Commit f7d6fc57 authored by powelld's avatar powelld

demonstrator update

parent 79146864
...@@ -5,17 +5,17 @@ TARGETS=client server middlebox ...@@ -5,17 +5,17 @@ TARGETS=client server middlebox
all: $(TARGETS) all: $(TARGETS)
client: client.o common.o client: client.o common.o cJSON.o
$(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
server: server.o common.o server: server.o common.o cJSON.o
$(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
middlebox: middlebox.o common.o middlebox: middlebox.o common.o cJSON.o
$(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
%.o: %.c %.o: %.c
$(CC) $(CFLAGS) -c -o $@ $< $(CC) $(CFLAGS) -c -o $@ $<
clean: clean:
rm -f *.o $(TARGETS) rm -f *.o $(TARGETS)
\ No newline at end of file
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
...@@ -11,6 +11,8 @@ ...@@ -11,6 +11,8 @@
#include <netdb.h> #include <netdb.h>
#include <sys/select.h> #include <sys/select.h>
#include <errno.h> #include <errno.h>
#include <stdio.h>
#include <ctype.h>
#define MAXSTRLEN (1024) #define MAXSTRLEN (1024)
...@@ -172,7 +174,7 @@ COMMON_SetProxyAccessPermissionByID(SSL *ptSSL, int iSliceID, int iMiddleboxNum, ...@@ -172,7 +174,7 @@ COMMON_SetProxyAccessPermissionByID(SSL *ptSSL, int iSliceID, int iMiddleboxNum,
int reads_insert_index, write_insert_index; int reads_insert_index, write_insert_index;
int x,y,z; int x,y,z;
if(ptSSL->proxies_len<iMiddleboxNum || ptSSL->slices_len<iSliceID) if(ptSSL->proxies_len<=iMiddleboxNum)
return ARRAY_OVERFLOW; return ARRAY_OVERFLOW;
read_slices=ptSSL->proxies[iMiddleboxNum]->read_slice_ids; read_slices=ptSSL->proxies[iMiddleboxNum]->read_slice_ids;
read_slice_len=&(ptSSL->proxies[iMiddleboxNum]->read_slice_ids_len); read_slice_len=&(ptSSL->proxies[iMiddleboxNum]->read_slice_ids_len);
...@@ -202,7 +204,7 @@ COMMON_SetProxyAccessPermissionByID(SSL *ptSSL, int iSliceID, int iMiddleboxNum, ...@@ -202,7 +204,7 @@ COMMON_SetProxyAccessPermissionByID(SSL *ptSSL, int iSliceID, int iMiddleboxNum,
if(*read_slice_len>y) { /*we have higher number slices to move up*/ if(*read_slice_len>y) { /*we have higher number slices to move up*/
memmove(&read_slices[x+1],&read_slices[x],(*read_slice_len-y)*sizeof(*read_slices)); memmove(&read_slices[x+1],&read_slices[x],(*read_slice_len-y)*sizeof(*read_slices));
} }
read_slices[x]=iSliceID; read_slices[x+1]=iSliceID;
(*read_slice_len)++; (*read_slice_len)++;
} /*else we are re-granted an already granted access - NOP*/ } /*else we are re-granted an already granted access - NOP*/
} else { /*we are removing the permission if it is granted*/ } else { /*we are removing the permission if it is granted*/
...@@ -226,7 +228,7 @@ COMMON_SetProxyAccessPermissionByID(SSL *ptSSL, int iSliceID, int iMiddleboxNum, ...@@ -226,7 +228,7 @@ COMMON_SetProxyAccessPermissionByID(SSL *ptSSL, int iSliceID, int iMiddleboxNum,
if(*write_slice_len>y) { /*we have higher number slices to move up*/ if(*write_slice_len>y) { /*we have higher number slices to move up*/
memmove(&write_slices[x+1],&write_slices[x],(*write_slice_len-y)*sizeof(*write_slices)); memmove(&write_slices[x+1],&write_slices[x],(*write_slice_len-y)*sizeof(*write_slices));
} }
write_slices[x]=iSliceID; write_slices[x+1]=iSliceID;
(*write_slice_len)++; (*write_slice_len)++;
} /*else we are re-granted an already granted access - NOP*/ } /*else we are re-granted an already granted access - NOP*/
} else { /*we are removing the permission if it is granted*/ } else { /*we are removing the permission if it is granted*/
...@@ -425,3 +427,172 @@ common_SigpipeHandle(int x) ...@@ -425,3 +427,172 @@ common_SigpipeHandle(int x)
UNUSED(x); UNUSED(x);
} }
char* COMMON_MakeNullTerminatedCopy (const char* buf, const unsigned int length)
{
char* retBuf = malloc(length + 1);
memcpy(retBuf, buf, length);
retBuf[length] = 0;
return retBuf;
}
long getMicrotime()
{
struct timeval currentTime;
gettimeofday(&currentTime, NULL);
return currentTime.tv_sec * (int)1e6 + currentTime.tv_usec;
}
char* COMMON_WriteJSONFile (cJSON* data, char* source)
{
char fileNameBuf[128];
sprintf(fileNameBuf, "%s_%lu.json", source, getMicrotime());
FILE* f = fopen (fileNameBuf, "w");
char* jsonString = cJSON_Print(data);
fwrite(jsonString, 1, strlen(jsonString), f);
fclose(f);
free(jsonString);
return strdup(fileNameBuf);
}
cJSON* COMMON_ReadJSONFile (char* filename)
{
FILE * f = fopen (filename, "r");
fseek (f, 0, SEEK_END);
int length = ftell (f);
fseek (f, 0, SEEK_SET);
