Programming Problem
Problem 6 â€” Password attack on an authenticated encryption scheme
Overview. Suppose Bob has designed his own authenticated encryption scheme, using the hash then-encrypt paradigm, with AES-128 in CBC mode for encryption, and SHA1 for the key derivation function and message hash tag. On input the name of a plaintext file and a password p, Bobâ€™s program does the following:
(a) Converts the plaintext file to a byte array B.
(b) Computes a hash tag t on the plaintext by applying SHA1 to the byte array B, then appends t to B to obtain an extended byte array B0 = B||t (here, as always, â€œ||â€ denotes concatenation).
(c) Derives an encryption key by applying SHA1 to the password p and truncating the result to the appropriate length for use in AES-128.
(d) Generates a random 16-byte initial value IV (for use in CBC mode) and writes it to a file F.
(e) Pads the extended byte array B0 using the PKCS7 format if necessary, then encrypts the padded array with AES-128-CBC and appends the resulting ciphertext to the file F.
Out of laziness, Bob is known to use strings of the form YYYYMMDD, which mark certain dates from his life, as his passwords. Bob was born in the year 1984, and always includes the string FOXHOUND in his communications.
Problem. Your task is to create a Python 3 program that takes as input a file produced by Bobâ€™s hash-then-encrypt routine and performs the following tasks:
(a) Determines the password used to derive the encryption key and prints it out.
(b) Decrypts the ciphertext using this key.
(c) Checks the resulting plaintext for the phrase CODE-RED. If present, the program replaces this phrase with the phrase CODE-BLUE and writes the modified plaintext to a new file.
If not present, the plaintext is left unchanged.
(d) In the event that the plaintext was modified as specified in step (c), your program now does the following:
i. Computes a new hash tag on the modified plaintext.
ii. Generate a new 16-byte IV.
iii. Re-encrypt the modified plaintext plus new tag using the same password and exactly the same process as Bobâ€™s hash-then-encrypt program.
iv. Writes the result to a new file. Be aware that modified files may require padding, for which you should use PKCS7 as the padding format. Also recall that AES-128-CBC has a block size of 16 bytes.
Specifications. Design and implement your solution as two Python 3 programs entitled modifyFile and encryptFile. The first program should perform steps (a)-(c) above, and be invoked by the command

python3 modifyFile [ciphertext-filename]

where the input file ciphertext-filename is the file produced by Bobâ€™s hash-then-encrypt routine. The second program should perform step (d) above, and be invoked by the command

python3 encryptFile [plaintext-filename] [tampered-filename] [password]

where the input file plaintext-filename contains the (potentially modified) plaintext produced in steps (b) and (c) above, the output tampered-filename is the file created in step (d) iv. above, and password is the password found in step (a).
Programs that do not comply with these specifications will be penalized or not marked at all.
The cryptography library has its own interface to which you are expected to adhere. You must make use of the hazardous materials layer, not the recipes layer. Make sure to use good coding practices.
You may use whatever development platform you like. The TAs will test your programs using the latest version of python3 installed on the CPSC Linux servers. The testing inputs will be Bobâ€™s encryptions of at least two different plaintext files which may or may not contain the phrase CODE-RED.
You may assume all plaintext files are text files of at most 1 MB in size. All byte encoding is done using UTF-8.

Programming Problem Problem 6 â€” Password attack on an authentic...