Implement HMAC Authentication in CBC Mode for Encryption Package

[campeon23]

Description: In the encryption.go package, there is potential vulnerability when using the CBC mode in the EncryptFile function. The absence of a message authentication method can result in unauthorized alterations of the ciphertext without detection during decryption. To mitigate this risk and ensure the integrity and authenticity of the encrypted data, implement HMAC or a similar message authentication mechanism.

Details:

• Package: encryption.go
• Functions Affected:
• EncryptFile: Enhance the encryption process by appending an HMAC of the ciphertext to the encrypted file.
• DecryptFile: Before decryption, compute an HMAC of the received ciphertext and validate against the HMAC stored in the file. If the HMACs do not match, the decryption should fail, signaling a potential tampering of the encrypted data.

Acceptance Criteria:

• After encryption, an HMAC of the ciphertext should be appended to the encrypted file.
• During decryption, the HMAC of the ciphertext should be verified before proceeding with the decryption.
• If the HMAC verification fails during decryption, an appropriate error should be thrown, indicating potential tampering.
• Unit tests should be added/modified to ensure the new HMAC functionality works as expected and maintains the integrity and authenticity of the encrypted data.

Notes: The implementation of HMAC will not only enhance the security of the encryption mechanism but also align our cryptography practices with industry standards. It's crucial to address this as a top priority due to its critical severity.

Severity: Critical

[campeon23]

Re-writing ticket