CSCI 780: Spring 2024
Distributed System Security
Project 1: sget

Due: Fri, Feb 16, 11:59pm


In this project, you will implement a client (sget) and server (sgetd) that speak the "SGET" protocol. SGET is a bespoke protocol for fetching a file. With very minor differences, it closely resembles the original HTTP protocol (dubbed HTTP 0.9).

In SGET, a client request has the form:

<FILENAME> <NEWLINE>

If the file exists, the server returns it. If the file does not exist (or the server does not have permissions to access it), the server returns a one-line error message of the form:

error: <SPACE> <ERRMSG> <NEWLINE>

If the server receives a malformed request, it does not send a response. In either case, the server closes the connection after servicing the request. The server runs forever and should be able to handle multiple concurrent clients.

In this project, you will implement three variants of SGET:

  1. The "vanilla" SGET protocol
  2. SGET over TLS
  3. SGET over mutually-authenticated TLS. Here, the server also authenticates the client.

You will implement the client and server to accept command-line options that dictate which variant of the protocol it runs; once running, a server only speaks that particular variant.

sget


Name

sget - fetch files over the SGET protocol

Synopsis

sget [options] HOST:PORT REQUEST

Positional Arguments

HOST:PORT

The host:port of the server to connect to. HOST can be an IP address or a domain name.

REQUEST

The name of the file to download.

Options

For TLS, the -ca-cert option must be provided. If the client also authenticates itself, then both the -cert and -key options must also be specified. Note that the server must also agree on whether to not use TLS, use TLS, or use TLS with client authentication.

-cert TLS_CERT

The client's TLS certificate file.

-key TLS_PRIVATE_KEY

The client's TLS private key.

-ca-cert CA_CERT

The certificate file for the CA that signed the server's TLS certificate.

-out OUT_FILE

Save the output to OUT_FILE. Otherwise, the output is written to stdout.

-help

Show this usage statement and exit.

Exit Status

If sget successfully receives a response (either the file or an error message) and writes it (either to stdout or a file), it has an exit status of zero; otherwise, it has a non-zero exit status.

Examples

No TLS:

        ./sget 127.0.0.1:8085 foo.txt
        
TLS:

        ./sget -ca-cert ca.crt 127.0.0.1:8085 foo.txt
        
Mutually-authenticated TLS:

        ./sget -ca-cert ca.crt -cert client.crt -key client.key 127.0.0.1:8085 foo.txt
        

sgetd


Name

sgetd - serve files over SGET protocol

Synopsis

sgetd [options] [HOST]:PORT

Positional Arguments

[HOST]:PORT

A "host:port" address to listen on for connections.

Options

For TLS, both -cert and -key must be specified. If the server should also authenticate the client, then -ca-cert must also be specified.

-root-dir ROOT_DIR

The root directory for serving files.
Default: the current working directory.

-cert TLS_CERT

The server's TLS certificate file.

-key TLS_PRIVATE_KEY

The server's TLS private key.

-ca-cert CA_CERT

The certificate file for the CA that signs the TLS certificate for the clients.

-help

Display this usage statement and exit.

Examples

No TLS:

        ./sgetd -root-dir /tmp 127.0.0.1:8085
        
TLS:

         ./sgetd -root-dir /tmp -cert server.crt -key server.key 127.0.0.1:8085
        
Mutually-authenticated TLS:

          ./sgetd -root-dir /tmp -cert server.crt -key server.key -ca-cert ca.crt 127.0.0.1:8085
        

Skeleton Code

To help get started, please use the following sget.zip skeleton module.

Submitting

Submit your project as a zip file via gradescope. Your project must include a Makefile that builds two executables: sget and sgetd. Please refer to the instructions for submitting an assignment for details on how to login to gradescope and properly zip your project.

Rubric

Server Vanilla


1.1 send file (6 pts)


        ./sgetd -root-dir data 127.0.0.1:8085
        

        ./instructor/sget 127.0.0.1:8085 hughes.txt
(out)Hold fast to dreams
(out)For if dreams die
(out)Life is a broken-winged bird
(out)That cannot fly.
(out)Hold fast to dreams
(out)For when dreams go
(out)Life is a barren field
(out)Frozen with snow.
        

1.2 send error message (6 pts)


        ./sgetd -root-dir data 127:0.0.1:8085
        

        ./instructor/sget 127.0.0.1:8085 dunbar.txt
        error: can't read dunbar.txt
        

You can choose the server's error response message; it simply must start with error: .

