Finish challenge 14.

src/main.rs

@@ -15,9 +15,9 @@ fn main() {
     // set1::challenge6();
     // set1::challenge7();
     // set1::challenge8();
-    // set2::challenge9();
-    // set2::challenge10();
-    // set2::challenge11();
-    // set2::challenge12();
+    set2::challenge9();
+    set2::challenge10();
+    set2::challenge11();
+    set2::challenge12();
     set2::challenge13();
 }

src/set2.rs

@@ -216,9 +216,43 @@ pub fn challenge13() {
         parser::parse_key_value(&c.to_utf8())
     }
 
-    let key = Bytes::random(16); // consistent but unknown key
-    let profile = profile_for("omgitsme@gmail.com", &key);
-    let dict = decrypt(&key, &profile);
-    println!("{:?}", dict);
-    println!("[xxxx] Challenge 13: TBD");
+    fn attack(key: &Bytes) -> Bytes {
+        // Using only the user input to profile_for() (as an oracle to generate
+        // "valid" ciphertexts) and the ciphertexts themselves, make a
+        // role=admin profile.
+        // (FelixM) I assume ECB and block_size = 16; we could figure
+        // it out easily my adding enough 'a' to the email
+        let mut r = vec![];
+
+        //             ________________________________
+        //             0..34..78..bc..f0..34..78..bc..f0..34..78..bc..f
+        //             email=aaaaa@a.com&uid=1337&role=user
+        let p = profile_for("aaaaa@a.com", &key);
+        r.append(&mut p.0[0..32].to_vec());
+
+        //                             ----------------
+        //             0..34..78..bc..f0..34..78..bc..f0..34..78..bc..f
+        //             email=aaaaaaa@a.admin&uid=1337&role=user
+        let p = profile_for("aaaaaaa@a.admin", &key);
+        r.append(&mut p.0[16..32].to_vec());
+
+        //                                             ----------------
+        //             0..34..78..bc..f0..34..78..bc..f0..34..78..bc..f
+        //             email=aaaaaaaa@a.admin&uid=1337&role=user
+        let p = profile_for("aaaaaaaa@a.admin", &key);
+        r.append(&mut p.0[32..48].to_vec());
+
+        Bytes(r)
+    }
+
+    let key = Bytes::random(16); // consistent but unknown key
+    let profile = attack(&key);
+    let dict = decrypt(&key, &profile);
+    let role = dict.get("role").unwrap();
+    assert_eq!(role, "admin");
+    println!("[done] Challenge 13: role={}", role);
+}
+
+pub fn challenge14() {
+    println!("[xxxx] Challenge 14:");
 }