Due Date: Tu February 7th, 2012, 11:59pm.
This assignment demonstrates the use of the gcrypt library functions to implement a cryptographic protocol. In particular, you are to build symmetric keys for encryption/decryption and message authentication codes to encrypt and authenticate messages that can be decrypted and verified.
Follow these instructions:
Obtain the tarfile from here.
Unpack the tarfile in some appropriate directory on a UNIX system (there are many available at CSE -- see Notes below). You will need to get the gcrypt library (and its dependencies) if the machine does not have it installed already.
You task is to implement three (3) functions: (1) GenerateSymKeys; (2) SealMessageSym; and (3) GetMessageSym. There are comments in the files to guide you to implement the proper functionality.These functions must complete the following tasks:
GenerateSymKeys uses gcrypt library functions to generate two keys: (1) a 256-bit AES key for encryption/decryption and (2) a 128-bit AES key for computing message authentication codes (MACs), a keyed hash. This function takes two inputs: the names of the files to store the encryption/decryption key (symfile) and the MAC key (macfile). You will have to set a number of #define values in cse443-gcrypt.h to create the keys properly (e.g., for key sizes). Please use the provided functions to store the keys in these files.
SealMessageSym uses the gcrypt library functions to: (1) produce a CBC-MAC of the data supplied in the input file (plainfile) using the MAC key (macfile) and (2) encrypt a message consisting of [length of data (int): data: CBC-MAC] using the encryption key (symfile) using counter mode (CTR). In producing the CBC-MAC you will use the initialization vector (IV) file supplied (save to file in your project directory). You need to write the encrypted message to output file (cryptfile). Comments in this function specify the necessary steps.
GetMessageSym uses the gcrypt library functions to decrypt and verify the MAC. In this case, you will decrypt the encrypted file (cryptfile) provided as input to produce a message in the format above. You will use the data retrieved in the message to compute a CBC-MAC and compare that value to the MAC in the message. Only if they match should data be output (written to plainfile). Comments in this function specify the necessary steps.
I aim to test your code for the following requirements.
Generate 256-bit AES encryption key and 128-bit CBC-MAC key.
Encrypt and MAC data files of any size up to 1K bytes. The specified encryption and MAC modes must be used.
Decrypt and verify the authenticity of files. Only successfully verified files should be written as output.
When you have completed the code, test it by encrypting some files and decrypting the contents. I will provide a drop box for submitting this project. The project is due on Tu February 7th at 11:59pm. Please attach a tar file containing all the source, including your additions. You can build this tar file using the command make tar from the source directory.
You are to complete this on your own. Any sharing of code or help during the coding of this project is expressly forbidden. Do not discuss this project with anyone.
A Makefile has been created to help you build the applications. To build, simply type "make" in the target directories.
gcrypt library -- As part of this assignment, you will be required learn and use the GNU cryptography library. Details of this library are presented in the manual.