Homework 03: Cryptographic Protocols

This assignment is worth 125 points. Partial credit will be given for all questions — it is in your best interest to not leave any blank. Some of these questions may require you to conduct research beyond what we learned in class. You are free to leverage any public resources you'd like to complete this assignment, but make sure to cite your sources in your answers. Refer to this course's honor code policy for more information on what is appropriate reuse.

For this assignment, record your responses to the following activities in the README.md file in the homework03 folder of your assignments GitLab repository and push your work (including any code you developed) by 11:59 PM Tuesday, February 18.

Activity 0: Branching

As discussed in class, each homework assignment must be completed in its own git branch; this will allow you to separate the work of each assignment and for you to use the merge request workflow.

First, follow these instructions to setup your git environment.

To create a homework03 branch in your local repository, follow the instructions below:

$ cd path/to/cse-40567-sp20-assignments   # Go to assignments repository

$ git checkout master                     # Make sure we are in master branch

$ git pull --rebase                       # Make sure we are up-to-date with GitLab

$ git checkout -b homework03              # Create homework03 branch and check it out

$ cd homework03                           # Go into homework03 folder

Once these commands have been successfully performed, you are now ready to add, commit, and push any work required for this assignment.

Activity 1: Setting up your environment

In class, we've spent some time looking at the OpenSSL library, including API details and security holes that have emerged. Because of its overwhelming complexity and problems with feature creep, the computer security community has questioned its continuing role as the foundation of much of the Internet's critical infrastructure. Alternatives have appeared, including the Sodium crypto library (libsodium), which is a fork of D.J. Bernstein's NaCl library implementing all of the building blocks needed to create high-level crypto tools without all of the hassle of using OpenSSL. If you ever have to code up a crypto tool on the fly, this library is the one to use. In this assignment, you will gain some experience with the high-level Sodium API for symmetric key and public-key cryptography.

The following programming assignment is best completed under a Linux distribution under your control. Do this in an Ubuntu VirtualBox VM if you don't have access to a machine that you can easily install software on.

Installing the Sodium development library is a straightforward process:

Download the latest stable release of the libsodium library from the official site
Unarchive the tarball into your home directory
Inside the resulting directory, run the following sequence of commands:

./configure make && make check sudo make install
If you were able to run the above commands without any errors, then you have the library installed correctly. One final step is needed to set the library path variable in your shell environment so that the binaries you create will be able to find it. Add the following line to your home directory's .bashrc file: export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib, and then restart your shell.

Activity 2: Coding a symmetric key encryption tool with Sodium (40 points)

Task 2.1: Write a command line program in C that makes use of the Sodium API to encrypt and decrypt files using what the library terms secret-key authenticated encryption. Here are the requirements:

Provide the following command line arguments: flag to signal encryption or decryption, key (given as an ASCII string), nonce (given as an ASCII string), an input file, and an output file
Assume a 256 bit key and a 192 bit nonce
When in encryption mode, the input file should be the plaintext, and the output file the place where the ciphertext should be written
When in decryption mode, the input file should be the ciphertext, and the output file the place where the plaintext should be written

Tip: refer to the Sodium documentation for example API usage. By comparison, using the crypto_secretbox facility is far simpler than any higher level constructs provided by OpenSSL.

Task 2.2: Encrypt this text with the following key and nonce:

Key 2.2: 32495517011251141819104545661909
Nonce 2.2: 440087130167113923401814

Turn in the ciphertext as part of your answer to this question.

Task 2.3: Decrypt this ciphertext with the following key and nonce:

Key 2.3: 21045766512165410092112396688224
Nonce 2.3: 623100282501150870827017

Turn in the plaintext (which, if decrypted correctly, is English language text) as part of your answer to this question.

Activity 3: Choice of symmetric key algorithm (10 points)

Sodium isn't using AES for symmetric key encryption — what algorithm is it using instead? Why would we consider using this algorithm over AES, which has been our standard recommendation in class for securing data? Record your answer to this question in the README.md file.

Activity 4: Coding a public-key encryption tool with Sodium (65 points)

Task 4.1: Start coding a C program that makes use of the Sodium API to generate a secret key / public key pair. Here are the requirements:

Provide the following command line arguments: flag to signal key pair generation mode, basename for key pair filenames (e.g., the string "alice" will lead to the creation of the files "alice.secret" and "alice.public"
Assume a 256 bit key size for both the secret and public keys
Make sure that your program saves the keys as two separate binary files

Task 4.2: Add functionality to the program that makes use of the Sodium API to encrypt and decrypt files using what the library terms authenticated public-key encryption. Here are the requirements:

Provide the following command line arguments: flag to signal encryption or decryption, secret key (binary data read from file), public key (binary data read from a file), nonce (given as an ASCII string), an input file, and an output file
Assume a 256 bit key size for both the secret and public keys, and a 192 bit nonce
When in encryption mode, the input file should be the plaintext, and the output file the place where the ciphertext should be written. The program should expect the sender's secret key (to sign the message) and the receiver's public key (the receiver will need their secret key to decrypt the message).
When in decryption mode, the input file should be the ciphertext, and the output file the place where the plaintext should be written. The program should expect the receiver's secret key and the sender's public key (which will validate the sender's signature)

Task 4.3: Generate a new keypair using your last name as the basename, then encrypt this assignment's plaintext sample using this public key and your newly generated secret key to sign the message. Use the following nonce as part of this process:

Nonce 4.3: 560187231561050123301819

Turn in your newly generated public key and ciphertxt as part of your answer to this question.

Task 4.4: Encrypt this assignment's plaintext sample once again with the following keys and nonce:

Public Key for encryption; Secret Key for signing
Nonce 4.4: 431108232568929123451141

Turn in the ciphertext as part of your answer to this question.

Task 4.5: Decrypt this ciphertext with the following keys and nonce:

Secret Key for decryption; Public Key for signature authentication
Nonce 4.5: 219720191405950111911040

Turn in the plaintext (which, if decrypted correctly, is English language text) as part of your answer to this question.

Activity 5: Choice of public-key algorithm (10 points)

What algorithm that we've talked about in class is the Sodium API using for key exchange here? Given your experience working with this algorithm in Activity 4, why is this a better choice than RSA? Record your answer to this question in the README.md file.

Feedback

If you have any questions, comments, or concerns regarding the course, please provide your feedback at the end of your README.md.

Submission

Remember to put your name in the README.md file. To submit your assignment, please commit your work to the homework03 folder of your homework03 branch in your assignment's GitLab repository:

$ cd path/to/cse-40567-sp20-assignments   # Go to assignments repository
$ git checkout master                     # Make sure we are in master branch
$ git pull --rebase                       # Make sure we are up-to-date with GitLab
$ git checkout -b homework03              # Create homework03 branch and check it out
$ cd homework03                           # Go to homework03 directory
...
$ $EDITOR README.md                       # Edit appropriate README.md
$ git add README.md                       # Mark changes for commit
$ git commit -m "homework03: complete"    # Record changes
...
$ git push -u origin homework03           # Push branch to GitLab

Procedure for submitting your work: create a merge request by the process that is described here, but make sure to change the target branch from wscheirer/cse-40567-sp20-assignments to your personal fork's master branch so that your code is not visible to other students. Additionally, assign this merge request to our TA (sabraha2) and add wscheirer as an approver (so all class staff can track your submission).