Cryptographic Protocol on a PICO

Bob and Sally communicate over an open channel and Bill can listen in. (the messages are sent as plaintext)
Bob and Sally use the following scheme using cryptographic algorithms, one-way functions, keys, and permutations.
Sally sends the following message S1:
“Hi I’m Sally are you Bob”
Sally adds a 16 byte random number A and a ‘hash’ of the message +random number.
Bill records the message.
Bob receives the message S1, computes the ‘hash’ and compares the computed ‘hash’ to the received ‘hash’.
If the ‘hashes’ are equal, Bob sends the reply comprised of
The message B1:
“Yes I am Bob, are you sure you are Sally”,
A 16 byte random number B,
A 16 byte value C computed from A using a cryptographic function, keys and permutations, and
A 16 byte ‘hash’ of the message +random number B +C
Bill records this message.
Sally receives the message B1 computes and compares the ‘hash’ with the sent ‘hash’
If the ‘hashes’ are equal,
Sally computes C from A and compares the results with sent value of C
If the computed value of C equals the sent value of C then Sally has authenticated Bob.
Sally then sends the following:
The message S2:
“Bob transfer big bucks to my account and turn on the LED”,
A 16 byte random number D
A 16 byte value E computed from B using a cryptographic function, keys and permutations, and
A 16 byte ‘hash’ of the message +random number D +E.
Bill records the message.
Bob receives the message S2 computes and compares the ‘hash’ with the sent ‘hash’
If the ‘hashes’ are equal,
Bob computes E from B and compares the results with sent value of E
If the computed value of E equals the sent value of E then Bob has authenticated Sally.
Bob transfers the big buck and turns on the LED
The message exchange continues until one party terminates the session. Each message contains the message, random number, computed value, and ‘hash’.
Time passes:
Bill connects to Bob and replays the messages sent by Sally.
Will Bob transfer the funds and turn on the LED?
Bob will receive message S1 and it will validate and Bob will reply with a modified message B1 with a different random number B and ‘hash’.
Sally doesn’t receive the message. Bill sends recorded message S2.
Bob doesn’t validate the message because the sent E not equal to the computed E.
Could Bill modify the message? Not without knowing the ‘hash’ algorithm and keys.
If Bill can catch Sally’s messages to Bob, can Bill modify Sally’s message before sending it to Bob? Not without knowing the ‘hash’ algorithm and keys.
Do Bob and Sally really authenticate each other or do their computers authenticate each other?
If Bill steals Sally’s computer could he cause Bob to transfer funds and turn on the LED? How could this be prevented?
Implementation on a PICO is in the attached file. Both client and server are present as I don’t have the WIFI shim. It’s a test of the idea.
To add a user ID and password consider the following:
A user ID, and a password.
Define the cryptographic parameters of a password hash and compute the password hash. The client operator enters the password and the password hash is calculated.
The password hash is maintained in the server and index to the user ID.
Derive two encryption keys EKuserID and EKpassword from a shared random number using two sets of cryptographic ‘hash’ keys.
Message.text[1]=encryption(user ID,key1), and
Message.text[2]=encryption(password hash, key2)
Use a 32 element permutation to scramble the bytes between text[1] and text[2].
Use a 128 element permutation to scramble the bits in text[1] and then in text[2].
Send the message to the server.
The server validates the message hash and authentication hash. A value in text[0][0] informs the server to process the password.
Unscramble the bits and then the bytes and decrypt. Use the user ID to look up the password hash in the server’s table and compare the table password hash value to the decrypted password hash from the message.

---

1 Attachment

• cryptomsg2.js

The output of Cryptomsg2.js

>echo(0);
In left pane enter go(); and press return.
=undefined
>go();
Client Random # keys
245,23,232,200,114,36,105,20,254,96,85,2­01,114,36,105,4
69,150,99,34,208,230,34,168,128,106,45,1­99,203,46,28,219
Hash keys
232,65,134,243,114,36,105,20,195,103,245­,243,114,36,105,1
188,177,5,173,141,150,119,10,10,7,153,17­4,225,238,77,145
Hash keys
242,148,162,50,115,36,105,20,180,39,16,5­1,115,36,105,250
217,67,207,60,54,115,75,227,116,255,243,­203,112,230,97,82
Server Random # keys
217,1,45,181,115,36,105,20,79,84,156,181­,115,36,105,203
215,180,29,227,242,69,139,118,47,238,145­,221,141,226,213,38
{
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94]),
  "Auth": new Uint8Array(16),
  "Mhash": new ArrayBuffer([26, 16, 180, 124, 63, 107, 133, 33, 128, 52, 101, 195, 208, 190, 102, 93])
 }
Client msg 1 hash OK
{
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60]),
  "Auth": new ArrayBuffer([3, 170, 20, 135, 37, 121, 216, 99, 141, 128, 79, 223, 167, 46, 246, 123]),
  "Mhash": new ArrayBuffer([99, 179, 42, 101, 76, 3, 51, 218, 226, 53, 95, 70, 171, 105, 83, 175])
 }
Server msg1 hash OK
Server is authentic
{
  "text": [
    new Uint8Array([66, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69]),
  "Auth": new ArrayBuffer([34, 224, 5, 131, 161, 65, 136, 88, 134, 75, 54, 238, 99, 203, 160, 179]),
  "Mhash": new ArrayBuffer([61, 176, 71, 104, 148, 148, 164, 97, 70, 194, 169, 104, 156, 182, 148, 76])
 }
Client msg 2 hash OK
Client is authentic
{
  "text": [
    new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34]),
  "Auth": new ArrayBuffer([3, 170, 20, 135, 37, 121, 216, 99, 141, 128, 79, 223, 167, 46, 246, 123]),
  "Mhash": new ArrayBuffer([74, 248, 250, 163, 194, 76, 103, 238, 169, 3, 248, 117, 159, 233, 64, 220])
 }
Trying to replay
Client msg 1 hash OK
Client msg 2 hash OK
Client not authentic
167,33,148,163,150,43,129,28,79,255,93,1­13,35,215,40,72
34,224,5,131,161,65,136,88,134,75,54,238­,99,203,160,179
New messages
{
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119]),
  "Auth": new Uint8Array(16),
  "Mhash": new ArrayBuffer([79, 10, 74, 218, 32, 96, 55, 0, 116, 245, 80, 95, 54, 76, 54, 114])
 }
Client msg 1 hash OK
{
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248]),
  "Auth": new ArrayBuffer([241, 254, 62, 248, 237, 77, 127, 26, 115, 224, 51, 144, 124, 210, 7, 250]),
  "Mhash": new ArrayBuffer([93, 70, 18, 33, 28, 195, 215, 238, 123, 48, 146, 157, 176, 143, 82, 131])
 }
Server msg1 hash OK
Server is authentic
{
  "text": [
    new Uint8Array([66, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]),
  "Auth": new ArrayBuffer([168, 38, 120, 193, 88, 64, 50, 150, 39, 150, 95, 251, 65, 68, 138, 66]),
  "Mhash": new ArrayBuffer([184, 131, 13, 136, 192, 234, 14, 184, 72, 113, 231, 145, 199, 149, 231, 150])
 }
Client msg 2 hash OK
Client is authentic
{
  "text": [
    new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248]),
  "Auth": new ArrayBuffer([241, 254, 62, 248, 237, 77, 127, 26, 115, 224, 51, 144, 124, 210, 7, 250]),
  "Mhash": new ArrayBuffer([143, 19, 133, 234, 45, 4, 48, 57, 126, 126, 176, 205, 243, 97, 8, 8])
 }
=0

Cryptomsg3.js
In this version a user ID and password have been added
The following is the output of one session. The setup function creates the cryptographic keys used in the client and server objects. Note that client and server have different random number keys and permutations. None of the permutation arrays are shown.

PICO 1v86 
>echo(0);
In left pane enter setup(); and press return.
=undefined
>setup();
Client Random # keys
147,218,39,254,251,124,105,20,249,242,17­6,254,251,124,105,138
124,171,219,12,155,172,248,197,93,220,85­,14,86,211,101,122
Msg Hash keys
183,198,0,48,252,124,105,20,27,113,129,4­8,252,124,105,170
232,149,224,242,228,159,142,123,127,115,­23,205,73,51,112,58
Auth Hash keys
82,25,235,120,252,124,105,20,163,183,112­,121,252,124,105,248
90,33,23,232,223,50,115,84,170,190,44,13­9,113,153,65,249
IDPW Hash keys
179,197,74,194,252,124,105,20,240,89,206­,194,252,124,105,142
23,120,142,240,228,46,156,128,54,32,224,­158,21,49,50,162
IDPWkey Hash keys
254,143,24,11,253,124,105,20,217,234,155­,11,253,124,105,49
255,224,2,245,157,160,44,204,179,206,10,­57,236,82,67,23
Server Random # keys
53,87,29,162,253,124,105,20,95,37,162,16­2,253,124,105,26
78,233,136,63,69,30,248,93,255,66,4,177,­179,192,75,192
To setup a User ID and password
In the left pane enter ID="<user ID>";
In the left pane enter PW="<password>";
In left pane enter setupID(); and press return.
=undefined

The setupID() function performs a hash of the ID and Password and stores it in the server object for later reference.

>ID="sam"
="sam"
>PW="a1234";
="a1234"
>setupID();
IDPW_hash
20,198,57,30,198,43,156,233,212,6,187,24­6,210,28,110,194
In left pane enter connect(); and press return.
=undefined

The setup process is completed at this point.
The connect() function sends a command from the client to the server. The message in the text, a random number Rnum, and a MHash of the text and Rnum blocks.
The server calculated the hash1 of the text and Rnum blocks of the received message and performs a comparison.
The server creates a reply message.

>connect();
{
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107]),
  "Auth": new Uint8Array(16),
  "Mhash": new ArrayBuffer([67, 224, 209, 99, 57, 134, 239, 227, 82, 141, 121, 73, 1, 34, 87, 53])
 }
Client msg 1 hash OK

The server creates a reply.
It generates a new random number Rnum.
It calculates the Auth value by hashing the Rnum in the clients message
It calculates the MHash of the text, Rnum, and Auth blocks.