char* buffer = malloc (length);
if (buffer)
{
fread (buffer, 1, length, f);
}
fclose (f);
cJSON* json = cJSON_Parse(buffer);
free(buffer);
return json;
}
int COMMON_Base64Encode(const unsigned char* buffer, size_t length, char** b64text)
{
BIO *bio, *b64;
BUF_MEM *bufferPtr;
b64 = BIO_new(BIO_f_base64());
bio = BIO_new(BIO_s_mem());
bio = BIO_push(b64, bio);
BIO_set_flags(bio, 0); // BIO_FLAGS_BASE64_NO_NL); //Ignore newlines - write everything in one line
BIO_write(bio, buffer, length);
BIO_flush(bio);
BIO_get_mem_ptr(bio, &bufferPtr);
BIO_set_close(bio, BIO_NOCLOSE);
BIO_free_all(bio);
*b64text=(*bufferPtr).data;
return (0); //success
}
size_t common_calcDecodeLength(const char* b64input)
{ //Calculates the length of a decoded string
size_t len = strlen(b64input),
padding = 0;
if (b64input[len-1] == '=' && b64input[len-2] == '=') //last two chars are =
padding = 2;
else if (b64input[len-1] == '=') //last char is =
padding = 1;
return (len*3)/4 - padding;
}
int COMMON_Base64Decode(char* b64message, unsigned char** buffer, size_t* length)
{
BIO *bio, *b64;
int decodeLen = common_calcDecodeLength(b64message);
*buffer = (unsigned char*)malloc(decodeLen + 1);
(*buffer)[decodeLen] = '\0';
bio = BIO_new_mem_buf(b64message, -1);
b64 = BIO_new(BIO_f_base64());
bio = BIO_push(b64, bio);
BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Do not use newlines to flush buffer
*length = BIO_read(bio, *buffer, strlen(b64message));
assert(*length == decodeLen); //length should equal decodeLen, else something went horribly wrong
BIO_free_all(bio);
return (0); //success
}
char* COMMON_CallExternalProcess(const char* commandString, unsigned int* length)
{
FILE* p = popen(commandString, "r");
// Ugh. Do this better.
const unsigned int bufSize = 65536;
char* responseBuf = malloc(bufSize);
memset(responseBuf, 0, bufSize);
char* ptr = responseBuf;
int ch;
unsigned int count = 0;
while( (ch=fgetc(p)) != EOF)
{
*ptr++ = ch;
count++;
}
int returnCode = WEXITSTATUS(pclose(p));
*length = count;
return responseBuf;
}
#define MAX_CERT_FIELD_LENGTH 1024
#define SHA1LEN 20
void hex_encode(unsigned char* readbuf, void *writebuf, size_t len)
{
for(size_t i=0; i < len; i++) {
char *l = (char*) (2*i + ((intptr_t) writebuf));
sprintf(l, "%02x", readbuf[i]);
}
}
void COMMON_PrintCertificateDetails (X509* cert)
{
if (NULL == cert) {
printf ("\tNo certificate\n");
return;
}
char subj[MAX_CERT_FIELD_LENGTH+1];
char issuer[MAX_CERT_FIELD_LENGTH+1];
X509_NAME_oneline(X509_get_subject_name(cert), subj, MAX_CERT_FIELD_LENGTH);
X509_NAME_oneline(X509_get_issuer_name(cert), issuer, MAX_CERT_FIELD_LENGTH);
printf("\tSubject: %s\n", subj);
printf("\tIssuer: %s\n", issuer);
char buf[SHA1LEN];
const EVP_MD *digest = EVP_sha1();
unsigned len;
int rc = X509_digest(cert, digest, (unsigned char*) buf, &len);
if (rc == 0 || len != SHA1LEN) {
printf ("\tFailed to get SHA1 fingerprint\n");
}
char strbuf[2*SHA1LEN+1];
hex_encode(buf, strbuf, SHA1LEN);
printf ("\tFingerprint: %s\n", strbuf);
}
...@@ -7,6 +7,8 @@ ...@@ -7,6 +7,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <pthread.h> #include <pthread.h>
#include <signal.h> #include <signal.h>
#include <stdbool.h>
#include "cJSON.h"
#define DEFAULT_SERVER_PORT 4433 #define DEFAULT_SERVER_PORT 4433
#define DEFAULT_MBOX_PORT 8423 #define DEFAULT_MBOX_PORT 8423
...@@ -90,8 +92,17 @@ ERROR_STATUS COMMON_InitializeSSLCtx(SSL_CTX **pptCtx, ...@@ -90,8 +92,17 @@ ERROR_STATUS COMMON_InitializeSSLCtx(SSL_CTX **pptCtx,
unsigned int iID); /*todo - check the name of this in spec - the byte that identifies the middlebox number, client or server*/ unsigned int iID); /*todo - check the name of this in spec - the byte that identifies the middlebox number, client or server*/
void COMMON_DestroyCtx(SSL_CTX *ptCtx); void COMMON_DestroyCtx(SSL_CTX *ptCtx);
char* COMMON_WriteJSONFile (cJSON* data, char* source);
cJSON* COMMON_ReadJSONFile (char* filename);
//char* COMMON_GetPrintableBuffer (char* inputBuf, int inputBufLen, int* wasBase64Encoded);
int COMMON_Base64Encode(const unsigned char* buffer, size_t length, char** b64text);
int COMMON_Base64Decode(char* b64message, unsigned char** buffer, size_t* length);
char* COMMON_CallExternalProcess(const char* commandString, unsigned int* lengt);
char* COMMON_MakeNullTerminatedCopy (const char* buf, const unsigned int length);
void COMMON_PrintCertificateDetails (X509* cert);
#endif #endif
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment