From 62c92eecbbf69036ea4b3a63c5151c710e55fe1e Mon Sep 17 00:00:00 2001
From: Valentin Ochs <a@0au.de>
Date: Tue, 3 Sep 2019 21:28:56 +0200
Subject: [PATCH] q13

---
 src/main.rs | 51 +++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 49 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 5003f2c..c1402a8 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -204,7 +204,7 @@ fn q12()
     };
 
     let starting_size = blackbox(Vec::new()).len();
-    let (first_increment, next_size) = (0..).map(|x:usize| (x, blackbox(std::iter::repeat(0u8).take(x).collect()).len())).find(|(i,x)| *x != starting_size).unwrap();
+    let (first_increment, next_size) = (0..).map(|x:usize| (x, blackbox(std::iter::repeat(0u8).take(x).collect()).len())).find(|(_,x)| *x != starting_size).unwrap();
     let block_size = next_size - starting_size;
     println!("  Block size is {}", block_size);
     assert!(block_size == 16);
@@ -220,7 +220,7 @@ fn q12()
     let mut known: Vec<u8> = Vec::with_capacity(data_length);
     println!("  Data length: {}", data_length);
 
-    for byte_index in 0..data_length
+    for _ in 0..data_length
     {
         let nulls: Vec<u8> = std::iter::repeat(0u8).take(starting_size - known.len() - 1).collect();
         let target_block = &blackbox(nulls.clone())[0..starting_size];
@@ -239,6 +239,52 @@ fn q12()
     // println!("  {}", String::from_utf8(known).unwrap().replace("\n", "\n  "));
 }
 
+fn q13()
+{
+    println!("Running q13");
+    let key: Vec<u8> = rand::thread_rng().sample_iter(rand::distributions::Standard).take(16).collect();
+
+    let parse = |x: &str| -> std::collections::HashMap<String, String> {
+        let mut out = std::collections::HashMap::new();
+        for pair in x.split(|y| y == '&') {
+            let elements: Vec<&str> = pair.split(|z| z == '=').collect();
+            if elements.len() == 2 {
+                out.insert(elements[0].to_owned(), elements[1].to_owned());
+            }
+        };
+        out
+    };
+
+    let profile_for = |mail: &str| -> String {
+        format!("email={}&uid=10&role=user", mail.replace("&","").replace("=",""))
+    };
+
+    let encrypt = |profile: &str| -> Vec<u8> {
+        let profile: Vec<u8> = profile.bytes().collect();
+        let aes = crypto::Aes::new(&key, true).unwrap();
+        aes.ecb(profile, Mode::Encrypt).unwrap()
+    };
+
+    let is_admin = |profile: Vec<u8>| -> bool {
+        let aes = crypto::Aes::new(&key, true).unwrap();
+        let profile = aes.ecb(profile, Mode::Decrypt).unwrap();
+        let profile = String::from_utf8(profile).unwrap();
+        parse(&profile)["role"] == "admin"
+    };
+
+    let mail1 = "a".repeat(32 - "email=".len() - "@example.com&uid=10&role=".len());
+    let mail1 = mail1 + "@example.com";
+    let part1: &[u8] = &encrypt(&profile_for(&mail1))[0..32];
+    let mail2 = " ".repeat(16 - "email=".len());
+    let mail2 = mail2 + "admin";
+    let padding_char = (16 - "admin".len()) as u8;
+    let mail2 = mail2 + &String::from_utf8(vec![padding_char]).unwrap().repeat(padding_char as usize);
+    let part2: &[u8] = &encrypt(&profile_for(&mail2))[16..32];
+    let whole: Vec<u8> = part1.iter().chain(part2.iter()).cloned().collect();
+
+    assert!(is_admin(whole));
+}
+
 fn main() {
     q01();
     q02();
@@ -252,4 +298,5 @@ fn main() {
     q10();
     q11();
     q12();
+    q13();
 }