Question

Implement in Go language AES encryption mode CBC with providing the packages name for Go language. You can implement AES-ECB Mode (the basic AES) from crypto/aes package and crypto/cipher.Block. You can also get the SHA-256 hash function from crypto/sha256. You can get the secure random numbers generator from crypto/rand package. However, the you will implement both CBC mode and HMAC from scratch. You are NOT allowed to use any libraries or packages to implement these two things for you. You are permitted to use any packages for anything else provided that it is part of the language itself. I will expect that your code is run as follows: encrypt-auth -k <32-byte key in hexadecimal> -i -o Where is either encrypt or decrypt, the input/output files contain raw binary data. You should parse the first 16 bytes of the key as the encryption key Kenc and the second 16 bytes as the MAC key Kmac. To make things clear, I mean concatenation when I say ||, and I mean the length of M in bytes when I say |M|. M is a notation for the plaintext message. Remember, AES has a fixed block size of 16 bytes (128 bits). Obviously, the Kenc is the key for the AES, and Kmac is the key for MAC. The parameters for the encryption and decryption functions are all you need to accept for EACH function. Encryption(Kenc,Kmac,M). Given a 16-byte secret key Kenc, a 16-bytes secret key Kmac, and any length string M (if a variable length is difficult for you assume that the maximum is 50), encrypt M by doing the following (make sure to finish things by order or you will have a hard time finding any bug in your code!): 1- Apply HMAC-SHA256 algorithm on input (Kmac, M) to get a 32-byte MAC tag T. The algorithm can be found in FIPS 198 (https://csrc.nist.gov/csrc/media/publications/fips/198/1/final/documents/fips-198- 1_final.pdf) pages 3-5 are enough OR even from Wikipedia. Make sure that your HMAC is working properly before you move to the next step. Any website will probably work to help you with the validation such as (https://www.freeformatter.com/hmac-generator.html). If you gave the same key + selected sha-256 + selected a message you should obtain the same result as your program. 2- Compute M’ = M||T 3- Compute M’’ = M’||PS where PS is the padding, which you will implement using PKCS#5 algorithm, which is simply as follows: let n = |M’| mod 16. Now a - if n != 0, then PS is a string of 16-n bytes, with each byte is set to (16-n). (This means that if n was 9, the padding would be in hexadecimal (0x 07 07 07 07 07 07 07) b - if n=0 then PS is a string of 16 bytes with every byte is set to 16 (or 0x10 in hexadecimal) 4- Now produce a random 16 bytes Initialization Vector (IV) and encrypt the padded plaintext M’’ with AES-128 in CBC mode with the Kenc: C’ = AES-CBC-ENC(Kenc,IV,M’’) (REMEMBER: you will implement CBC mode yourself but you can use a library to do the AES-ECB encryption for you) 5- The ciphertext would be: C= (IV||C’) Again, make sure that your encryption is working BEFORE going to decryption. Confirm it by checking a website that will do the CBC mode OR simply use a library compare your answer with the library’s result. Decryption(Kenc,Kmac,C). Given a 16-byte key Kenc, a 16-byte key Kmac, and a ciphertext C, you will decrypt as follows: 1- First parse C = (IV||C’) and decrypt using AES-128 in CBC mode to obtain M’’: M’’ = AES-CBC-DEC(Kenc,IV,C’) (REMEMBER: you will implement CBC mode yourself but you can use a library to do the AES-ECB decryption for you) 2- Now it is time to validate the padding as follows: let n be the value of the last byte in M’’. Ensure that each of the final n bytes in M’’ is equal to the value of n. If this check fails, print the following: “INVALID PADDING” and stop. Otherwise, remove the last n bytes from M’’ to get M’. 3- Parse M’ as M||T where T is a 32-byte HMAC-SHA256 tag. 4- Apply the same HMAC-SHA256 algorithm on input (Kmac,M) to get T’. If T != T’ print “INVALID MAC” and stop. Otherwise, output the plaintext message M.

Answer 1

Kenc: C’ = AES-CBC-ENC(Kenc,IV,M’’) (REMEMBER: you will implement CBC mode yourself but you can use a library to do the AES-ECB encryption for you) 5- The ciphertext would be: C= (IV||C’) Again, make sure that your encryption is working BEFORE going to decryption. Confirm it by checking a website that will do the CBC mode OR simply use a library compare your answer with the library’s result. Decryption(Kenc,Kmac,C). Given a 16-byte key Kenc, a 16-byte key Kmac, and a ciphertext C, you will decrypt as follows: 1- First parse C = (IV||C’) and decrypt using AES-128 in CBC mode to obtain M’’: M’’ = AES-CBC-DEC(Kenc,IV,C’) (REMEMBER: you w