*) HTTP\/1.1')
r = p.match(headerSlice["data"])
url = r.group(0)
responseContent = "<html><body><h1>Hello World</h1><p>Middlebox Hackathon Demo #2</p><p>You requested URL {0}</body></html>".format(url)
response = { "slices" : [
{
"slice" : headerSlice["slice"],
"slicePurpose" : headerSlice["slicePurpose"],
"data" : GetHeader(responseContent, "200 OK")
},
{
"slice" : contentSlice["slice"],
"slicePurpose" : contentSlice["slicePurpose"],
"data" : responseContent
}
]
}
print (json.dumps(response))
python processRequest.py $1
\ No newline at end of file
echo "Starting Middlebox"
../middlebox 8423 127.0.0.1:8423 webMiddlebox &
mboxpid=$(pidof ../mcmbox)
sleep .3
echo "Starting Server"
../server ./pythonHandlerScript.sh &
serverpid=$(pidof ../mcserver)
sleep .3
echo "Starting Client"
../client simple_input.json
echo "Cleaning up"
kill $mboxpid
kill $serverpid
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDy8zc6Xe1UTbzGQODwgoubnnKlgBhuNna2h+xWo0FDTfwVdgkN
/J05YHKb7NuR2qp6WzOWRCmFvQsViYRoCalZvMgYxa7G0cylJqL4iUKu6QF/qzYP
yGHE1Jao+Zme/v/LQFL0WcIaYpld+FmTy05AKHaps/tvtOcBkgT9bMb3LQIDAQAB
AoGAUswe0051dpizsCEmR/FFoPiD+/FG4jC/jn+ORQyITmbCdZHvjgu8jXRYOtmj
DvclyGNSlnCOchy2LVXbgRVh2CBgkEoUbRQqzR/6+1L8pupul0TRoe8ptty/JPnz
uz6LDqbJUk6+lSX4DVhIYjUxHkPBX5wlsq/wMMQI8WIQcqECQQD+SJs/ynWpEHeK
DppqiOszzme60UgwGZ64lXg26HTctJqmR8uyVEzccS/mJNwikiNiqrZ9VVvQzJ/N
caGtSGL5AkEA9JcGeRqNduf4cVU1oC/y05FQLXO0r2eFBQAsbUU2/bFQAkoMfdXP
B9tTJXQVkh3sJDwfcE9HdkQGsIg/QPsO1QJANAPqLgxeMS07JrSCBdToN/q64U46
NAypmRyKMMEwVo1jLSx2kI4KAvXsVGmp1jCKqH4/QjgZxgZ1kfLynZ23EQJBAJXy
qMNB5gxJtmQ0qwWjn6jY42CaGOGYA1LHgnUTA92QAM8GepYCqEPW0Cib/EVyFr04
JsYBtHvqxHchcDX0NGkCQE3DjUPc/mQai62zoegMZ7m6Xi0t7M77amtXol4/yrVW
u67wvRq1Q0ylHFr1LKXSWhptCUQ4MgluecZHDW3uDmI=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICojCCAYoCAQEwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE0MTIyODIyMTM0MloXDTE1MDEyNzIy
MTM0MlowWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNV
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDy8zc6Xe1UTbzGQODwgoubnnKl
gBhuNna2h+xWo0FDTfwVdgkN/J05YHKb7NuR2qp6WzOWRCmFvQsViYRoCalZvMgY
xa7G0cylJqL4iUKu6QF/qzYPyGHE1Jao+Zme/v/LQFL0WcIaYpld+FmTy05AKHap
s/tvtOcBkgT9bMb3LQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB2a7xpBpKimr9P
h2Ow5oeEhcEEbY+qo3trVqjeLvzMmAvvt3f1wa8ApnwkjAIdhIhDTFhv/iCRpU1v
gGB6E/l+x95LLoicdvv2i7kJ/QPPjBrQ3zETNbL52oPo1ZWIs3LZtTJnEgchcC9z
zzSpNv3LIfzwEWeW22AI0xPA49JYyxRVpuJQEJWminP+h8jFe+ESKvoKTxcuMvLU
PcRYIojsjWPmoxEDWiVWKjVSikDybS6U1jsZ3RgI9zuXfg9U+xYOKj8capBi94iU
sI1LKWSoSBWiZE8vkI2/jgDC+0QcDFo3pQEMLc8z+7cNLE8sXjRrRijoZkBf8TSQ
v66L2tFL
-----END CERTIFICATE-----
Essential
- Someone who understands the wire format can explain why the client-mbox capture contains additional data
- Fix the captures so they aren't corrupt (probably by terminating tcpdump properly)
- Find another way of "stepping out" of encryption other than asking the middlebox to modify a record?
or
- if we can't do that, fix the bug that prevents the middlebox from modifying stuff; keeping the message length constant results in MAC integrity fail warning, but transaction continues. Changing length results in fatal failure.