{
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95]),
  "Auth": new ArrayBuffer([177, 4, 182, 80, 32, 193, 133, 253, 206, 70, 222, 40, 50, 103, 253, 84]),
  "Mhash": new ArrayBuffer([174, 166, 145, 239, 250, 142, 29, 89, 132, 47, 94, 235, 3, 148, 16, 180])
 }

The client validates the Mhash, and the Auth and asked the user for ID and password.

Server msg1 hash OK
Server is authentic
Enter User ID and password
In the left pane enter ID="<user ID>";
In the left pane enter PW="<password>";
In left pane enter login(); and press return.
=undefined
>

The user enters the ID and password and the client sends a message to the server using the login() function.
The message contains the text[0] block with the command, the text[1] block, a Rnum random number block, the Auth block and a Mhash of both text blocks, the Rnum and Auth blocks.
An encryption key is created using a hash of the Rnum in the last server message.
The encryption key is used to encrypt the hash of the ID and password.
Text[1]= the permutation of the encrypted hash of ID and password.
Note: the permutation uses an array of 128 values to swap bits in the block thus increasing the difficulty level for a hacker.

>ID
="sam"
>PW
="a1234"
>login();
{
  "text": [
    new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
    new ArrayBuffer([188, 251, 96, 214, 196, 152, 12, 153, 116, 62, 142, 67, 36, 191, 9, 37])
   ],
  "Rnum": new Uint8Array([231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231]),
  "Auth": new ArrayBuffer([85, 202, 193, 237, 229, 82, 213, 28, 17, 66, 76, 168, 105, 110, 34, 181]),
  "Mhash": new ArrayBuffer([246, 246, 153, 109, 110, 234, 46, 198, 250, 173, 197, 70, 46, 130, 198, 8])
 }
Client msg 2 hash OK
Client is authentic
User ID and password valid

The server validates the Mhash, and the Auth blocks.
The server reverses the permutation and decrypts the text[1] block and uses the previously saved IDPW hash to validate the user ID and password.
The server replies as follows:

{
  "text": [
    new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197]),
  "Auth": new ArrayBuffer([203, 178, 225, 223, 185, 157, 208, 10, 205, 106, 25, 48, 148, 14, 178, 244]),
  "Mhash": new ArrayBuffer([136, 235, 215, 192, 46, 125, 93, 102, 232, 66, 154, 94, 254, 96, 125, 171])
 }

The client validates the Mhash, and the Auth blocks.

Server msg1 hash OK
Server is authentic
In left pane enter replay(); or LEDon(); or LEDoff(); and press return.
=undefined
>

The user enters LEDon() and the client sends a message with text[0][1]=153

>LEDon();
{
  "text": [
    new Uint8Array([67, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245]),
  "Auth": new ArrayBuffer([84, 61, 229, 17, 188, 93, 153, 84, 8, 11, 141, 163, 234, 109, 215, 22]),
  "Mhash": new ArrayBuffer([161, 191, 122, 233, 14, 1, 107, 240, 101, 7, 97, 214, 109, 87, 47, 227])
 }

The server validates the Mhash and Auth blocks and uses the value on text[0][1] to turn the Green LED on the PICO on or off.

Client msg 3 hash OK
Client is authentic
{
  "text": [
    new Uint8Array([67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9]),
  "Auth": new ArrayBuffer([25, 138, 122, 203, 160, 27, 197, 203, 83, 67, 94, 253, 166, 101, 177, 61]),
  "Mhash": new ArrayBuffer([156, 67, 30, 184, 3, 5, 237, 23, 4, 169, 138, 33, 245, 137, 166, 242])
 }
Server msg hash OK
Server is authentic
In left pane enter replay(); or LEDon(); or LEDoff(); and press return.
=undefined

The user enters LEDoff(), and the client sends the following message to the server.

>LEDoff();
{
  "text": [
    new Uint8Array([67, 152, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32]),
  "Auth": new ArrayBuffer([173, 227, 7, 74, 231, 212, 57, 149, 211, 167, 182, 168, 50, 163, 100, 136]),
  "Mhash": new ArrayBuffer([166, 234, 76, 46, 39, 225, 249, 161, 72, 87, 168, 112, 131, 189, 17, 179])
 }
Client msg 3 hash OK
Client is authentic

The server turns the LED off and replies as follows.

{
  "text": [
    new Uint8Array([67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91]),
  "Auth": new ArrayBuffer([69, 156, 77, 140, 124, 163, 20, 171, 113, 5, 219, 192, 52, 186, 236, 247]),
  "Mhash": new ArrayBuffer([58, 187, 167, 69, 103, 61, 35, 28, 56, 158, 186, 83, 30, 230, 152, 10])
 }
Server msg hash OK
Server is authentic
In left pane enter replay(); or LEDon(); or LEDoff(); and press return.

Along the way the client and server messages have been saved by Bill the black hat hacker. So Bill tries sending the client’s messages to the server with the following results.

>replay();
Trying to replay
Client msg 1 hash OK
Client msg 2 hash OK
Client not authentic
((the calculated and message Auth values are shown here))
73,37,138,217,81,69,32,247,92,136,225,15­4,124,8,83,157
85,202,193,237,229,82,213,28,17,66,76,16­8,105,110,34,181
=undefined

Try it and have the client enter the wrong ID or password.
The random number generator uses Date.now, and Math.random() as a seed.
A permutation followed by encryption or decryption is applied to the seed.
A one way matrix operation is applied followed by a second permutation and finally a second encryption or decryption. Again this makes life hard for hackers as compared to a simple counter applied to the AES algorithm.
The hash function does a similar process permutation1, encrypt, one way, permutation2, encrypt. For the first block the one way is initialized. For subsequent blocks the one way uses the results from the previous block.

---

1 Attachment

• cryptomsg3.js

Permutation2.js
A permutation of bits:

0 168 0
1 133 1
2 2 2
3 0 3
4 1 4
5 112 5
6 16 6
7 150 7
8 49 8
9 2 9
10 134 10
11 14 11
12 36 12
13 16 13
14 9 14
15 4 15

A permutation of bytes

0 6 0
1 1 1
2 14 2
3 12 3
4 15 4
5 4 5
6 7 6
7 10 7
8 13 8
9 2 9
10 5 10
11 0 11
12 11 12
13 9 13
14 3 14
15 8 15

Links:
http://www.scientificamerican.com/articl­e/nsa-nist-encryption-scandal/

http://www.infosecurity-magazine.com/mag­azine-features/the-dark-side-of-cryptogr­aphy-kleptography-in/

https://cpunks.org/pipermail/cypherpunks­/2013-September/000984.html

https://www.schneier.com/blog/archives/2­013/10/defending_again_1.html

https://en.wikipedia.org/wiki/Dual_EC_DR­BG

---

1 Attachment

• permutation2.js

Onewayx.js
Apply addition, exclusive or, or multiplication to a matrix by rows, columns, left diagonals and right diagonals and then take the modulus 256 to create a one way function.
0 1 2 3
4 5 6 7
8 9 10 11
12 13 14 15

//onewayx.js
function oneway1(mode,A,B,C,D,E){
  switch(mode){
    case 0:
     return A+B+C+D+E;
    case 1:
     return A^B^C^D^E;
    case 2:
     return A*B*C*D*E;
  }//end switch
}//end oneway1

function modit(A,B){
 for(var i=0;i<16;i++)A[i]=B[i]%256;
}//end modit

function fillit(A,b){
 for(var i=0;i<16;i++)A[i]=b;
}//end fillit

function oneway(mode,A,B){
//rows
 A[0]=oneway1(mode,A[0],B[0],B[1],B[2],B[­3]);
 A[1]=oneway1(mode,A[1],B[4],B[5],B[6],B[­7]);
 A[2]=oneway1(mode,A[2],B[8],B[9],B[10],B­[11]);
 A[3]=oneway1(mode,A[3],B[12],B[13],B[14]­,B[15]);
//columns
 A[4]=oneway1(mode,A[4],B[0],B[4],B[8],B[­12]);
 A[5]=oneway1(mode,A[5],B[1],B[5],B[9],B[­13]);
 A[6]=oneway1(mode,A[6],B[2],B[6],B[10],B­[14]);
 A[7]=oneway1(mode,A[7],B[3],B[7],B[11],B­[15]);
//diagonals\
 A[8]=oneway1(mode,A[8],B[0],B[5],B[10],B­[15]);
 A[9]=oneway1(mode,A[9],B[1],B[6],B[11],B­[12]);
 A[10]=oneway1(mode,A[10],B[2],B[7],B[8],­B[13]);
 A[11]=oneway1(mode,A[11],B[3],B[4],B[9],­B[14]);
//diagonals/
 A[12]=oneway1(mode,A[12],B[3],B[6],B[9],­B[12]);
 A[13]=oneway1(mode,A[13],B[0],B[7],B[10]­,B[13]);
 A[14]=oneway1(mode,A[14],B[1],B[4],B[11]­,B[14]);
 A[15]=oneway1(mode,A[15],B[2],B[5],B[8],­B[15]);
}//end oneway

The output:

The inital data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
use mutltiply
Data after applying oneway function and modit
24 144 104 160 73 144 137 0 32 136 208 184 56 208 8 32
Do it again using xor
The inital data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Data after applying oneway function and modit
5 13 5 29 1 1 1 17 29 5 13 5 5 13 5 29
Do it again using addition
The inital data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Data after applying oneway function and modit
11 27 43 59 29 33 37 41 35 35 35 35 35 35 35 35

Try it with different initial data.

---

1 Attachment

• Onewayx.docx

Cryptomsg4.js
Some changes made to the hash function.
Add a logoff function.
Noticed that the Rnum in the messages were all the same value.
Fixed it.

