felixm/cryptopals
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Finish challenge 14.

Browse Source
This commit is contained in:
Felix Martin
2022-06-21 20:21:55 -04:00
parent db9f9d265b
commit 6f739b6781
2 changed files with 41 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main.rs
View File

@@ -15,9 +15,9 @@ fn main() {
// set1::challenge6(); // set1::challenge6();
// set1::challenge7(); // set1::challenge7();
// set1::challenge8(); // set1::challenge8();
// set2::challenge9(); set2::challenge9();
// set2::challenge10(); set2::challenge10();
// set2::challenge11(); set2::challenge11();
// set2::challenge12(); set2::challenge12();
set2::challenge13(); set2::challenge13();
} }

44
src/set2.rs
View File

@@ -216,9 +216,43 @@ pub fn challenge13() {
parser::parse_key_value(&c.to_utf8()) parser::parse_key_value(&c.to_utf8())
} }
let key = Bytes::random(16); // consistent but unknown key fn attack(key: &Bytes) -> Bytes {
let profile = profile_for("omgitsme@gmail.com", &key); // Using only the user input to profile_for() (as an oracle to generate
let dict = decrypt(&key, &profile); // "valid" ciphertexts) and the ciphertexts themselves, make a
println!("{:?}", dict); // role=admin profile.
println!("[xxxx] Challenge 13: TBD"); // (FelixM) I assume ECB and block_size = 16; we could figure
// it out easily my adding enough 'a' to the email
let mut r = vec![];
// ________________________________
// 0..34..78..bc..f0..34..78..bc..f0..34..78..bc..f
// email=aaaaa@a.com&uid=1337&role=user
let p = profile_for("aaaaa@a.com", &key);
r.append(&mut p.0[0..32].to_vec());
// ----------------
// 0..34..78..bc..f0..34..78..bc..f0..34..78..bc..f
// email=aaaaaaa@a.admin&uid=1337&role=user
let p = profile_for("aaaaaaa@a.admin", &key);
r.append(&mut p.0[16..32].to_vec());
// ----------------
// 0..34..78..bc..f0..34..78..bc..f0..34..78..bc..f
// email=aaaaaaaa@a.admin&uid=1337&role=user
let p = profile_for("aaaaaaaa@a.admin", &key);
r.append(&mut p.0[32..48].to_vec());
Bytes(r)
}
let key = Bytes::random(16); // consistent but unknown key
let profile = attack(&key);
let dict = decrypt(&key, &profile);
let role = dict.get("role").unwrap();
assert_eq!(role, "admin");
println!("[done] Challenge 13: role={}", role);
}
pub fn challenge14() {
println!("[xxxx] Challenge 14:");
} }