File Encryption and Key Storage

For this assignment, add a mechanism to encrypt objects when they're
created, and to decrypt objects when they're retrieved.  Again, use
your VM; this is in addition to the setuid features you've already added.

All files must be encrypted with a random file-encrypting key.  Read
enough bytes for the key from /dev/urandom.  This per-file key must be
encrypted with a user-supplied passphrase.  To do this, add an option

	-k passphrase

to the objget and objput commands.  As mentioned in class, putting a
passphrase on the command line is a bad idea; I specify it here to
simplify testing.

Convert the passphrase to a 128-bit key using MD5.  MD5 is available
as part of the openssl library; You'll also need to use '-lssl'
when linking your program.  (There are also reasons why this isn't
a great way to create a key from a passphrase, but they're beyond
the scope of this class.)

Because you're encrypting with a random key, you have to store this
encrypted key somewhere.  It's up to you to pick a suitable place.
VERY IMPORTANT: the setuid program should verify the decryption--you
get to decide how that check is done--before returning anything.
The encrypted file-encrypting key should NOT be available; otherwise,
an attacker could launch an offline password-guessing attack.

Use AES with 128-bit keys and CBC mode.

For documentation on the EVP interface to SSL, see
	
	http://wiki.openssl.org/index.php/Libcrypto_API
	http://wiki.openssl.org/index.php/EVP
	http://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

Remember that AES in CBC mode requires an IV and can only encrypt multiples
of 16 bytes.  Your code must cope with this -- any file length, including
0 bytes, must be supported.

You will likely spend more time understanding how to use the MD5 and
AES routines than writing the actual code.  Plan for that...