>setupID();
IDPW_hash
199,118,61,228,125,51,183,83,209,53,107,­248,75,23,162,128
In left pane enter connect(); and press return.
=undefined
>connect();
{
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
    new Uint8Array(16)
   ],
  "Rnum": new Uint8Array([106, 252, 92, 219, 97, 146, 133, 70, 139, 53, 121, 170, 154, 73, 162, 119]),
  "Auth": new Uint8Array(16),
  "Mhash": new ArrayBuffer([207, 109, 3, 165, 191, 27, 97, 58, 131, 189, 253, 144, 214, 189, 226, 240])
 }
Client msg 1 hash OK
{
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
    new Uint8Array(16)
   ],
  "Rnum": new Uint8Array([224, 101, 186, 153, 117, 133, 224, 12, 118, 39, 165, 92, 202, 210, 183, 51]),
  "Auth": new ArrayBuffer([66, 169, 179, 113, 114, 202, 57, 74, 89, 29, 96, 192, 147, 30, 236, 36]),
  "Mhash": new ArrayBuffer([22, 187, 159, 26, 112, 116, 187, 148, 127, 211, 158, 113, 40, 126, 194, 165])
 }
Server msg1 hash OK
Server is authentic
Enter User ID and password
In the left pane enter ID="<user ID>";
In the left pane enter PW="<password>";
In left pane enter login(); and press return.

A Phat phinger mistake in the copy function.

function copy(A,B){for(var i=0;i<16;i++)A[i]=B[1];}

Changed it to:

function copy(A,B){for(var i=0;i<16;i++)A[i]=B[i];}

---

1 Attachment

• cryptomsg4.js

ClassDatenowKey2.js
The random number generator:

//ClassDatenowKey2.js
//a permutation class
function Perm(n){
 this.N=n;
 this.C=new Uint8Array(n);
}

Perm.prototype.swap=function(i,j){
 var a=0;
 a=this.C[i];
 this.C[i]=this.C[j];
 this.C[j]=a;
};//end swap

//Initialize a random permutation
Perm.prototype.createPerm=function(){
  var i,j;
  var k=this.N;
  E.srand(E.hwRand());
  for(j=0;j<this.N;j++)this.C[j]=j;
  for(i=0;i<(this.N-1);i++){
   j=parseInt((Math.random()*256)%k,10);
   this.swap(i,i+j);
   k--;
  }//next i
};//end createPerm

//Use permutation to relocate bits in E to D
//dir determines the indirection direction
Perm.prototype.doPerm=function(dir,D,E){­
 var i,j,k,m;
 for(i=0;i<this.N/8;i++)D[i]=0;
 for(i=0;i<this.N;i++){
  j=this.C[i];
  k=i%8;
  m=j%8;
  var a=1;
  var b=1;
  a=1<<k;
  b=1<<m;
  if(dir){
   if(E[(i-k)/8]&a) D[(j-m)/8]=D[(j-m)/8]|b;
  }else{
   if(E[(j-m)/8]&b) D[(i-k)/8]=D[(i-k)/8]|a;
  }//end else
 }//next i
};//end doPerm

//Use permutation of length N in E to relocate bytes in C to D
Perm.prototype.doPermBytes=function(dir,­E,C){
 var i,j,k,m;
 for(i=0;i<this.N;i++)D[i]=0;
 for(i=0;i<this.N;i++){
  j=this.C[i];
  if(dir){
   D[i]=E[j];
  }else{
   D[j]=E[i];
  }//end else
 }//next i
};//end doPermBytes
///////////////////////////

//a oneway class

function Oneway(){
 this.A=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]­;
}

Oneway.prototype.oneway1=function(mode,A­,B,C,D,E){
  switch(mode){
    case 0:
     return A+B+C+D+E;
    case 1:
     return A^B^C^D^E;
    case 2:
     return A*B*C*D*E;
  }//end switch
};//end oneway1

Oneway.prototype.modit=function(A){
 for(var i=0;i<16;i++)A[i]=this.A[i]%256;
};//end modit

Oneway.prototype.fillit=function(b){
 for(var i=0;i<16;i++)this.A[i]=b;
};//end fillit

Oneway.prototype.oneway=function(mode,B)­{
  var oneway1=this.oneway1;
//rows
 this.A[0]=oneway1(mode,this.A[0],B[0],B[­1],B[2],B[3]);
 this.A[1]=oneway1(mode,this.A[1],B[4],B[­5],B[6],B[7]);
 this.A[2]=oneway1(mode,this.A[2],B[8],B[­9],B[10],B[11]);
 this.A[3]=oneway1(mode,this.A[3],B[12],B­[13],B[14],B[15]);
//columns
 this.A[4]=oneway1(mode,this.A[4],B[0],B[­4],B[8],B[12]);
 this.A[5]=oneway1(mode,this.A[5],B[1],B[­5],B[9],B[13]);
 this.A[6]=oneway1(mode,this.A[6],B[2],B[­6],B[10],B[14]);
 this.A[7]=oneway1(mode,this.A[7],B[3],B[­7],B[11],B[15]);
//diagonals\
 this.A[8]=oneway1(mode,this.A[8],B[0],B[­5],B[10],B[15]);
 this.A[9]=oneway1(mode,this.A[9],B[1],B[­6],B[11],B[12]);
 this.A[10]=oneway1(mode,this.A[10],B[2],­B[7],B[8],B[13]);
 this.A[11]=oneway1(mode,this.A[11],B[3],­B[4],B[9],B[14]);
//diagonals/
 this.A[12]=oneway1(mode,this.A[12],B[3],­B[6],B[9],B[12]);
 this.A[13]=oneway1(mode,this.A[13],B[0],­B[7],B[10],B[13]);
 this.A[14]=oneway1(mode,this.A[14],B[1],­B[4],B[11],B[14]);
 this.A[15]=oneway1(mode,this.A[15],B[2],­B[5],B[8],B[15]);
};//end oneway

// Random object
// aes1 0= encrypt, 1=decrypt
// aes2 0= encrypt, 1=decrypt
// pdir1 permutation direction 0 or 1
// pdir2 permutation direction 0 or 1
// owtype 0= add, 1= xor, 2=multiply
function Random(aes1,aes2,pdir1,pdir2,owtype){
 this.AES1=aes1;
 this.AES2=aes2;
 this.Pdir1=pdir1;
 this.Pdir2=pdir2;
 this.Owtype=owtype;

 this.ow=new Oneway();
 this.plain=new Uint8Array(16);
 this.R=new ArrayBuffer(16);
 this.perm1=new Perm(128);
 this.key1=new Uint8Array(16);
 this.perm2=new Perm(128);
 this.key2=new Uint8Array(16);
}

Random.prototype.random=function(){
  var a;
var tt=Date.now()*1000000;
for(var i=0;i<16;i++){
 if(i===8)tt=Date.now()*1000000;
 this.R[i]=tt%256;
 tt=tt-this.R[i];
 tt=tt/256;
}//nexti
E.srand(E.hwRand());
this.R[0]=(Math.random()*256)%256;
this.R[8]=(Math.random()*256)%256;
this.R[15]=(Math.random()*256)%256;
//  printit(R);
this.perm1.doPerm(this.Pdir1,this.plain,­this.R);
//printit(plain);
if(this.AES1){this.R=AES.encrypt(this.pl­ain,this.key1);
 }else{
 this.R=AES.decrypt(this.plain,this.key1)­;
}
//printit(this.R);

this.ow.fillit(1);
this.ow.oneway(this.Owtype,this.R);
this.ow.modit(this.R);
//printit(this.R);

this.perm2.doPerm(this.Pdir2,this.plain,­this.R);
//printit(plain);
if(this.AES2){this.R=AES.encrypt(this.pl­ain,this.key2);
 }else{
 this.R=AES.decrypt(this.plain,this.key2)­;
}
//printit(this.R);
 return this.R;
};//end random

Random.prototype.setup_random=function()­{
 for(var i=0;i<16;i++){
  E.srand(E.hwRand());
  this.key1[i]=parseInt((Math.random()*256­),10);
  E.srand(E.hwRand());
  this.key2[i]=parseInt((Math.random()*256­),10);
 }//nexti

 this.perm1.createPerm();
 this.perm2.createPerm();

};
///////////////////////////////

function printit(W){
console.log(W[0]+','+W[1]+','+W[2]+','+W­[3]+','+
            W[4]+','+W[5]+','+W[6]+','+W[7]+','+
            W[8]+','+W[9]+','+W[10]+','+W[11]+','+
            W[12]+','+W[13]+','+W[14]+','+W[15]
           );
}//end printit

function copy(A,B){for(var i=0;i<16;i++)A[i]=B[i];}

function compare(A,B){
 for(var i=0;i<16;i++)if(A[i]!=B[i])return 0;
 return 1;
}
///////////////////////////////
// Random object
// aes1 0= encrypt, 1=decrypt
// aes2 0= encrypt, 1=decrypt
// pdir1 permutation direction 0 or 1
// pdir2 permutation direction 0 or 1
// owtype 0= add, 1= xor, 2=multiply
//function Random(aes1,aes2,pdir1,pdir2,owtype){
var R=new Random(1,1,0,0,0);
R.setup_random();
console.log("keys");
 printit(R.key1);
 printit(R.key2);
 console.log("Enter go(); into left screen, press enter");
function go(){
  R.key1=R.random();
  R.key2=R.random();
  R.key1=R.random();
  R.key2=R.random();
console.log("keys");
 printit(R.key1);
 printit(R.key2);
console.log("Randoms");
for(var j=0;j<16;j++){
 printit(R.random());
}
}//end go

The output:

>echo(0);
keys
95,199,130,197,32,174,21,94,190,94,212,0­,219,24,220,209
127,253,226,16,70,146,185,11,202,192,44,­70,83,51,120,177
Enter go(); into left screen, press enter
=undefined
>go();
keys
37,115,239,249,173,235,105,20,202,187,11­9,250,173,235,105,187
194,44,127,205,23,115,36,6,237,95,250,21­0,33,201,23,211
Randoms
142,254,220,240,136,215,19,239,149,77,77­,124,190,204,102,97
172,247,225,194,124,184,176,179,201,85,7­0,33,145,196,50,223
171,173,84,67,240,166,53,84,189,241,190,­160,65,126,46,16
240,110,20,89,34,209,82,26,84,141,66,199­,178,107,45,129
8,76,198,85,81,141,148,70,243,37,27,18,1­01,39,53,75
156,154,240,83,125,40,83,111,48,193,73,9­0,88,52,152,150
132,58,124,16,109,99,134,187,72,139,84,1­09,254,5,163,173
18,166,184,35,1,188,74,73,75,24,107,129,­229,6,203,35
46,71,178,73,32,142,191,110,254,127,233,­195,82,219,214,121
219,68,7,110,28,230,173,64,123,179,128,4­,232,61,157,244
26,86,10,201,79,18,159,126,178,165,128,2­13,0,220,233,219
160,45,66,180,92,106,130,148,224,180,18,­141,20,194,197,167
116,187,81,184,197,46,64,197,107,157,58,­72,70,42,241,205
106,243,200,96,187,42,68,165,111,85,121,­61,150,128,81,63
112,139,103,246,27,71,38,240,100,136,250­,230,24,145,76,69
96,130,236,218,128,193,47,234,34,3,10,30­,130,18,74,154

---

1 Attachment

• classDateNowKey2.js

myhash1.js
Uses permutations, oneway, and random functions.
var MH=new Myhash(1,1,0,0,0). Try varying the numbers. First 4 can be 0 or 1.
5th number can be 0,1,2 and changes the oneway function operator.
// aes1 0= encrypt, 1=decrypt
// aes2 0= encrypt, 1=decrypt
// pdir1 permutation direction 0 or 1
// pdir2 permutation direction 0 or 1
// owtype 0= add, 1= xor, 2=multiply

//myhash1.js
//a permutation class
function Perm(n){
 this.N=n;
 this.C=new Uint8Array(n);
}

Perm.prototype.swap=function(i,j){
 var a=0;
 a=this.C[i];
 this.C[i]=this.C[j];
 this.C[j]=a;
};//end swap

//Initialize a random permutation
Perm.prototype.createPerm=function(){
  var i,j;
  var k=this.N;
  E.srand(E.hwRand());
  for(j=0;j<this.N;j++)this.C[j]=j;
  for(i=0;i<(this.N-1);i++){
   j=parseInt((Math.random()*256)%k,10);
   this.swap(i,i+j);
   k--;
  }//next i
};//end createPerm

//Use permutation to relocate bits in E to D
//dir determines the indirection direction
Perm.prototype.doPerm=function(dir,D,E){­
 var i,j,k,m;
 for(i=0;i<this.N/8;i++)D[i]=0;
 for(i=0;i<this.N;i++){
  j=this.C[i];
  k=i%8;
  m=j%8;
  var a=1;
  var b=1;
  a=1<<k;
  b=1<<m;
  if(dir){
   if(E[(i-k)/8]&a) D[(j-m)/8]=D[(j-m)/8]|b;
  }else{
   if(E[(j-m)/8]&b) D[(i-k)/8]=D[(i-k)/8]|a;
  }//end else
 }//next i
};//end doPerm

//Use permutation of length N in E to relocate bytes in C to D
Perm.prototype.doPermBytes=function(dir,­E,C){
 var i,j,k,m;
 for(i=0;i<this.N;i++)D[i]=0;
 for(i=0;i<this.N;i++){
  j=this.C[i];
  if(dir){
   D[i]=E[j];
  }else{
   D[j]=E[i];
  }//end else
 }//next i
};//end doPermBytes
///////////////////////////

//a oneway class

function Oneway(){
 this.A=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]­;
}

Oneway.prototype.oneway1=function(mode,A­,B,C,D,E){
  switch(mode){
    case 0:
     return A+B+C+D+E;
    case 1:
     return A^B^C^D^E;
    case 2:
     return A*B*C*D*E;
  }//end switch
};//end oneway1

Oneway.prototype.modit=function(A){
 for(var i=0;i<16;i++)A[i]=this.A[i]%256;
};//end modit

Oneway.prototype.fillit=function(b){
 for(var i=0;i<16;i++)this.A[i]=b;
};//end fillit

Oneway.prototype.oneway=function(mode,B)­{
  var oneway1=this.oneway1;
//rows
 this.A[0]=oneway1(mode,this.A[0],B[0],B[­1],B[2],B[3]);
 this.A[1]=oneway1(mode,this.A[1],B[4],B[­5],B[6],B[7]);
 this.A[2]=oneway1(mode,this.A[2],B[8],B[­9],B[10],B[11]);
 this.A[3]=oneway1(mode,this.A[3],B[12],B­[13],B[14],B[15]);
//columns
 this.A[4]=oneway1(mode,this.A[4],B[0],B[­4],B[8],B[12]);
 this.A[5]=oneway1(mode,this.A[5],B[1],B[­5],B[9],B[13]);
 this.A[6]=oneway1(mode,this.A[6],B[2],B[­6],B[10],B[14]);
 this.A[7]=oneway1(mode,this.A[7],B[3],B[­7],B[11],B[15]);
//diagonals\
 this.A[8]=oneway1(mode,this.A[8],B[0],B[­5],B[10],B[15]);
 this.A[9]=oneway1(mode,this.A[9],B[1],B[­6],B[11],B[12]);
 this.A[10]=oneway1(mode,this.A[10],B[2],­B[7],B[8],B[13]);
 this.A[11]=oneway1(mode,this.A[11],B[3],­B[4],B[9],B[14]);
//diagonals/
 this.A[12]=oneway1(mode,this.A[12],B[3],­B[6],B[9],B[12]);
 this.A[13]=oneway1(mode,this.A[13],B[0],­B[7],B[10],B[13]);
 this.A[14]=oneway1(mode,this.A[14],B[1],­B[4],B[11],B[14]);
 this.A[15]=oneway1(mode,this.A[15],B[2],­B[5],B[8],B[15]);
};//end oneway

// Random object
// aes1 0= encrypt, 1=decrypt
// aes2 0= encrypt, 1=decrypt
// pdir1 permutation direction 0 or 1
// pdir2 permutation direction 0 or 1
// owtype 0= add, 1= xor, 2=multiply
function Random(aes1,aes2,pdir1,pdir2,owtype){
 this.AES1=aes1;
 this.AES2=aes2;
 this.Pdir1=pdir1;
 this.Pdir2=pdir2;
 this.Owtype=owtype;

 this.ow=new Oneway();
 this.plain=new Uint8Array(16);
 this.R=new ArrayBuffer(16);
 this.perm1=new Perm(128);
 this.key1=new Uint8Array(16);
 this.perm2=new Perm(128);
 this.key2=new Uint8Array(16);
}

Random.prototype.random=function(){
var tt=Date.now()*1000000;
for(var i=0;i<16;i++){
 if(i===8)tt=Date.now()*1000000;
 this.R[i]=tt%256;
 tt=tt-this.R[i];
 tt=tt/256;
}//nexti
E.srand(E.hwRand());
this.R[0]=(Math.random()*256)%256;
this.R[8]=(Math.random()*256)%256;
this.R[15]=(Math.random()*256)%256;
//  printit(R);
this.perm1.doPerm(this.Pdir1,this.plain,­this.R);
//printit(plain);
if(this.AES1){this.R=AES.encrypt(this.pl­ain,this.key1);
 }else{
 this.R=AES.decrypt(this.plain,this.key1)­;
}
//printit(this.R);

this.ow.fillit(1);
this.ow.oneway(this.Owtype,this.R);
this.ow.modit(this.R);
//printit(this.R);

this.perm2.doPerm(this.Pdir2,this.plain,­this.R);
//printit(plain);
if(this.AES2){this.R=AES.encrypt(this.pl­ain,this.key2);
 }else{
 this.R=AES.decrypt(this.plain,this.key2)­;
}
//printit(this.R);
 return this.R;
};//end random

Random.prototype.setup_random=function()­{
 for(var i=0;i<16;i++){
  E.srand(E.hwRand());
  this.key1[i]=parseInt((Math.random()*256­),10);
  E.srand(E.hwRand());
  this.key2[i]=parseInt((Math.random()*256­),10);
 }//nexti

 this.perm1.createPerm();
 this.perm2.createPerm();

};
///////////////////////////////
//Myhash object
// aes1 0= encrypt, 1=decrypt
// aes2 0= encrypt, 1=decrypt
// pdir1 permutation direction 0 or 1
// pdir2 permutation direction 0 or 1
// owtype 0= add, 1= xor, 2=multiply
function Myhash(aes1,aes2,pdir1,pdir2,owtype){
 this.AES1=aes1;
 this.AES2=aes2;
 this.Pdir1=pdir1;
 this.Pdir2=pdir2;
 this.Owtype=owtype;

 this.ow=new Oneway();
 this.plain=new Uint8Array(16);
 this.plain1=new Uint8Array(16);
 this.R=new ArrayBuffer(16);
 this.perm1=new Perm(128);
 this.key1=new Uint8Array(16);
 this.perm2=new Perm(128);
 this.key2=new Uint8Array(16);
}

Myhash.prototype.myhash=function(R,flag)­{
 var i;
this.perm1.doPerm(this.Pdir1,this.plain,­R);
if(this.AES1){this.R=AES.encrypt(this.pl­ain,this.key1);
 }else{
 this.R=AES.decrypt(this.plain,this.key1)­;
}
  if(flag){
    this.ow.fillit(1);
    for(i=0;i<16;i++)this.plain1[i]=0;
  }
this.ow.oneway(this.Owtype,this.R);
this.ow.modit(this.R);

this.perm2.doPerm(this.Pdir2,this.plain,­this.R);
if(this.AES2){this.R=AES.encrypt(this.pl­ain,this.key2);
 }else{
 this.R=AES.decrypt(this.plain,this.key2)­;
}
 for(i=0;i<16;i++)this.R[i]=this.R[i]^ this.plain1[i];
  copy(this.plain1,this.R);
 return this.R;
};//end random