Client Vanilla


2.1 get file (6 pts)


        ./instructor/sgetd -root-dir data 127.0.0.1:8086
        

        ./sget 127.0.0.1:8086 hughes.txt
(out)Hold fast to dreams
(out)For if dreams die
(out)Life is a broken-winged bird
(out)That cannot fly.
(out)Hold fast to dreams
(out)For when dreams go
(out)Life is a barren field
(out)Frozen with snow.
        

2.2 get error message (6 pts)


        ./instructor/sgetd -root-dir data 127.0.0.1:8086
        

        ./sget 127.0.0.1:8086 dunbar.txt
        error: can't read dunbar.txt
        

2.3 output to file (5 pts)


        ./instructor/sgetd -root-dir data 127.0.0.1:8086
        

        ./sget -out poem.txt 127.0.0.1:8086 angelou.txt
        

The file poem.txt should have the contents:


(out)Shadows on the wall
(out)Noises down the hall
(out)Life doesn't frighten me at all
(out)
(out)Bad dogs barking loud
(out)Big ghosts in a cloud
(out)Life doesn't frighten me at all
(out)
(out)Mean old Mother Goose
(out)Lions on the loose
(out)They don't frighten me at all
(out)
(out)Dragons breathing flame
(out)On my counterpane
(out)That doesn't frighten me at all.
        

Server TLS


3.1 send file (6 pts)


        ./sgetd -cert assets/server1.crt -key assets/server1.key  -root-dir data 127.0.0.1:8085
        

        ./instructor/sget -ca-cert assets/ca1.crt 127.0.0.1:8085 dorothy.txt
(out)Dorothy lived in the midst of the great Kansas prairies, with Uncle
(out)Henry, who was a farmer, and Aunt Em, who was the farmer's wife.
(out)Their house was small, for the lumber to build it had to be carried
(out)by wagon many miles. There were four walls, a floor and a roof,
(out)which made one room; and this room contained a rusty looking cooking
(out)stove, a cupboard for the dishes, a table, three or four chairs,
(out)and the beds. Uncle Henry and Aunt Em had a big bed in one corner,
(out)and Dorothy a little bed in another corner. There was no garret at
(out)all, and no cellar--except a small hole, dug in the ground, called a
(out)cyclone cellar, where the family could go in case one of those great
(out)whirlwinds arose, mighty enough to crush any building in its path. It
(out)was reached by a trap-door in the middle of the floor, from which a
(out)ladder led down into the small, dark hole.
        

3.2 send error message (6 pts)


        ./sgetd -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8085
        

        ./sget -ca-cert assets/ca1.crt 127.0.0.1:8085 witch.txt
        error: can't read witch.txt
        

You can choose the server's error response message; it simply must start with error: .

Client TLS


4.1 get file (6 pts)


        ./instructor/sgetd -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8086
        

        ./sget -ca-cert assets/ca1.crt 127.0.0.1:8086 dorothy.txt
(out)Dorothy lived in the midst of the great Kansas prairies, with Uncle
(out)Henry, who was a farmer, and Aunt Em, who was the farmer's wife.
(out)Their house was small, for the lumber to build it had to be carried
(out)by wagon many miles. There were four walls, a floor and a roof,
(out)which made one room; and this room contained a rusty looking cooking
(out)stove, a cupboard for the dishes, a table, three or four chairs,
(out)and the beds. Uncle Henry and Aunt Em had a big bed in one corner,
(out)and Dorothy a little bed in another corner. There was no garret at
(out)all, and no cellar--except a small hole, dug in the ground, called a
(out)cyclone cellar, where the family could go in case one of those great
(out)whirlwinds arose, mighty enough to crush any building in its path. It
(out)was reached by a trap-door in the middle of the floor, from which a
(out)ladder led down into the small, dark hole.
        

