, I showed the first two big parts of the crypto lab of the SEED Lab. In this part, I am going to discuss the rest of the tasks in the labs.
3. Encryption Mode – Corrupted Cipher Text
I created a plain text file whose size is 69 bytes. I will encrypt this file using AES-128 and encryption mode, ECB, CBC, CFB, and OFB respectively. After that I will change a single bit of the 30th byte, 1E in hexadecimal value, so that I can get the corrupted encrypted file. Then I will decrypt the corrupted encrypted file using its encryption mode and explain the differences of the results.
Encryption mode – ECB
I encrypted the plain text, called corrupted_text.txt.
- Original encrypted file
- Corrupted encrypted file
In the original encrypted file, the position 30th byte is 1E corresponds to the value F8, I changed the single bit of this value from F to A so the value of 30th byte now is A8 then I saved the file. Consequently, I got a corrupted encrypted file.
- In ECB mode, only one block is affected when any problem in a cipher text happens; furthermore; moreover, each block is decrypted independently. However, the corrupted bit of the 30th byte in cipher text block 8 bytes might spread to all n bits in plaintext block 8 bytes since we do the decryption one block at a time.
- In CBC mode, there was affect in two blocks.
- In CFB mode, there is problem in n / r number of blocks. Therefore, the error propagation criterion is poorer (Modes of Operation of Block Ciphers).
- In OFB mode, the feedback is only in the key-generation system. If the single digit of the 30th byte corrupted, then in plain text that only that byte or character is corrupted.Thus, only OFB mode shows the most promising result and almost all the texts are recovered.
Lab description: For block ciphers, when the size of the plaintex is not the multiple of the block size, padding may be required. In this task, we will study the padding schemes. Please do the following exercises:
- The openssl manual says that openssl uses PKCS5 standard for its padding. Please design an experiment to verify this. In particular, use your experiment to figure out the paddings in the AES encryption when the length of the plaintext is 20 octets and 32 octets.
- Please use ECB, CBC, CFB, and OFB modes to encrypt a file (you can pick any cipher). Please report which modes have paddings and which ones do not. For those that do not need paddings, please explain why.
- Experiment to verify OpenSSL uses PKCS5
Block cipher algorithms like AES and Triple DES in Electronic Code Book (ECB) and Cipher Block Chaining (CBC) mode require their input to be an exact multiple of the block size. If the plaintext to be encrypted is not an exact multiple, you need to pad before encrypting by adding a padding string. When decrypting, the receiving party needs to know how to remove the padding in an unambiguous manner (Block cipher mode of operation, 2015).
Because I used AES-128-CBC, so each block is 16 bytes. The content of the files is 20 bytes, so the first block is 16 bytes, and the second block is 4 bytes. Thus, it needs 12 bytes to fill in 16 bytes.
Another way to verify that openssl use the PKCS5 padding is to decrypt the encrypt file with option –nopad. This option indicates disable standard block padding. Normally during the encryption by default, it will include the padding, so when decrypt the file if I use the nopad option I can see the padding in the decrypted file.
I decrypted two times from the encrypted file with different option, default and –nopad.
- decrypted_cipher_aes_128_20b_pad.txt (option default)
- decrypted_cipher_aes_128_20b_nopad.txt (option nopad)
The size of this file, decrypted_cipher_aes_128_20b_pad.txt, 20bytes the same as plainText20Bytes.txt. The size of this file, decrypted_cipher_aes_128_20b_nopad.txt, 32bytes the same as cipher_aes_128_cbc_20b_pad.bin. Thus, it contains the padding.
Because I used AES-128-CBC, so each block is 16 bytes. The content of the files is 32 bytes, so the first block is 16 bytes, and the second block is 16 bytes. However, it needs padding so it needs 16 bytes more at the end of the encrypted file. The size of the encrypted file is 48 bytes, 16 bytes more than the original file, 32 bytes. In other word, 16 bytes of padding is added to the encrypted file.
Encryption modes and padding
- Padding is needed for ECB and CBC encryption modes because their inputs contain number of blocks, thus padding could ensure that. Block size depends on the algorithm: AES uses 16 byte blocks while Blowfish and 3DES use 8-byte blocks.
- There is no need padding for encryption mode CFB and OFB because they are stream ciphers, in which the size of the block is usually fixed (one character).
5. Programming using the Crypto Library
The goal of this task is to find the right key that was used to encrypt the given plain text, “This is a top secret.”.Given (refers to the lab description above):
- Cipher was used is AES-128-CBC
- Numbers in the IV are all zeros
- Key that used an English word shorter than 16 characters
- Cipher text that resulted from the encryption from the plain text is8d20e5056a8d24d0462ce74e4904c1b513e10d1df4a2ef2ad4540fae1ca0aaf9Main condition:
IF ( ChipherText = Encryption(Plain text, Key) )
Key is match;
KEY is no match;
I have three files:
- findKey.c is a c file that contains c code using the OpenSSL crypto library API EVP
- matchingResult.txt is a text file contains result from matching
- words.txt is a text file contains a English word list; it is given by the lab at http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Crypto/Crypto_Encryption/Here is some parts of the words.txt:
Here is the code in fileKey.c; the images are ordered by the ordered of the code. I also uploaded code files to sakai lab1_crypto folder. There are comments in the codes that help understand well.
In the code above, I read word line by line from the words.txt and do the encryption then using the main condition to test if the key is match. Then I save the results to the file matchResult.txt.
Compile and run the code
In the description of the lab, it states that we need to configure make file as follow:
Here is how I compile my code: