1 files changed, 61 insertions, 0 deletions

diff --git a/3.1/charon.rb b/3.1/charon.rb
new file mode 100755
index 0000000..75619b8
--- /dev/null
+++ b/3.1/charon.rb
@@ -0,0 +1,61 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+require 'securerandom'
+require 'sinatra'
+
+Users = {
+  "Athena" => "Passw0rd!"
+}
+
+Services = {
+  "_TGS" => "eiqu@a5ahs8mooqu9Eng",
+  "Mail" => "{FvM<kgG}VpHxKJO;6Zo"
+}
+
+def encrypt(obj, key)
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
+  cipher.key = Digest::SHA2.digest(key)
+  s = cipher.update(obj) + cipher.final
+  s.unpack('H*')[0].upcase
+end
+
+def decrypt(obj, key)
+  ticket = [obj].pack("H*").unpack("C*").pack("c*")
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
+  cipher.key = Digest::SHA2.digest(key)
+  p = cipher.update(ticket) + cipher.final
+  p.split(?\0)
+end
+
+def ticket(username, ws_address, service)
+  encrypt([username, ws_address, service].join(?\0), Services[service])
+end
+
+def noleak(msg, ul, ws)
+  puts "Error: #{msg}, returning nonsense to avoid leakage."
+  ticket(SecureRandom.alphanumeric(ul), ws, SecureRandom.alphanumeric(rand(24) + 8))
+end
+
+post '/login' do
+  request.body.rewind
+  data = JSON.parse(request.body.read)
+  next "Invalid request\n" unless data.keys == %w(username)
+  un = data["username"]
+  ul = un.length
+  ws = request.ip
+  next noleak("Invalid username", ul, ws) unless Users.keys.include?(un)
+  tgt = ticket(un, ws, "_TGS")
+  encrypt(tgt, Users[un])
+end
+
+post '/ticket' do
+  request.body.rewind
+  data = JSON.parse(request.body.read)
+  next "Invalid request\n" unless data.keys.sort == %w(service ticket username)
+  un, ws, sn = decrypt(data["ticket"], Services["_TGS"])
+  next "Invalid ticket\n" unless sn == "_TGS"
+  next "Invalid ticket\n" unless un == data["username"]
+  next "Invalid ticket\n" unless ws == request.ip
+  ticket(un, ws, data["service"])
+end