4.2 get error message (6 pts)


        ./instructor/sgetd -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8086
        

        ./sget -ca-cert assets/ca1.crt 127.0.0.1:8086 witch.txt
        error: can't read witch.txt
        

4.3 output to file (5 pts)


        ./instructor/sgetd -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8086
        

        ./sget -ca-cert assets/ca1.crt -out oz.txt 127.0.0.1:8086 dorothy.txt
        

The file oz.txt should have the contents:


(out)Dorothy lived in the midst of the great Kansas prairies, with Uncle
(out)Henry, who was a farmer, and Aunt Em, who was the farmer's wife.
(out)Their house was small, for the lumber to build it had to be carried
(out)by wagon many miles. There were four walls, a floor and a roof,
(out)which made one room; and this room contained a rusty looking cooking
(out)stove, a cupboard for the dishes, a table, three or four chairs,
(out)and the beds. Uncle Henry and Aunt Em had a big bed in one corner,
(out)and Dorothy a little bed in another corner. There was no garret at
(out)all, and no cellar--except a small hole, dug in the ground, called a
(out)cyclone cellar, where the family could go in case one of those great
(out)whirlwinds arose, mighty enough to crush any building in its path. It
(out)was reached by a trap-door in the middle of the floor, from which a
(out)ladder led down into the small, dark hole.
        

4.4 server presents untrusted cert (6 pts)


        ./instructor/sgetd -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8086
        

        ./sget -ca-cert assets/ca2.crt 127.0.0.1:8086 dorothy.txt
        (out)failed to verify certificate: x509: certificate signed by unknown authority
        echo $?
        (out)1
        

The contents of the output are not important. The test checks that sget writes one or more lines to stderr, 0 lines to stdout, and has a non-zero exit status.

Server Mutual TLS


5.1 send file (6 pts)


        ./sgetd -ca-cert assets/ca1.crt -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8085
        

        ./instructor/sget -ca-cert assets/ca1.crt -cert assets/client1.crt -key assets/client1.key 127.0.0.1:8085 machado.txt
(out)Caminante, son tus huellas
(out)el camino, y nada más;
(out)caminante, no hay camino,
(out)se hace camino al andar.
(out)Al andar se hace camino,
(out)y al volver la vista atrás
(out)se ve la senda que nunca
(out)se ha de volver a pisar.
(out)Caminante, no hay camino,
(out)sino estelas en la mar.
        

5.2 send error message (6 pts)


        ./sgetd -ca-cert assets/ca1.crt -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8085
        

        ./instructor/sget -ca-cert assets/ca1.crt -cert assets/client1.crt -key assets/client1.key 127.0.0.1:8085 jimenez.txt
        error: can't read jimenez.txt
        

You can choose the server's error response message; it simply must start with error: .

Client Mutual TLS


6.1 get file (6 pts)


        ./instructor/sgetd -ca-cert assets/ca1.crt -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8086
        

        ./sget -ca-cert assets/ca1.crt -cert assets/client1.crt -key assets/client1.key 127.0.0.1:8086 machado.txt
(out)Caminante, son tus huellas
(out)el camino, y nada más;
(out)caminante, no hay camino,
(out)se hace camino al andar.
(out)Al andar se hace camino,
(out)y al volver la vista atrás
(out)se ve la senda que nunca
(out)se ha de volver a pisar.
(out)Caminante, no hay camino,
(out)sino estelas en la mar.
        

6.2 get error message (6 pts)


        ./instructor/sgetd -ca-cert assets/ca1.crt -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8086
        

        ./sget -ca-cert assets/ca1.crt -cert assets/client1.crt -key assets/client1.key 127.0.0.1:8086 jimenez.txt
        error: can't read jimenez.txt
        

6.3 output to file (6 pts)


        ./instructor/sgetd -ca-cert assets/ca1.crt -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8086
        

        ./sget -ca-cert assets/ca1.crt -cert assets/client1.crt -key assets/client1.key -out poem.txt 127.0.0.1:8086 machado.txt
        

The file poem.txt should have the following content:


(out)Caminante, son tus huellas
(out)el camino, y nada más;
(out)caminante, no hay camino,
(out)se hace camino al andar.
(out)Al andar se hace camino,
(out)y al volver la vista atrás
(out)se ve la senda que nunca
(out)se ha de volver a pisar.
(out)Caminante, no hay camino,
(out)sino estelas en la mar.
        

6.4 client presents untrusted cert (6 pts)


        ./instructor/sgetd -ca-cert assets/ca1.crt -cert assets/server1.crt -key assets/server1.key -root-dir data 127.0.0.1:8086
        

        ./sget -ca-cert assets/ca1.crt -cert assets/client2.crt -key assets/client2.key 127.0.0.1:8086 machado.txt
        (out)remote error: tls: certificate required
        echo $?
        (out)1
        

The contents of the output are not important. The test checks that sget writes one or more lines to stderr, 0 lines to stdout, and has a non-zero exit status.