Implement in Java AES encryption mode CBC . You can implement AES-ECB Mode (the basic AES) and SHA-256 hash function and the secure random numbers generator . However, the you will implement both CBC mode and HMAC from scratch. You are NOT allowed to use any libraries or packages to implement these two things for you. You are permitted to use any packages for anything else provided that it is part of the language itself.

I will expect that your code is run as follows:

encrypt-auth -k <32-byte key in hexadecimal> -i -o

Where is either encrypt or decrypt, the input/output files contain raw binary data.

You should parse the first 16 bytes of the key as the encryption key K_enc and the second 16 bytes as the MAC key K_mac.

To make things clear, I mean concatenation when I say ||, and I mean the length of M in bytes when I say |M|. M is a notation for the plaintext message. Remember, AES has a fixed block size of 16 bytes (128 bits). Obviously, the K_enc is the key for the AES, and K_mac is the key for MAC. The parameters for the encryption and decryption functions are all you need to accept for EACH function.

Encryption(K_enc,K_mac,M). Given a 16-byte secret key K_enc, a 16-bytes secret key K_mac, and any length string M (if a variable length is difficult for you assume that the maximum is 50), encrypt M by doing the following (make sure to finish things by order or you will have a hard time finding any bug in your code!):

1- Apply HMAC-SHA256 algorithm on input (K_mac, M) to get a 32-byte MAC tag T. The algorithm can be found in FIPS 198 (https://csrc.nist.gov/csrc/media/publications/fips/198/1/final/documents/fips-198- 1_final.pdf) pages 3-5 are enough OR even from Wikipedia. Make sure that your HMAC is working properly before you move to the next step. Any website will probably work to help you with the validation such as (https://www.freeformatter.com/hmac-generator.html). If you gave the same key + selected sha-256 + selected a message you should obtain the same result as your program.

2- Compute M = M||T

3- Compute M = M||PS where PS is the padding, which you will implement using PKCS#5 algorithm, which is simply as follows: let n = |M| mod 16. Now

A - if n != 0, then PS is a string of 16-n bytes, with each byte is set to (16-n). (This means that if n was 9, the padding would be in hexadecimal (0x 07 07 07 07 07 07 07)

B- if n=0 then PS is a string of 16 bytes with every byte is set to 16 (or 0x10 in hexadecimal)

4- Now produce a random 16 bytes Initialization Vector (IV) and encrypt the padded plaintext M with AES-128 in CBC mode with the K_enc:

C = AES-CBC-ENC(K_enc,IV,M) (REMEMBER: you will implement CBC mode yourself but you can use a library to do the AES-ECB encryption for you)

5- The ciphertext would be: C= (IV||C)

Again, make sure that your encryption is working BEFORE going to decryption. Confirm it by checking a website that will do the CBC mode OR simply use a library compare your answer with the librarys result.

Decryption(K_enc,K_mac,C). Given a 16-byte key K_enc, a 16-byte key K_mac, and a ciphertext C, you will decrypt as follows:

1- First parse C = (IV||C) and decrypt using AES-128 in CBC mode to obtain M:

M = AES-CBC-DEC(K_enc,IV,C) (REMEMBER: you will implement CBC mode yourself but you can use a library to do the AES-ECB decryption for you)

2- Now it is time to validate the padding as follows: let n be the value of the last byte in M. Ensure that each of the final n bytes in M is equal to the value of n. If this check fails, print the following: INVALID PADDING and stop. Otherwise, remove the last n bytes from M to get M.

3- Parse M as M||T where T is a 32-byte HMAC-SHA256 tag.

4- Apply the same HMAC-SHA256 algorithm on input (K_mac,M) to get T. If T != T print

INVALID MAC and stop. Otherwise, output the plaintext message M.