Nice to have
- Do the timing in a less monkey way than done here
- Think of a better or more powerful demonstration of this part of the story?
- Timings here show re-encrpytion is slower, but not by much. Difference in time could be dominated by calling script. Also could be diluted by the fact both are constantly writing to disk (have a "no-writing-to-disk" option in all three?)
-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIJALSFyHa6alS0MA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNDEyMjgyMjEz
MzBaFw0xNTAxMjcyMjEzMzBaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFf
P79u/Y0g+pUMxXuzUuF7L3Fo8pIyNigeaFNSIE9L86QOfJZEjuZE2tIdAbYzIAzE
JEOGRremcqA3kLQaT6H6qi9YacChJEVDQDnCf9tDzxFKrLDiFPnFLhGDrdXaxZJV
oSipmyz6iCCJV2FpHVcqofTWcmQJ5RavFJ78DA/B62B+Iy+q5n1DrIquZYMSqWpp
Em50dY+wz0uAHDjkCtudyN3aqIZEqaR/NoMXzbK7aaJoUhD1Mj4aHs/ei+JFx4iU
f3DW4zXJj9XfUa8G1DqcBl+qLqCuGUOnyW+GLutrk9axkUZCIpQNNfRvPQVxtCeF
tuh9ZuwpTJXdUZUnZ8MCAwEAAaNQME4wHQYDVR0OBBYEFLIcln/y41ddl1EBHY9S
J5efVl9BMB8GA1UdIwQYMBaAFLIcln/y41ddl1EBHY9SJ5efVl9BMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBADLIVXyUjIgg41HsuAzZXDQkGVXmhmmH
OeWmGzntfW98Ct73N7NrOa+3R7ZVuwUdwRQZQPb7MtshYlrILN/rpB25iWXAtzfS
1mLPqhbJtlauIFtEmV+/rGfgPrmKcAgAD3Zm0gvv9soSNwSp9jba29S6NNEkTz7S
4/u0rr9vt4J74N6ggtpgmVPnku5RWg9XhIAB2CXAOa7rgDb0+1HDz8LTFCc0bCcH
Dw9smQ5kkvWWFPi2Txk8xb9xXFMuuD8kSfxRhjOraSPx99B174l96xof0Yrcx3r8
aPv3qkfiVPU3gmgTYSerXgNGX1rNVWQs/b1RoSmnl6GdOCSKA3xSAUQ=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDHH/fTFwKTMHDaFXw6LvyDMhHcXwbN3dfI+RGMbBqrQmb7M0+M
vDsx5pVo/d0k4HzKnVuLe9mRUmxRWKrC6yk6R+ginrbvdPGEsP97bJxZdaxa4HvZ
eVVs7I20gYbY9oHCw9fdMluaPgLKn+QTQz+Bu+xXeXVxnkZikbXRI4l0UQIDAQAB
AoGALVj1amhKGNUmTjQoZ2O98+7aLHKjrQyBkO5P9cfExw3HQBvuWOGhJXsauZ9e
1oAdS1NMvtZEtRitPFVSBjPh3lGPcJcYrWWQ6Sc4wldAMLZEOM3e8IhQKFDMtJz0
bdw4YubZxbIZKY1/9u27HpMZ3ZXGIVziqSZ3mWyPEbDUbKUCQQD6ghyUVd+CMwlM
U6mJmjGlS6TfykgD5eUHdpbif724jrYzpj0yp8SAAegmsfeH8RIpd3jmV41d1lcT
UV5uYTujAkEAy318TB6sh1ApkupmQU2pQWnVt0kewZA/NCDZ6MPsa//cHuhbi7P6
ZxmyZn+u+0KfiVYYeyMjv3BFDfeGn5PPewJAKE6hLJj4oql1mItpnxNpY5BdUgjp
N39ZL688Leuh6j1EQeFAvZLTAknMQdWm33/BjVyE3oM94thnIFuaVyZcAwJAYmly
xqGDEQHcyVehUm3LsH4NxNGRFU28s2o72M2ANo8MFsqLE5pcPKZ52AZiStPishm4
Rz0sWbZjPyj5q41hpwJALbwQYxv9GVVY3hywyzK3t/6ToGmC/jvXYqu5pR+5Khs6
rCD+hZMKQU1AYA4l6n5CMhRYmYk+XdkdjZKUylgcmg==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICojCCAYoCAQIwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE0MTIyODIyMTM1N1oXDTE1MDEyNzIy
