blob: 3b4a7ef146e39bec39fb8eadbc6df5a96dbf9728 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
#include "../lib/lib2.h"
#include "../lib/lib.h"
/**
* One can request profiles by calling the function profile_for.
* This function ensures, that all created profiles are user profiles
* Since the profiles are encrypted and only the other side knows the
* key one cannot change the profile normally.
*
* But by making to special requst and combine them one can get a profile
* with the role admin (since it is encrypted with ECB mode)
*
* First Request:
* Create a profile such that one blocks ends with role=
* Create profile for bobi@test.com results in:
* email=bobi@test.com&uid=10&role=user
* Encrypted this results in three blocks
* The first encrypted block ist:
* email=bobi@test.
* The sencond is:
* com&uid=10&role=
* The third is not interesting for us
*
* Second Request:
* Create a profile such that a block start with admin. Combine it with
* the block which ends with role= concat them an we are admin!
* Create profile for bobi@test.admin
* First block is agian:
* email?bpbo@test.
* Second block is:
* admin&uid=10&rol
*
* When using a strict paser he maybe would not accept the string
* because of the second role=user
*
*/
int main(int argc, char **argv)
{
// initialize key
generate_random_bytes(key, 16);
char *encrypted_user1 = profile_for("bobi@test.com");
char *encrypted_user2 = profile_for("bobi@test.admin");
char admin_user[50];
// create new user from the two above
memcpy(admin_user, encrypted_user1, 32);
memcpy(&admin_user[32], &encrypted_user2[16], 16);
// send new user to server
send_user(admin_user, 48);
}
|
