This assignment is worth 125 points. Partial credit will be given for all questions — it is in your best interest to not leave any blank. Some of these questions may require you to conduct research beyond what we learned in class. You are free to leverage any public resources you'd like to complete this assignment, but make sure to cite your sources in your answers. Refer to this course's honor code policy for more information on what is appropriate reuse.

For this assignment, record your responses to the following activities in the README.md file in the homework03 folder of your assignments GitLab repository and push your work (including any code you developed) by 11:59 PM Tuesday, February 19.

Activity 0: Branching

As discussed in class, each homework assignment must be completed in its own git branch; this will allow you to separate the work of each assignment and for you to use the merge request workflow.

First, follow these instructions to setup your git environment.

To create a homework03 branch in your local repository, follow the instructions below:

$ cd path/to/cse-40567-sp19-assignments   # Go to assignments repository

$ git checkout master                     # Make sure we are in master branch

$ git pull --rebase                       # Make sure we are up-to-date with GitLab

$ git checkout -b homework03              # Create homework03 branch and check it out

$ cd homework03                           # Go into homework03 folder

Once these commands have been successfully performed, you are now ready to add, commit, and push any work required for this assignment.

Activity 1: Setting up your environment

In class, we've spent some time looking at the OpenSSL library, including API details and security holes that have emerged. Because of its overwhelming complexity and problems with feature creep, the computer security community has questioned its continuing role as the foundation of much of the Internet's critical infrastructure. Alternatives have appeared, including the Sodium crypto library (libsodium), which is a fork of D.J. Bernstein's NaCl library implementing all of the building blocks needed to create high-level crypto tools without all of the hassle of using OpenSSL. If you ever have to code up a crypto tool on the fly, this library is the one to use. In this assignment, you will gain some experience with the high-level Sodium API for symmetric key and public-key cryptography.

The following programming assignment is best completed under a Linux distribution under your control. Do this in an Ubuntu VirtualBox VM if you don't have access to a machine that you can easily install software on.

Installing the Sodium development library is a straightforward process:

  1. Download the latest stable release of the libsodium library from the official site
  2. Unarchive the tarball into your home directory
  3. Inside the resulting directory, run the following sequence of commands:

    ./configure
    make && make check
    sudo make install

  4. If you were able to run the above commands without any errors, then you have the library installed correctly. One final step is needed to set the library path variable in your shell environment so that the binaries you create will be able to find it. Add the following line to your home directory's .bashrc file: export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib, and then restart your shell.

Activity 2: Coding a symmetric key encryption tool with Sodium (40 points)

Task 2.1: Write a command line program in C that makes use of the Sodium API to encrypt and decrypt files using what the library terms secret-key authenticated encryption. Here are the requirements:


Tip: refer to the Sodium documentation for example API usage. By comparison, using the crypto_secretbox facility is far simpler than any higher level constructs provided by OpenSSL.

Task 2.2: Encrypt this text with the following key and nonce:

Key 2.2: 21384597001141141719014445661908
Nonce 2.2: 331198234167023023401814

Turn in the ciphertext as part of your answer to this question.

Task 2.3: Decrypt this ciphertext with the following key and nonce:

Key 2.3: 10234766511165410782102395688220
Nonce 2.3: 453020181409950870811012

Turn in the plaintext (which, if decrypted correctly, is English language text) as part of your answer to this question.

Activity 3: Choice of symmetric key algorithm (10 points)

Sodium isn't using AES for symmetric key encryption — what algorithm is it using instead? Why would we consider using this algorithm over AES, which has been our standard recommendation in class for securing data? Record your answer to this question in the README.md file.

Activity 4: Coding a public-key encryption tool with Sodium (65 points)

Task 4.1: Start coding a C program that makes use of the Sodium API to generate a secret key / public key pair. Here are the requirements:


Task 4.2: Add functionality to the program that makes use of the Sodium API to encrypt and decrypt files using what the library terms authenticated public-key encryption. Here are the requirements:


Task 4.3: Generate a new keypair using your last name as the basename, then encrypt this assignment's plaintext sample using this public key and your newly generated secret key to sign the message. Use the following nonce as part of this process:

Nonce 4.3: 471188231560250123401817

Turn in your newly generated public key and ciphertxt as part of your answer to this question.

Task 4.4: Encrypt this assignment's plaintext sample once again with the following keys and nonce:

Public Key for encryption; Secret Key for signing
Nonce 4.4: 231001231568229123051840

Turn in the ciphertext as part of your answer to this question.

Task 4.5: Decrypt this ciphertext with the following keys and nonce:

Secret Key for decryption; Public Key for signature authentication
Nonce 4.5: 911720101405550161911045

Turn in the plaintext (which, if decrypted correctly, is English language text) as part of your answer to this question.

Activity 5: Choice of public-key algorithm (10 points)

What algorithm that we've talked about in class is the Sodium API using for key exchange here? Given your experience working with this algorithm in Activity 4, why is this a better choice than RSA? Record your answer to this question in the README.md file.


Feedback

If you have any questions, comments, or concerns regarding the course, please provide your feedback at the end of your README.md.

Submission

Remember to put your name in the README.md file. To submit your assignment, please commit your work to the homework03 folder of your homework03 branch in your assignment's GitLab repository:

$ cd path/to/cse-40567-sp19-assignments   # Go to assignments repository
$ git checkout master                     # Make sure we are in master branch
$ git pull --rebase                       # Make sure we are up-to-date with GitLab
$ git checkout -b homework03              # Create homework03 branch and check it out
$ cd homework03                           # Go to homework03 directory
...
$ $EDITOR README.md                       # Edit appropriate README.md
$ git add README.md                       # Mark changes for commit
$ git commit -m "homework03: complete"    # Record changes
...
$ git push -u origin homework03           # Push branch to GitLab

Procedure for submitting your work: create a merge request by the process that is described here, but make sure to change the target branch from wscheirer/cse-40567-sp19-assignments to your personal fork's master branch so that your code is not visible to other students. Additionally, assign this merge request to our TA (aboyd3) and add wscheirer as an approver (so all class staff can track your submission).