MTM1N1owWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNV
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHH/fTFwKTMHDaFXw6LvyDMhHc
XwbN3dfI+RGMbBqrQmb7M0+MvDsx5pVo/d0k4HzKnVuLe9mRUmxRWKrC6yk6R+gi
nrbvdPGEsP97bJxZdaxa4HvZeVVs7I20gYbY9oHCw9fdMluaPgLKn+QTQz+Bu+xX
eXVxnkZikbXRI4l0UQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBaCxFScRowAmHv
d3DF8BugvtWZFq+GS4/BWgH1pAIj6ED6HrFnxZKrs8t67zUI888An1nmxAFNPPST
6ys1VEW2z4xzZEh2EK/ZPiwkz9rWl9jjilypvIAeG4jnhk5OaaqE0X6J/Lx5rxWk
iQmEslthAz4aysUD9kmivr0Cyzz41ZaJR8oMdRnXx88Qeq4Y3dStIIDjPCRfwaYu
nA4G5P4fj1LY4vcjL5Y/Vw2bkn9gh4t0lx5LuCOh5RRyFYpygW2gyc7qSYI5v5dh
/rsDfRapHgbL5bvfO+qkky2lKfmvy0e0QV0CzStq6CALaa8EbMz8cPiyEfcqmgVg
45HRLZut
-----END CERTIFICATE-----
PKCS#3 DH Parameters: (1024 bit)
prime:
00:8c:26:29:59:c0:96:11:92:73:b7:7a:94:e0:4d:
f7:44:a1:93:91:20:1e:93:76:7f:05:89:d5:d0:45:
bd:69:bd:fa:f7:90:4a:12:ad:06:d1:89:80:dd:84:
e2:5c:5b:74:b0:6a:a0:e6:83:46:b4:27:0d:a4:db:
74:ac:a4:d5:58:6c:7b:12:43:24:7d:2b:71:92:be:
84:bf:9a:12:20:04:08:55:b3:bf:d9:1f:bb:26:cd:
ba:02:d4:9b:28:0f:24:d8:06:10:d0:50:9d:b6:5a:
97:fa:d8:60:c4:9a:d4:88:97:a5:db:f6:52:a3:66:
1c:3c:1c:66:13:d1:55:7b:63
generator: 5 (0x5)
-----BEGIN DH PARAMETERS-----
MIGHAoGBAIwmKVnAlhGSc7d6lOBN90Shk5EgHpN2fwWJ1dBFvWm9+veQShKtBtGJ
gN2E4lxbdLBqoOaDRrQnDaTbdKyk1VhsexJDJH0rcZK+hL+aEiAECFWzv9kfuybN
ugLUmygPJNgGENBQnbZal/rYYMSa1IiXpdv2UqNmHDwcZhPRVXtjAgEF
-----END DH PARAMETERS-----
{
"contexts" :
[
"Header",
"Content"
],
"middleboxes" :
[
{
"url" : "127.0.0.1:8423",
"readAccess": [0,1],
"writeAccess": [0,1]
}
],
"slicedData" : [
{
"slice" : 0,
"data" : "This is slice 0 data from the client, which the middlebox can see and modify"
},
{
"slice" : 1,
"data" : "This is slice 1 data from the client, which the middlebox can see but not modify"
}
]
}
echo "Starting Middlebox"
../middlebox 8423 127.0.0.1:8423 simpleMiddlebox &
mboxpid=$(pidof ../mcmbox)
#sleep .3
echo "Starting Server"
../server ./simpleEchoScript.sh &
serverpid=$(pidof ../mcserver)
#sleep .3
n=0; while [[ $n -lt $1 ]]; do
n=$((n+1))
echo "Starting Client"
../client simple_input.json
done;
echo "Cleaning up"
kill $mboxpid
kill $serverpid
echo "Starting Middlebox"
../middlebox 8423 127.0.0.1:8423 simpleMiddlebox ./replacementScript.sh &
mboxpid=$(pidof ../mcmbox)
#sleep .3
echo "Starting Server"
../server ./simpleEchoScript.sh &
serverpid=$(pidof ../mcserver)
#sleep .3
n=0; while [[ $n -lt $1 ]]; do
n=$((n+1))
echo "Starting Client"
../client simple_input.json
done;
echo "Cleaning up"
kill $mboxpid
kill $serverpid
sudo tcpdump -i lo -w mbox_to_server.pcap port 4433 &
sudo tcpdump -i lo -w client_to_mbox.pcap port 8423 &
echo "Starting Middlebox"
../middlebox 8423 127.0.0.1:8423 simpleMiddlebox &
mboxpid=$(pidof ../mcmbox)
#sleep .3
echo "Starting Server"
../server ./simpleEchoScript.sh &
serverpid=$(pidof ../mcserver)
#sleep .3
echo "Starting Client"
../client simple_input.json
echo "Cleaning up"
kill $mboxpid
kill $serverpid
killall tcpdump
echo "Without re-encryption"
time (./run_demo.sh 500 2>&1 > /dev/null)
echo ""
echo "With re-encryption"
time (./run_demo_reencrypt.sh 500 2>&1 > /dev/null)
\ No newline at end of file
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDy8zc6Xe1UTbzGQODwgoubnnKlgBhuNna2h+xWo0FDTfwVdgkN
/J05YHKb7NuR2qp6WzOWRCmFvQsViYRoCalZvMgYxa7G0cylJqL4iUKu6QF/qzYP
yGHE1Jao+Zme/v/LQFL0WcIaYpld+FmTy05AKHaps/tvtOcBkgT9bMb3LQIDAQAB
AoGAUswe0051dpizsCEmR/FFoPiD+/FG4jC/jn+ORQyITmbCdZHvjgu8jXRYOtmj
DvclyGNSlnCOchy2LVXbgRVh2CBgkEoUbRQqzR/6+1L8pupul0TRoe8ptty/JPnz
uz6LDqbJUk6+lSX4DVhIYjUxHkPBX5wlsq/wMMQI8WIQcqECQQD+SJs/ynWpEHeK
DppqiOszzme60UgwGZ64lXg26HTctJqmR8uyVEzccS/mJNwikiNiqrZ9VVvQzJ/N
caGtSGL5AkEA9JcGeRqNduf4cVU1oC/y05FQLXO0r2eFBQAsbUU2/bFQAkoMfdXP
B9tTJXQVkh3sJDwfcE9HdkQGsIg/QPsO1QJANAPqLgxeMS07JrSCBdToN/q64U46
NAypmRyKMMEwVo1jLSx2kI4KAvXsVGmp1jCKqH4/QjgZxgZ1kfLynZ23EQJBAJXy
qMNB5gxJtmQ0qwWjn6jY42CaGOGYA1LHgnUTA92QAM8GepYCqEPW0Cib/EVyFr04
JsYBtHvqxHchcDX0NGkCQE3DjUPc/mQai62zoegMZ7m6Xi0t7M77amtXol4/yrVW
u67wvRq1Q0ylHFr1LKXSWhptCUQ4MgluecZHDW3uDmI=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICojCCAYoCAQEwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE0MTIyODIyMTM0MloXDTE1MDEyNzIy
MTM0MlowWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNV
BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDy8zc6Xe1UTbzGQODwgoubnnKl
gBhuNna2h+xWo0FDTfwVdgkN/J05YHKb7NuR2qp6WzOWRCmFvQsViYRoCalZvMgY
xa7G0cylJqL4iUKu6QF/qzYPyGHE1Jao+Zme/v/LQFL0WcIaYpld+FmTy05AKHap
s/tvtOcBkgT9bMb3LQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB2a7xpBpKimr9P
h2Ow5oeEhcEEbY+qo3trVqjeLvzMmAvvt3f1wa8ApnwkjAIdhIhDTFhv/iCRpU1v
gGB6E/l+x95LLoicdvv2i7kJ/QPPjBrQ3zETNbL52oPo1ZWIs3LZtTJnEgchcC9z
zzSpNv3LIfzwEWeW22AI0xPA49JYyxRVpuJQEJWminP+h8jFe+ESKvoKTxcuMvLU
PcRYIojsjWPmoxEDWiVWKjVSikDybS6U1jsZ3RgI9zuXfg9U+xYOKj8capBi94iU
sI1LKWSoSBWiZE8vkI2/jgDC+0QcDFo3pQEMLc8z+7cNLE8sXjRrRijoZkBf8TSQ
v66L2tFL
-----END CERTIFICATE-----
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment