Overview of crypto standards Zdeněk Říha [USEMAP] Hash functions oMD5 (128 bit output) – defined v RFC 1321 oRIPEMD-128/RIPEMD-160 in ISO/IEC 10118-3 oBLAKE2b, BLAKE2s defined in RFC 7693. o o [USEMAP] Symmetric crypto lModes of operation (FIPS 81) lECB (Electronic Code Book) lCBC (Ciper Block Chaining) lCFB (Cipher Feedback Mode) lOFB (Output Feedback Mode) lNewer modes of operation lCTR (Counter Mode) [FIPS SP 800-38A] l CMAC [FIPS SP 800-38B], CCM [FIPS SP 800-38C], GCM [FIPS SP 800-38D], XTS-AES [FIPS SP 800-38E] lOther in FIPS SP 800-38F, FIPS SP 800-38G l See: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation [USEMAP] Padding lISO 9797 method 1 padded with values 0x00 lto remove the padding the length of the original message is needed lISO 9797 method 2 (ISO 7816-4, EMV’96) – first the value 0x80 is added, then bytes of 0x00 are added lPS = ‘80 00‘, if 2 bytes are needed lPS = ‘80 00 00 00 00 00 00 00‘, if 0 bytes are needed (full block added) l• PKCS#5 – the padding string is made from value n-(||M|| mod n) lfor (3)DES n=8, AES n=16 le.g. PS = 02 02 - if 2 bytes are needed le.g. PS = 08 08 08 08 08 08 08 08 – if 0 bytes are needed and n=8 (3DES) l [USEMAP] Symmetric crypto lDES – defined in FIPS PUB 46 (-1 a -2) lkey 56 bits, block 64 bits l3DES – defined in FIPS PUB 46-3 lkey either 112 or 168 bits, block 64 bits lAES – (Rijndael), defined v FIPS PUB 197 l key 128, 192 or 256 bits, block 128 bits l [USEMAP] Asymmetric crypto lCertificates X.509 lITU-T, ISO/IEC, RFC lDER / PEM [USEMAP] PKCS lPKCS#1 – defines RSA encryption lPKCS#3 – defines Diffie-Hellman protocol lPKCS#5 – symmetric encryption based on a password lPKCS#7 – format for digital signatures and asymmetric encryption lPKCS#8 – defines the private key format lPKCS#10 – defines format for certificate requests lPKCS#11 – API for communication with cryptographic tokens lPKCS#12 – format for storing private keys including public key certificates, all protected by a password lPKCS#13 – defines encryption based on elliptic curves lPKCS#15 – defines cryptographic token information format [USEMAP] RSA Padding lE.g. RSA 2048 bits lModulus n is 2048 bits, public exponent e usually small lMessage m is 2048 bits in total, usual hash functions provide hashes much shorter. Therefore we need padding. lBTW No padding needed for DSA and ECDSA [USEMAP] RSA Padding algorithms lANSIX 9.31 l6b bb … bb ba || Hash(M) || 3x cc (where x=3 for sha1, x=1 for ripemd160) lPKCS#1 v1.5 l00 01 ff … ff 00 || HashAlgID || Hash(M) lPSS l00 || H || G(H) Å [salt || 00 … 00] (where H = Hash(salt, M), salt is random, and G is a mask generation function) l l [USEMAP] Assignments l 1.Write a program (in any programming language) that will prepare a padded block for RSA signature with PKCS#1 v1.5 padding. Input is a file and RSA key size; output is the padded octet string (print it in hex). Use SHA-256 as the hash function. Do not use crypto library for the padding itself [5 points]. 2.Write a program that will generate 2048 bit DH parameters in DER format. Use any cryptolibrary and any programming language. Recommendation: Openssl & C & functions DH_new, DH_generate_parameters_ex, i2d_DHparams_bio. [5 points]. l [USEMAP] Assignment 1 lPKCS#1 v1.5 padding lWe open the PKCS#1 v2.2 document :-) lAlso available as RFC 8017 lWe find the relevant section l9.2 EMSA-PKCS1-v1_5 lEMSA-PKCS1-v1_5-ENCODE (M, emLen) lInput: Message + length of padded result (key size) lOutput: EM (the padded results) to be signed [USEMAP] Assignment 1 lAs we can see in step 5 the result is: l l lwhere PS is composed of 0xff bytes to fit the size land T is DER encoded structure containing the hash algorithm and hash itself: [USEMAP] Assignment 1 lThe authors of PKCS#1 are very nice and provide a help for common hash algorithms l l l l lwhere H is the hash (32 bytes for SHA-256) lPrint the EM in hex [USEMAP] Assignment 2 lRead all PKCS#3 standard l8 pages including introduction, history, … lAssignment: lWrite a program that will generate 2048 bit DH parameters in DER format. l [USEMAP] Assignment 2 lProgramming language lUse any cryptolibrary and any programming language. lRecommendation: Openssl & C & functions DH_new, DH_generate_parameters_ex, i2d_DHparams_bio lTry “man dh” lVerify results: l“openssl asn1parse -inform DER -in yourfile.der” l“openssl dhparam -inform DER -in yourfile.der -noout -text” [USEMAP] Good luck l lGood luck and good fun while reading the standards l lEmail: zriha@fi.muni.cz [USEMAP]