Overview of crypto standards Zdeněk Říha Hash functions oMD5 (128 bit output) – defined v RFC 1321 oRIPEMD-128/RIPEMD-160 in ISO/IEC 10118-3 oBLAKE2b, BLAKE2s defined in RFC 7693. o o Symmetric crypto lModes of operation (FIPS 81) lECB (Electronic Code Book) lCBC (Ciper Block Chaining) lCFB (Cipher Feedback Mode) lOFB (Output Feedback Mode) lNewer modes of operation lCTR (Counter Mode) [FIPS SP 800-38A] l CMAC [FIPS SP 800-38B], CCM [FIPS SP 800-38C], GCM [FIPS SP 800-38D], XTS-AES [FIPS SP 800-38E] lOther in FIPS SP 800-38F, FIPS SP 800-38G l See: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation Padding lISO 9797 method 1 padded with values 0x00 lto remove the padding the length of the original message is needed lISO 9797 method 2 (ISO 7816-4, EMV’96) – first the value 0x80 is added, then bytes of 0x00 are added lPS = ‘80 00‘, if 2 bytes are needed lPS = ‘80 00 00 00 00 00 00 00‘, if 0 bytes are needed (full block added) l• PKCS#5 – the padding string is made from value n-(||M|| mod n) lfor (3)DES n=8, AES n=16 le.g. PS = 02 02 - if 2 bytes are needed le.g. PS = 08 08 08 08 08 08 08 08 – if 0 bytes are needed and n=8 (3DES) l Symmetric crypto lDES – defined in FIPS PUB 46 (-1 a -2) lkey 56 bits, block 64 bits l3DES – defined in FIPS PUB 46-3 lkey either 112 or 168 bits, block 64 bits lAES – (Rijndael), defined v FIPS PUB 197 l key 128, 192 or 256 bits, block 128 bits l Asymmetric crypto lCertificates X.509 lITU-T, ISO/IEC, RFC lDER / PEM PKCS lPKCS#1 – defines RSA encryption lPKCS#3 – defines Diffie-Hellman protocol lPKCS#5 – symmetric encryption based on a password lPKCS#7 – format for digital signatures and asymmetric encryption lPKCS#8 – defines the private key format lPKCS#10 – defines format for certificate requests lPKCS#11 – API for communication with cryptographic tokens lPKCS#12 – format for storing private keys including public key certificates, all protected by a password lPKCS#13 – defines encryption based on elliptic curves lPKCS#15 – defines cryptographic token information format RSA Padding lE.g. RSA 2048 bits lModulus n is 2048 bits, public exponent e usually small lMessage m is 2048 bits in total, usual hash functions provide hashes much shorter. Therefore we need padding. lBTW No padding needed for DSA and ECDSA RSA Padding algorithms lANSIX 9.31 l6b bb … bb ba || Hash(M) || 3x cc (where x=3 for sha1, x=1 for ripemd160) lPKCS#1 v1.5 l00 01 ff … ff 00 || HashAlgID || Hash(M) lPSS l00 || H || G(H) Å [salt || 00 … 00] (where H = Hash(salt, M), salt is random, and G is a mask generation function) l l Assignments l 1.Write a program (in any programming language) that will prepare a padded block for RSA signature with PKCS#1 v1.5 padding. Input is a file and RSA key size; output is the padded octet string (print it in hex). Use SHA-256 as the hash function. Do not use crypto library for the padding itself [5 points]. 2.Write a program that will generate 2048 bit DH parameters in DER format. Use any cryptolibrary and any programming language (no shell script). Check whether the optional privateValueLength is included (submit a screenshot). Recommendation: Openssl & C & functions DH_new, DH_generate_parameters_ex, i2d_DHparams_bio. [5 points]. Good luck l lGood luck and good fun while reading the standards l lEmail: zriha@fi.muni.cz