diff --git a/backend/src/main.cpp b/backend/src/main.cpp index c51c30b..46b497c 100644 --- a/backend/src/main.cpp +++ b/backend/src/main.cpp @@ -57,7 +57,8 @@ int main(int argc, char *argv[]) if (build) { // create all tables from 0 to (2^8)^offset-1 - for (int i = 0; i < std::pow(std::pow(2, 8), offset); i++) + const int num_tables = std::pow(std::pow(2, 8), offset); + for (int i = 0; i < num_tables; i++) { db.execute("CREATE TABLE `" + std::to_string(i) + "` (password TEXT);"); } @@ -78,11 +79,10 @@ int main(int argc, char *argv[]) for (const auto &password : encrypted_passwords) { // determine which table to insert into based on leaked byte - std::string encoded_byte = crow::utility::base64encode(password.substr(0, offset), offset); - std::string table_num = std::to_string(static_cast(encoded_byte[0])); + unsigned int leaked_byte = ((unsigned char)password.substr(0, offset)[0]) & (num_tables-1); std::string raw_password = password.substr(offset, password.size() - offset); // encode password before inserting into database - db.execute("INSERT INTO `" + table_num + "` (password) VALUES ('" + crow::utility::base64encode(raw_password, raw_password.size()) + "');"); + db.execute("INSERT INTO `" + std::to_string(leaked_byte) + "` (password) VALUES ('" + crow::utility::base64encode(raw_password, raw_password.size()) + "');"); } // create key table diff --git a/backend/src/server.cpp b/backend/src/server.cpp index ff5f4a2..2dc032d 100644 --- a/backend/src/server.cpp +++ b/backend/src/server.cpp @@ -34,11 +34,11 @@ namespace server // get the table num corresponding to the user password leaked byte std::string decoded_password = crow::utility::base64decode(user_password, user_password.size()); - std::string encoded_leaked_byte = crow::utility::base64encode(decoded_password.substr(0, offset), offset); - std::string table_num = std::to_string(static_cast(encoded_leaked_byte[0])); + unsigned char leaked_byte = decoded_password.substr(0, offset)[0]; + unsigned int table_num = leaked_byte & ((int)std::pow(std::pow(2, 8), offset) - 1); // get all passwords from the table corresponding to the user password leaked byte - std::vector breached_passwords = db.execute("SELECT * FROM `" + table_num + "`;", callback); + std::vector breached_passwords = db.execute("SELECT * FROM `" + std::to_string(table_num) + "`;", callback); // get b secret key from database std::string encoded_b = db.execute("SELECT * FROM secret;", callback)[0]; diff --git a/backend/tests/server.cpp b/backend/tests/server.cpp index a423330..d70bbd3 100644 --- a/backend/tests/server.cpp +++ b/backend/tests/server.cpp @@ -30,9 +30,10 @@ TEST_CASE("Test endpoints using handler") // offset constant const size_t offset = 1; + const int num_tables = std::pow(std::pow(2, 8), offset); // create all tables from 0 to (2^8)^offset-1 - for (int i = 0; i < std::pow(std::pow(2, 8), offset); i++) + for (int i = 0; i < num_tables; i++) { db.execute("CREATE TABLE `" + std::to_string(i) + "` (password TEXT);"); } @@ -51,13 +52,11 @@ TEST_CASE("Test endpoints using handler") for (const auto &password : encrypted_passwords) { // determine which table to insert into based on leaked byte - std::string encoded_byte = crow::utility::base64encode(password.substr(0, offset), offset); - std::string table_num = std::to_string(static_cast(encoded_byte[0])); - + unsigned int leaked_byte = ((unsigned char)password.substr(0, offset)[0]) & (num_tables-1); std::string raw_password = password.substr(offset, password.size() - offset); // encode password before inserting into database - db.execute("INSERT INTO `" + table_num + "` (password) VALUES ('" + crow::utility::base64encode(raw_password, raw_password.size()) + "');"); + db.execute("INSERT INTO `" + std::to_string(leaked_byte) + "` (password) VALUES ('" + crow::utility::base64encode(raw_password, raw_password.size()) + "');"); } // create key table