Myhash.prototype.setup_myhash=function(R­){
  this.key1=R.random();
  this.key2=R.random();
console.log("Hash keys");
 printit(this.key1);
 printit(this.key2);

 this.perm1.createPerm();
 this.perm2.createPerm();

};
///////////////////////////////
function printit(W){
console.log(W[0]+','+W[1]+','+W[2]+','+W­[3]+','+
            W[4]+','+W[5]+','+W[6]+','+W[7]+','+
            W[8]+','+W[9]+','+W[10]+','+W[11]+','+
            W[12]+','+W[13]+','+W[14]+','+W[15]
           );
}//end printit

function copy(A,B){for(var i=0;i<16;i++)A[i]=B[i];}

function compare(A,B){
 for(var i=0;i<16;i++)if(A[i]!=B[i])return 0;
 return 1;
}
///////////////////////////////
// Random object
// aes1 0= encrypt, 1=decrypt
// aes2 0= encrypt, 1=decrypt
// pdir1 permutation direction 0 or 1
// pdir2 permutation direction 0 or 1
// owtype 0= add, 1= xor, 2=multiply
//function Random(aes1,aes2,pdir1,pdir2,owtype){
var R=new Random(1,1,0,0,0);
R.setup_random();
console.log("keys");
 printit(R.key1);
 printit(R.key2);
 console.log("Enter go(); into left screen, press enter");

function go(){
  R.key1=R.random();
  R.key2=R.random();
  R.key1=R.random();
  R.key2=R.random();
console.log("Randomkeys");
 printit(R.key1);
 printit(R.key2);
///////////////////////////////
// Myhash object
// aes1 0= encrypt, 1=decrypt
// aes2 0= encrypt, 1=decrypt
// pdir1 permutation direction 0 or 1
// pdir2 permutation direction 0 or 1
// owtype 0= add, 1= xor, 2=multiply
var MH=new Myhash(1,1,0,0,0);
MH.setup_myhash(R);
console.log("Myhashes");
C=new Uint8Array(16);
D=new Uint8Array(16);
C1=new Uint8Array(16);
D1=new Uint8Array(16);
for(var j=0;j<4;j++){
  C=R.random(); //fisrt block to hash
  C1=R.random();//second block to hash
  D=MH.myhash(C,1);//initializes hash
  D1=MH.myhash(C1,0);//adds to hash
 console.log(j+" plaintext");
 printit(C);
 printit(C1);
 console.log(j+" hash(PT1), hash(PT1&PT2)");
 printit(D);
 printit(D1);
}
}//end go

The output:

>echo(0);
keys
86,241,83,165,231,187,118,151,10,24,224,­247,5,155,169,173
98,173,140,6,192,202,181,73,5,180,107,39­,255,128,101,152
Enter go(); into left screen, press enter
=undefined
>go();
Randomkeys
42,27,58,194,230,236,105,20,255,239,187,­194,230,236,105,131
35,107,93,130,7,198,150,121,118,23,83,14­3,243,104,133,129
Hash keys
3,173,75,244,230,236,105,20,199,51,208,2­44,230,236,105,108
78,11,5,145,114,186,64,56,35,74,240,253,­216,142,195,239
Myhashes
0 plaintext
94,233,45,61,231,236,105,20,129,249,178,­61,231,236,105,254
221,170,249,50,122,205,13,201,183,162,16­1,143,108,90,139,132
0 hash(PT1), hash(PT1&PT2)
71,76,23,135,37,184,17,104,9,201,154,228­,75,139,43,70
210,79,102,138,26,8,203,47,131,217,136,2­8,223,42,118,1
1 plaintext
77,121,156,159,231,236,105,20,127,138,34­,160,231,236,105,29
60,154,90,164,13,40,94,68,30,61,8,23,20,­20,250,142
1 hash(PT1), hash(PT1&PT2)
187,159,41,38,232,148,215,100,160,137,11­0,238,132,225,187,30
131,47,12,173,43,34,244,214,196,202,243,­66,152,44,80,24
2 plaintext
118,53,38,1,232,236,105,20,117,90,163,1,­232,236,105,210
100,3,81,31,17,127,119,23,221,106,166,29­,214,11,65,159
2 hash(PT1), hash(PT1&PT2)
229,120,199,141,209,44,28,26,243,118,209­,239,21,203,233,121
106,110,17,4,66,253,193,144,149,44,178,1­08,5,152,222,13
3 plaintext
100,248,143,98,232,236,105,20,100,178,16­,99,232,236,105,58
234,172,140,20,0,12,253,183,231,119,12,2­18,29,75,127,80
3 hash(PT1), hash(PT1&PT2)
48,226,109,106,2,245,197,206,251,241,239­,74,211,245,123,138
155,135,118,138,242,147,191,120,240,157,­133,162,141,219,83,151

---

1 Attachment

• myhash1.js

Cryptographic Parameters Used in cryptomsg4.js
The objects that use cryptographic parameters:

1. Random
   1.1. AES1 flag 0 or 1
   1.2. AES2 flag 0 or 1
   1.3. Pdir1 0 or 1
   1.4. Pdir2 0 or 1
   1.5. Owtype 0, 1, or 2
   1.6. Perm1 128 bytes
   1.7. Perm2 128 bytes
   1.8. Key1 16 bytes
   1.9. Key2 16 bytes
   293 bytes

2. Myhash
   2.1. AES1 flag 0 or 1
   2.2. AES2 flag 0 or 1
   2.3. Pdir1 0 or 1
   2.4. Pdir2 0 or 1
   2.5. Owtype 0, 1, or 2
   2.6. Perm1 128 bytes
   2.7. Perm2 128 bytes
   2.8. Key1 16 bytes
   2.9. Key2 16 bytes
   293 bytes

3. Client only:
   One Random object 293 bytes

4. Server only:

5. One Random object 293 bytes
   Shared copies on Client and Server:

6. .permIDPW 128 bytes
   4 sets of hash parameters

7. MsgHash 293 bytes

8. AuthHash 293 bytes

9. IDPWHash 293 bytes

10. IDPWkeyHash 293 byes
    1210 bytes
    Total cryptographic bytes in server or client = 1210+292 = 1503 bytes.

Since the client and server have independent Random objects in the cryptomsg5.js, it would be possible to periodically generate new cryptographic parameters. Perhaps this rekey could be implemented with a setInterval() function using a random interval.

Additional cryptographic entropy could be added to the message by the following means:
Currently the text[1] part of the message only carries the encrypted ID+password hash and is cleared to zero for all other messages. If in the zero cases, text[1] contained a random number, and a 32 element permutation of bytes over the text[1] and Rnd blocks the entropy would be increased. A 256 element permutation of bits could also be used, or do the 32 byte permutation followed by 128 bit permutation on each resulting block.
A key exchange password could allow the text[1] to be used to move keys in a covert manner that would appear to be normal operation.
The protocol could require the ID password hash be validated on every logged in command instead of just once.
In the first call to a hash, two parameters are initialized. Cryptographic salt could be used for the initial values.
Note on the direction flags:
The direction flags make use of the bidirectional properties of AES and the permutations.
AES1 flag 0 or 1
AES2 flag 0 or 1
Pdir1 0 or 1
Pdir2 0 or 1
Plaintext can be encrypted to cipher text A and the decrypted back to plaintext, or
Plaintext can be decrypted to cipher text B and then encrypted back to plaintext.
A not equal to B.
A similar process occurs with the permutation function.
It would be possible to use bits in the RND field to modulate the flags dynamically.

The low cryptographic entropy problem:
A commercial device allows remote operation of a lock.
The device is controlled by two messages Lock and Unlock.
The messages differ by one bit in the message and by several bits in the CRC or hashed check code.
A modem using a stream cipher is used to send the Lock and Unlock messages.
The stream cipher makes uses of synchronized random number generators to exclusive or a different random byte with each byte of the message. A=R1 ^ M1, M1=A^R1.
If an attacker can intercept and modify the message, show that he could use:
B= M1^M2, C=B^A to change a Lock to an Unlock or an Unlock to a Lock command.
The stream cipher produces cryptographic confusion but no diffusion. A permutation function can be used to introduce diffusion ( swapping the bits/bytes around in the message) Note that AES in block mode produces both confusion and diffusion but produces the same output for the same input making the message subject to replay without additional steps.

Link from the cryptographic anxiety closet: (Once a can of worms is opened the only process that works is to contain them is a larger can,)
https://securityevaluators.com/knowledge­/case_studies/rfid/

Some changes to the oneway function:
A test program oneway16bit.js was created. (type go(); in the left pane after loading)
It was found that the oneway add and xor modes produce the same results. The xor mode doesn’t require the modit function. The add mode produces a lot of hash collisions. As written with a seed of all 1’s the xor and add modes produce 4 collisions over a field of 1024 values.
This results are shown in oneway16bit1024.xlxs.

The program was modified oneway16bita.js. (type go(); in the left pane after loading)
The function is seeded with the initial data in place of all 1’s.
This change eliminated the collisions in the xor mode.
The results are shown in oneway16bita1024.xlxs.
The changes have been applied in cryptomsg5.js

---

4 Attachments

• oneway16bita1024.xlsx
• cryptomsg5.js
• oneway16bita.js
• oneway16bit1024.xlsx

I'm a bit lost... What is it that you are implementing? Some well-know crypto protocol?

I'm trying to create and implement a cryptographic protocol that makes it difficult to replay, modify or spoof command messages and the reply messages. Both the server and client are together on one Pico for the development phase. At some point I would like to implement to server and client on separate devices with a suitable communication link.

I've run into problems with the one way function and am seriously considering its elimination.
It is not needed or could be replaced with one of the SHA functions.(SHA1, SHA256 etc.)

On the Pico there's also the Crypto library that should do AES encryption - you could use that with the code that you already have for key exchange?

AES is used in the hash function and the password functions. The Pico seems to do the AES without using the library. For the SHA functions the library has to be "required". If this is a problem please let me know.

The key exchange still needs to be implemented. I favor calling it the "Squirt" function after the "technical" term I heard when hanging out in a committee. A Diffie-Helman key exchange or AES? The method really depends on how many clients. One client and one server or many clients (one at a time likely) and one or more servers.

A transport layer needs to be added. TLS would add the information hiding of a stream cipher and if used with a digital certificate it would add authentication. Some reading on TLS says it can be made to authenticate both ends, although it commonly only authenticates the server.
The transport layer could also add permutations to swap bytes and bits around in the message.
It's harder search for a key given known plaintext and cipher text if the bits have been repositioned. (Get out your solar powered calculator and ask it to do 128 factorial and watch the Sun dim.)

As for using the SHA algorithms, one must consider the results of a Google search such as SHA256 decrypt
For example:
https://md5hashing.net/hash/sha256

For the SHA functions the library has to be "required". If this is a problem please let me know.

No, it's no problem at all - to be honest you should kind of need it for most of them.

It's a thought actually - Espruino supports TLS over sockets. You could actually write a JS Socket library (like is done for ESP8266/SIM900) that sends data over your given transport layer (if you were using some custom radio) and then you could use the built-in TLS support.

For better understanding:
Cryptographic Protocol vs Cryptographic Primatives
https://en.wikipedia.org/wiki/Cryptograp­hic_protocol
https://en.wikipedia.org/wiki/Cryptograp­hic_primitive

Primitives used:
Block Cipher: Notation is CIPHkey(M), where CIPH = AES128, using key, on block M
https://en.wikipedia.org/wiki/Advanced_E­ncryption_Standard

CMAC: Notation CMAC(key,M)
https://en.wikipedia.org/wiki/CBC-MAC
https://en.wikipedia.org/wiki/One-key_MA­C
http://csrc.nist.gov/publications/nistpu­bs/800-38B/SP_800-38B.pdf
https://github.com/allan-stewart/node-ae­s-cmac

Permutations: Notation Perm(P,M) for bit level, Permbyte(P,M)
http://courses.cs.vt.edu/~cs1044/fall02/­mcquain/Projects/4/PermuCrypt.pdf
http://www.mathplanet.com/education/alge­bra-2/discrete-mathematics-and-probabili­ty/permutations-and-combinations

Random Number Generator: Notation RNG(key)

The protocol: ( note the “||” indicates concatenation of blocks)
A message is composed of four 16 byte blocks followed by a 16 byte MAC,
The blocks are denoted as:
Text1=RNG(keyrng) but Text1[0] contains crypto command, other bytes can be payload
Text2=RNG(keyrng), or CMAC(keyIdPw,ID || Password), can be payload if not IDPW
RND=RNG(keyrng),
AUTH=CMAC(keyauth,RND in previous message),
and
MAC = CMAC(keymac,Text1 || Text2 || RND || AUTH )
Bit and byte permutations can be applied as well as sending the message using a stream cipher.

I am currently working on porting the allan-stewart/node-aes-cmac onto the Pico in preparation of a rewrite of the protocol implementation.

Run this on a PICO. See previous post to explain a CMAC.
The CMAC is working as a module. AEScmac.js
testAEScmac.js uses the module to run the NIST test values.
There are two tests.
Test one expects one long array as input.
Test two allows 16 byte blocks in different locations to be pointed to as input.
In test two if there is a partial block at the end, remember to pad the block. (see the test code for the 320 bit example. Test one inserts the padding.
The output of testAEScmac.js

AEScmac from one large array
keys
2b,7e,15,16,28,ae,d2,a6,ab,f7,15,88,9,cf­,4f,3c,
fb,ee,d6,18,35,71,33,66,7c,85,e0,8f,72,3­6,a8,de,
f7,dd,ac,30,6a,e2,66,cc,f9,b,c1,1e,e4,6d­,51,3b,
Example 1 null message
bb,1d,69,29,e9,59,37,28,7f,a3,7d,12,9b,7­5,67,46,
Valid
Example 2 , 128 bit message
7,a,16,b4,6b,4d,41,44,f7,9b,dd,9d,d0,4a,­28,7c,
Valid
example 3, 320 bit message
df,a6,67,47,de,9a,e6,30,30,ca,32,61,14,9­7,c8,27,
Valid
example 4, 512 bit message
51,f0,be,bf,7e,3b,9d,92,fc,49,74,17,79,3­6,3c,fe,
Valid
AEScmac from Uint8Arrays
keys
2b,7e,15,16,28,ae,d2,a6,ab,f7,15,88,9,cf­,4f,3c,
fb,ee,d6,18,35,71,33,66,7c,85,e0,8f,72,3­6,a8,de,
f7,dd,ac,30,6a,e2,66,cc,f9,b,c1,1e,e4,6d­,51,3b,
Example 1 null message
bb,1d,69,29,e9,59,37,28,7f,a3,7d,12,9b,7­5,67,46,
Valid
Example 2 , 128 bit message
7,a,16,b4,6b,4d,41,44,f7,9b,dd,9d,d0,4a,­28,7c,
Valid
example 3, 320 bit message
df,a6,67,47,de,9a,e6,30,30,ca,32,61,14,9­7,c8,27,
Valid
example 4, 512 bit message
51,f0,be,bf,7e,3b,9d,92,fc,49,74,17,79,3­6,3c,fe,
Valid

---

2 Attachments

• testAEScmac.js
• AEScmac.js

Message4.js 18 Aug 2016
Testing the RNG and AEScmac cryptographic primitives for use in the cryptographic protocol.
require("RNG")
require("AEScmac")
The AEScmac is used to validate the entire message in Mhash
The AEScmac is applied to the previously sent Rnd and compared to
The Auth block to validate that the sender of the message possesses
The keys and is authentic.
The AEScmac is NIST approved
The RNG (random number generators) are two different instances with different keys on the client and server and do not need to be synchronized
They can be randomized at random intervals.
The output of Message4.js

Auth and Mhash keys
97,79,5c,b2,76,68,8,ea,88,a9,11,b3,ca,a7­,d8,d,
3a,8b,60,3c,70,61,9c,7,99,3e,c,c3,65,dd,­b1,ff,
Client builds and sends inital message
Message=
41,31,fd,1e,8f,21,41,d6,f2,33,90,16,be,c­5,b0,75,
94,84,49,64,37,1b,74,7,b7,81,62,95,6c,3b­,98,da,
6,6,a7,8c,7e,ff,21,29,d8,4a,e3,60,e4,a6,­d,21,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
ab,c3,87,86,83,e8,c6,47,e4,41,fa,62,43,7­0,56,a,
Server checks the message
checking Mhash
Valid
Server builds and sends reply message
Message=
41,86,93,5b,ee,5f,f1,c9,b4,59,5e,42,f3,7­2,cf,c2,
da,f9,db,87,d0,b,47,6b,e4,59,c8,26,59,9c­,5e,2f,
b0,9b,f7,e0,70,16,ed,bd,fe,5c,18,de,a5,2­5,eb,e3,
8,a9,a5,1d,59,55,37,c3,45,bc,65,37,fe,12­,34,50,
2f,a6,4e,35,94,3f,77,fc,89,45,68,ec,fe,1­5,b6,62,
Client checks the message
checking Mhash
Valid
checking Auth
Valid
Client builds and sends reply message
Message=
42,9,63,23,50,5f,4b,0,d1,bd,c0,32,cc,e1,­2a,e9,
21,cd,fd,f,f8,4,cc,57,c0,b3,50,c1,fc,1b,­1a,7,
dc,98,81,85,9d,5e,e5,b1,d,e,21,ea,bd,2c,­53,17,
c3,9b,80,a8,bb,f1,22,27,9c,e4,71,3a,6,21­,62,d8,
59,f8,7,1f,ba,d7,3a,6b,7b,b8,13,10,5c,e7­,53,a7,
Server checks the message
checking Mhash
Valid
checking Auth
Valid
Server builds and sends reply message
Message=
42,68,9a,41,25,a1,f7,76,30,ce,a,88,82,bc­,e5,75,
50,8f,4e,1e,2f,97,64,c8,68,2d,9,68,77,98­,ff,de,
6c,c,3c,6,46,d6,8d,76,64,47,ac,a8,76,eb,­ce,3c,
b9,39,9,51,80,da,7c,95,c2,4e,6e,d9,71,7,­97,82,
66,72,34,4a,2a,54,61,39,a,a3,3e,cd,c,90,­75,4e,

---

3 Attachments

• message4.js
• AEScmac.js
• RNG.js

Message6.js
19 Aug 2016
Added encryption and permutation options to the message transport.
Set the flags at the top of this program to enable these features.
Additional module require("permutation")

The function that creates the permutation array has been modified.
Let N=16, then there are 15*13*11*9*7*5*3 = 2,027,025 combinations
If N=80, then there are 79*77*75*…*3 = 7.9777941814E+58 combinations

Sample output with the flags set as follows:
// flags used in the Msg transport function
var EncryptionFlag=false;
var PermutationFlag=false;

In left pane enter test1();
=undefined
>test1();
Auth,Mhash, and Transport keys
f9,77,1,73,1d,86,4d,40,82,1e,29,89,0,f8,­5,2c,
56,d3,9,f8,63,58,d5,35,80,63,0,6f,91,e3,­56,ff,
ad,7d,48,da,84,3d,d,31,5,e9,52,9d,1e,4,9­3,bb,
Client builds and sends inital message
Message=
41,40,7d,c2,d1,9b,2,a6,43,c1,24,3,6d,29,­d0,6a,
e2,f5,5a,9a,b0,f7,4f,fe,9f,73,17,f7,46,2­2,d4,53,
88,cc,f4,32,59,a1,13,4c,c3,61,eb,95,11,7­c,a3,ac,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
6,d0,7,b0,2e,c7,3a,95,ec,39,14,76,2c,32,­51,9d,
Server checks the message

Sample output with the flags set as follows:
// flags used in the Msg transport function
var EncryptionFlag=true;
var PermutationFlag=false;

In left pane enter test1();
=undefined
>test1();
Auth,Mhash, and Transport keys
f,96,3d,11,4,a2,3b,f8,9a,3c,4a,13,95,62,­bc,49,
7c,ec,7e,a,a7,a6,e1,39,d,44,dc,8b,89,c6,­38,36,
43,97,71,b7,48,f4,a9,d0,3b,57,1c,18,33,2­a,22,85,
Client builds and sends inital message
Sending Encrpyted Message=
ae,a9,64,60,ee,39,bb,4a,54,81,fc,dd,a6,1­,28,34,
ca,3b,e3,a3,2,d8,d2,69,6c,94,da,c8,6f,31­,5a,a5,
4,4a,5e,97,83,a2,5c,e6,f1,dc,69,a9,29,c3­,18,b,
49,5d,99,ab,36,22,32,34,45,d5,f4,1,65,9b­,61,ad,
38,59,c2,a5,27,30,6,30,df,f0,1f,35,41,b7­,17,83,
decrypt
Message=
41,df,1d,24,2d,c7,5f,57,64,56,48,d9,cf,6­,49,d8,
b4,a8,9f,48,c3,73,7d,a5,27,58,8,a8,17,95­,e4,2f,
c8,56,14,5a,bc,d9,35,69,6d,91,9a,85,e8,5­9,f8,d0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
48,71,67,d0,3d,7a,89,10,88,7a,4c,ac,f2,b­a,85,c8,
Server checks the message

Sample output with the flags set as follows:
// flags used in the Msg transport function
var EncryptionFlag=false;
var PermutationFlag=true;
The permutation rearranges the byte order in the message.
Can you find the 0x41?

In left pane enter test1();
=undefined
>test1();
Auth,Mhash, and Transport keys
e1,b4,52,64,3c,68,ab,fc,c7,94,66,90,b6,a­d,b7,a5,
29,b3,82,22,c3,d5,5e,36,97,a6,39,e3,46,7­7,4a,f1,
bd,6e,76,7,f,d6,37,24,8f,10,40,c2,5f,6,4­9,e7,
Client builds and sends inital message
Sending Permutated Message=
6d,0,ef,98,0,a8,66,ea,ed,41,a8,51,fc,9,5­b,8f,
0,22,a6,0,1e,d5,e,ae,94,0,0,0,0,0,88,0,
61,8,ce,0,1b,66,c5,58,7a,d4,cb,3,5b,66,4­a,0,
68,b4,f5,98,9e,0,54,51,10,b4,0,58,c1,30,­50,34,
f8,3e,0,66,71,cf,f2,d4,74,91,36,c5,81,0,­3d,0,
Message=
41,c1,d4,cf,b4,81,9,ea,94,6d,c5,f2,3d,66­,3e,0,
54,a6,22,98,91,3,71,61,ed,58,f5,30,68,34­,ce,10,
ae,58,88,8f,1b,66,f8,8,cb,ef,7a,d5,d4,4a­,66,9e,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
c5,5b,51,74,e,98,51,5b,66,1e,36,a8,a8,50­,fc,b4,
Server checks the message

Sample output with the flags set as follows:
// flags used in the Msg transport function
var EncryptionFlag=true;
var PermutationFlag=true;

In left pane enter test1();
=undefined
>test1();
Auth,Mhash, and Transport keys
6,ce,ee,5b,9e,2b,7c,1c,6,cd,a2,b4,71,be,­e,68,
fe,67,2a,fc,85,17,2f,66,7c,4b,42,a1,e7,d­e,d9,46,
19,4d,1,69,61,72,64,e0,17,3b,fb,4c,2e,9e­,96,f4,
Client builds and sends inital message
Sending Permutated Message=
23,7a,a2,ba,15,8b,9,a2,ce,7d,6a,32,83,bb­,20,48,
fb,ef,65,8d,79,cf,97,53,2e,30,69,98,c1,8­a,62,89,
fe,8a,f9,b5,6,d8,6f,cd,e4,82,17,e0,51,28­,5f,72,
d6,db,61,5e,cb,5,7a,4,7f,bd,9b,e4,24,1a,­7e,d5,
6e,52,ad,a8,34,b7,6b,27,c7,be,e8,96,8b,3­4,94,1c,
Sending Encrpyted Message=
8d,b5,e4,fe,32,8a,1c,ce,a2,6,6a,15,fb,5,­d5,ad,
83,51,6f,23,82,2e,e0,5e,cf,7e,c7,8a,1a,8­b,62,f9,
ba,98,89,7a,7d,9b,65,6b,a2,79,34,97,ef,5­2,be,7f,
61,b7,d6,53,4,bb,bd,cb,72,7a,d8,34,a8,c1­,30,20,
27,28,48,24,17,db,cd,6e,69,5f,94,8b,96,e­4,e8,9,
decrypt
Message=
41,10,bf,23,b,4c,7,f8,a5,d9,9f,d5,f4,d7,­23,6a,
ec,59,7c,62,5e,3f,a,1f,94,c1,af,ed,d5,a5­,38,4,
59,48,4d,c6,70,c7,90,7d,b,a8,7a,f1,53,48­,99,4b,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
b8,85,cc,6,a4,2b,db,b,26,58,de,8a,8e,5,d­c,ea,
Server checks the message

---

4 Attachments

• message6.js
• permutation.js
• AEScmac.js
• RNG.js

KryptoMessage1.js
20 Aug 2016
The left pane of the WebIDE is used as the client input.
Run the program and type help(); to list the commands.
Added encryption and permutation options to the message transport
Set the flags at the top of this program to enable these features.
This cryptographic protocol uses the permutation. RNG, AES, and AEScmac cryptographic primitives.
require("RNG") ("AEScmac") ("permutation")
The AEScmac is used to validate the entire message in MsgCmac.
The AEScmac is applied to the previously sent random number (Rnd.) and compared to
the Auth block to validate that the sender of the message possesses the keys and is authentic.
The server contains a list of user IDs, an AEScmac( ID,password), and a lexical level.
The client has to enter a user ID and password. The AESmac is calculated and AES encrypted using a key derived from an AES encryption of the random number in the last server message. A lexical level of zero allows access to the LED on and LED off commands. A lexical level of one is to be used to allow transfer of cryptographic keys
AES and AEScmac algorithms are NIST approved.
This implementation of AES and AEScmac are not NIST certified
The RNG (random number generators) are two different instances with different keys on the client and server and do not need to be synchronized and they can be randomized at random intervals.
// flags used in the Msg transport function
//var EncryptionFlag=true;
//var PermutationFlag=true;
var EncryptionFlag=false;
var PermutationFlag=false;
// ReplayFlag controls the recording of msgs for replay
var ReplayFlag=true;
//var ReplayFlag=false;

---

4 Attachments

• kryptomessage1.js
• AEScmac.js
• permutation.js
• RNG.js

Keygenerator1.js creates keys for the Kryptomessage protocol and writes them to EEROM in the Pico.
The screen output at the end is copied into the
Squirt1.js program.
Copy and paste the buff[] and IDPWlist[] arrays into the Squirt program
Loading and running Squirt1 can then write the same keys into other Pico devices.
KeyFromRom1.js is used to read the keys from the EEROM and will be incorporated into the Kryptomessage.js at a later time.

---

3 Attachments

• Keygenerator1.docx
• KeyFromROM1.js
• squirt1.js

KryptoMessage3.js 25 Aug 2016
For use on Espruino Pico device
Requires: RNG.js, AEScmac.js, permutation.js (see posts above for files)
FlashEEPROM.js from Espruino web site.
Uses serial port 1 (can be changed in configuration at top) in a hardware loopback.
Connect pins B6 and B7 together.
Reads analog input on Pin B1.
There are a number of flag variables at the top of the program:
Flag to suppress server text to console:
var showserver=0;
//var showserver=1;
Where to get the cryptographic keys:
//var KeysFromRom=0; //Generate keys as before this point
var KeysFromRom=1;//read keys from ROM see previous post for the key generator and squirt programs to insert the keys into the EEROM
Serial port parameters:
//var useserialflag=0;
var useserialflag=1;
var baudrate=115200;
var Port=Serial1;
Flags used in the Msg transport function:
//var EncryptionFlag=false;
var EncryptionFlag=true;
//var PermutationFlag=false;
var PermutationFlag=true;
ReplayFlag controls the recording of msgs for replay:
var ReplayFlag=true;
//var ReplayFlag=false;
This version redirects the console in order to create a menu on the USB port to that the program can be operated from a terminal program or from the left pane of the WebIDE.
BE SURE TO TYPE 0 TO MAKE THE RUNNING PROGRAM RESTORE THE CONSOLE TO THE USB PORT! This will avoid having to reset the PICO by cycling the power.
The Menu:

Select using digit and return key
1 Connect    6 Cshow
2 Logoff     7 LEDon
3 Creplay    8 LEDoff
4 Creset     9 Read ADC
5 Sshow      0 Exit

Connect starts the client to server connection.
It asks for the User ID and Password Id= Sam, PW= 1234
(unless you change these in the key generator program)
Logoff tells the server that connect will be needed for access.
Creplay is used after a session to replay client messages for testing
Creset resets the replay buffers
Sshow prints the recorded server messages
Cshow prints the recorded client messages
LEDon, LEDoff operate the LED on the PICO.
Read Adc reads a 0 to 4096 (12 bits) value from pin B1.
And finally Exit restores the console to the USB port.
/*
Todo add0x32 message if wrong Id and password
Todo rework PICO commands into a User client and server functions
Todo add code for lexlevel 1 to generate keys on the client and send them to the server
Todo split into server and client versions on two different PICOs
Todo connect server and client PICOs using serial port
*/

/*
Done see if serial1 and serial2 on PICO can be used to connect
the server and client portions of this program
Solution use serial1 in loopback with flag
Done write a program that generates keys and writes the to ROM
Done read the keys from the ROM
Done add 0x30 and 0x31 code for server bad msg, client not authentic
Done add blend function to msg send and recieve functions
Done add code to do menu on USB allows terminal program to operate

Select using digit and return key
1 Connect    6 Cshow
2 Logoff     7 LEDon
3 Creplay    8 LEDoff
4 Creset     9 Read ADC
5 Sshow      0 Exit
<- USB
>1
do connect
 Client builds and sends inital message
Permutated Encrypted Message=
60,d4,88,53,63,4e,c1,43,d,94,61,c,e6,37,­14,e8,
a3,68,bd,c0,cd,c0,2a,e8,a4,3a,7e,aa,dd,8­2,91,4f,
1d,66,74,41,b7,90,45,97,7,51,13,8e,ab,7f­,2c,c,
45,2,e3,4f,e3,8e,c3,aa,ec,a6,e1,f9,ab,c7­,4f,93,
3b,a6,a7,61,14,3b,25,90,9b,32,4f,d4,54,7­0,f,d8,
Enter User ID
process server
decrypt
Server replies to connect message
Permutated Encrypted Message=
8b,cf,f9,2b,85,10,79,ca,9d,3d,c9,80,19,c­4,ed,5b,
2,bf,c0,5,74,fb,9e,2f,88,5f,c5,11,ba,8d,­31,51,
9,e9,78,90,24,e0,35,8c,e6,a7,eb,de,69,b8­,57,9a,
19,f1,f1,9f,ee,f9,6e,48,e1,d9,3a,8c,1a,7­e,bc,68,
33,7b,3a,e2,39,b4,a3,61,ca,98,fd,aa,ec,d­8,6f,a5,
server transmits
process client 80
decrypt
 Client checks the server message
Client check of server msg OK
Client checks if the server is authentic
Server is Authentic
Enter User ID
Sam
Enter Password
1234
Login using Sam and 1234
Client login message
Permutated Encrypted Message=
1f,f0,25,77,2,b5,d0,13,cf,63,8e,b9,ef,fe­,95,e8,
73,ae,f9,88,a3,d4,0,56,32,d5,f9,c0,4c,6,­5b,d9,
7c,e4,c,ef,64,ee,2c,a3,cf,dc,c3,86,d3,f,­2f,3f,
57,c4,98,31,b6,ad,47,81,3a,21,ae,3f,90,2­2,57,69,
7c,d0,da,0,54,88,34,7c,f0,5f,ef,a0,c5,a7­,e,ab,
process server
decrypt
Permutated Encrypted Message=
63,28,3e,c4,c5,3,b5,f0,7d,66,81,c8,74,99­,5e,4f,
6,a3,46,29,49,a5,e,bf,79,b7,64,4f,98,4c,­c4,34,
75,46,7c,7c,5e,a0,1f,af,32,9d,e6,13,2b,6­6,b9,18,
54,32,83,19,63,ff,3e,f1,de,ab,77,ab,f,f2­,65,fb,
d8,f0,49,e9,80,16,ee,e7,b,bd,fd,63,4d,48­,49,e7,
server transmits
process client 80
decrypt
 Client checks the server message
Client check of server msg OK
Client checks if the server is authentic
Server is Authentic
Client sees msg 0x42
 
Select using digit and return key
1 Connect    6 Cshow
2 Logoff     7 LEDon
3 Creplay    8 LEDoff
4 Creset     9 Read ADC
5 Sshow      0 Exit

---

1 Attachment

• KryptoMessage3.docx

ServerKM1.js and ClientKM1.js 29 Aug. 2016
KryptoMessage3.js has been divided into the server and client programs that run on two different PICOs.
I used the Squirt.js to install the cryptographic keys on both PICOs.
To use connect the serial1 ports on each PICO to the other PICO.
P1 B6 to P2 B7, and P1 B7 to P2 B6. Connect the PICO grounds if they are to run on separate computers. I ran both from one computer.
Using WebIDE load and run one PICO with ServerKM1.js. If on one computer disconnect from the server PICO and connect to the remaining client PICO. Load and run Client KM1.js

>echo(0);
=undefined
>Auth key
48,5b,9,c,e2,9d,61,91,a2,b0,d2,87,ee,4e,­cb,e4,
MsgCmac key
83,52,a2,d3,a4,fd,7d,a3,91,8f,91,81,76,c­,f3,83,
PWIDcmac key
f,7a,fc,89,2,57,45,33,7f,bd,37,5c,c4,a7,­f7,d2,
PWIDCkeykey key
86,69,df,9f,25,21,bb,a1,5f,1f,28,1d,92,2­9,96,85,
Transport Encryption key
a1,62,33,fb,c3,36,86,9d,ef,9f,58,7f,a,1b­,be,96,
Permutation
9,69,44,5,17,3,37,46,72,0,74,21,70,19,40­,26,27,4,79,13,
58,11,68,59,51,56,15,16,60,32,49,73,29,6­1,42,77,66,6,67,52,
14,48,34,63,2,78,7,62,41,30,50,24,39,64,­76,65,25,57,20,23,
28,33,47,43,53,55,36,38,22,1,12,71,8,31,­10,75,54,35,45,18,
ID= Sam PW= 1234
-> LoopbackB
 
Select using digit and return key
1 Connect    6 Cshow
2 Logoff     7 LEDon
3 Creplay    8 LEDoff
4 Creset     9 Read ADC
5 n/a        0 Exit
<- USB

Notice item 5 of the menu has been removed as there is no access to the sever code on the client.

---

3 Attachments

• squirt1.js
• ServerKM1.js
• ClientKM1.js

ServerKM3init.js and ClientKM3.js 4 Sep. 2016
These files incorporate the Kryptomessage protocol into two different PICOs each connected to an ESP8266 using the PICO shim.
The Squirt utility was used to write the cryptographic keys into the EPROM on each PICO. See previous posts for modules and squirt.js
To run these programs you will need to “Squirt” the keys into the PICOs.
Edit ServerKM3init.js with your router information:
var SSID="router SSID";
var key= "router key";
Load Server KM3init.js into the first PICO and enter “save();” into the left screen.
It should save the program so that at power up the program will run. It usually goes on to connect to the router. Note the server IP address. With a browser you can pull the server up by using http://192.168.1.4:8080/ where 192.168.1.4 is the IP address. Your server IP address may be different
With the second client PICO pull up ClientKM3.js and edit the following with your local information.
ServerIP="192.168.1.4";
//setup WiFi access parameters
var RouterSSID="router SSID";
var Routerkey= "routerkey";
Load and run ClientKM3.js.
At this point, I disconnect from the client PICO and reconnect with the Server PICO using WebIDE. I use Putty (or another terminal program, to connect to the Client PICO at 155,200 baud.

The Client Screen using Putty

8
do LEDoff
Client user message
Permutated Encrypted Message=
e6,f8,af,13,54,7e,b7,e9,3b,c0,7e,95,2b,6­b,14,4c,
15,24,41,37,ae,36,76,18,d2,bc,31,ae,3d,6­2,74,9a,
ed,e1,3d,f,7d,1,10,c6,ea,66,b,de,bc,27,7­2,6c,
e1,cf,2a,b4,2f,1a,b7,e,4a,ef,a6,43,30,cf­,9,d0,
57,3b,9a,c7,e9,3a,e6,10,2a,83,ef,9b,a5,6­a,d8,db,
80
192.168.1.4
send
Closed: 80
process client
decrypt
 Client checks the server message
Client check of server msg OK
Client checks if the server is authentic
Server is Authentic
Client sees msg 0x43

Select using digit and return key
1 Connect    6 Cshow
2 Logoff     7 LEDon
3 Creplay    8 LEDoff
4 Creset     9 Read ADC
5 n/a        0 Exit                                                            { "free": 2311, "usage": 2789, "total": 5100, "history": 2021,
  "stackEndAddress": 536959420, "flash_start": 134217728, "flash_binary_end": 376280, "flash_code_start": 134234112, "flash_length": 393216 }
>

The Server Screen:

decrypt
 Server checks the client message
Server check of client msg OK
Server checks if the client authentic
Server check of client authenticity OK
Permutated Encrypted Message=
5a,7f,c2,cd,3d,c3,1d,c6,c3,a3,b6,f9,6e,c­d,2f,b1,
52,b0,27,b5,ae,8b,5c,29,48,9f,70,a,3d,51­,7,3a,
4f,a1,f2,17,7,d1,cf,f5,d5,b6,76,ad,b4,46­,d3,db,
7f,d0,b2,c7,8a,48,e7,4f,f9,1d,b2,41,46,b­8,23,44,
8e,29,13,33,fd,5b,9b,21,9d,73,3,30,d9,54­,e4,e8,
server transmits
Close= false
Post
Post length=  80
doing command
process server
undefined
e6,f8,af,13,54,7e,b7,e9,3b,c0,7e,95,2b,6­b,14,4c,
15,24,41,37,ae,36,76,18,d2,bc,31,ae,3d,6­2,74,9a,
ed,e1,3d,f,7d,1,10,c6,ea,66,b,de,bc,27,7­2,6c,
e1,cf,2a,b4,2f,1a,b7,e,4a,ef,a6,43,30,cf­,9,d0,
57,3b,9a,c7,e9,3a,e6,10,2a,83,ef,9b,a5,6­a,d8,db,
decrypt
 Server checks the client message
Server check of client msg OK
Server checks if the client authentic
Server check of client authenticity OK
Permutated Encrypted Message=
fb,c3,53,2,49,68,36,87,4a,28,cd,f8,55,b9­,bf,79,
16,2d,6b,39,af,ec,d5,ee,b2,2c,d7,77,12,8­3,88,ed,
50,9c,29,30,2a,c3,3e,2,a7,3,18,f9,7a,48,­ef,2a,
5,57,f7,cd,71,c7,17,f1,52,16,4e,17,e6,da­,5e,c0,
c8,a5,3b,1f,22,a0,6e,5f,6d,fc,78,25,3a,9­6,12,57,
server transmits
Close= false

User ID = "Sam" Password "1234"

---

2 Attachments

• ClientKM3.js
• ServerKM3init.js