Cryptomsg3.js
In this version a user ID and password have been added
The following is the output of one session. The setup function creates the cryptographic keys used in the client and server objects. Note that client and server have different random number keys and permutations. None of the permutation arrays are shown.
PICO 1v86
>echo(0);
In left pane enter setup(); and press return.
=undefined
>setup();
Client Random # keys
147,218,39,254,251,124,105,20,249,242,176,254,251,124,105,138
124,171,219,12,155,172,248,197,93,220,85,14,86,211,101,122
Msg Hash keys
183,198,0,48,252,124,105,20,27,113,129,48,252,124,105,170
232,149,224,242,228,159,142,123,127,115,23,205,73,51,112,58
Auth Hash keys
82,25,235,120,252,124,105,20,163,183,112,121,252,124,105,248
90,33,23,232,223,50,115,84,170,190,44,139,113,153,65,249
IDPW Hash keys
179,197,74,194,252,124,105,20,240,89,206,194,252,124,105,142
23,120,142,240,228,46,156,128,54,32,224,158,21,49,50,162
IDPWkey Hash keys
254,143,24,11,253,124,105,20,217,234,155,11,253,124,105,49
255,224,2,245,157,160,44,204,179,206,10,57,236,82,67,23
Server Random # keys
53,87,29,162,253,124,105,20,95,37,162,162,253,124,105,26
78,233,136,63,69,30,248,93,255,66,4,177,179,192,75,192
To setup a User ID and password
In the left pane enter ID="<user ID>";
In the left pane enter PW="<password>";
In left pane enter setupID(); and press return.
=undefined
The setupID() function performs a hash of the ID and Password and stores it in the server object for later reference.
>ID="sam"
="sam"
>PW="a1234";
="a1234"
>setupID();
IDPW_hash
20,198,57,30,198,43,156,233,212,6,187,246,210,28,110,194
In left pane enter connect(); and press return.
=undefined
The setup process is completed at this point.
The connect() function sends a command from the client to the server. The message in the text, a random number Rnum, and a MHash of the text and Rnum blocks.
The server calculated the hash1 of the text and Rnum blocks of the received message and performs a comparison.
The server creates a reply message.
The server creates a reply.
It generates a new random number Rnum.
It calculates the Auth value by hashing the Rnum in the clients message
It calculates the MHash of the text, Rnum, and Auth blocks.
The client validates the Mhash, and the Auth and asked the user for ID and password.
Server msg1 hash OK
Server is authentic
Enter User ID and password
In the left pane enter ID="<user ID>";
In the left pane enter PW="<password>";
In left pane enter login(); and press return.
=undefined
>
The user enters the ID and password and the client sends a message to the server using the login() function.
The message contains the text[0] block with the command, the text[1] block, a Rnum random number block, the Auth block and a Mhash of both text blocks, the Rnum and Auth blocks.
An encryption key is created using a hash of the Rnum in the last server message.
The encryption key is used to encrypt the hash of the ID and password.
Text[1]= the permutation of the encrypted hash of ID and password.
Note: the permutation uses an array of 128 values to swap bits in the block thus increasing the difficulty level for a hacker.
The server validates the Mhash, and the Auth blocks.
The server reverses the permutation and decrypts the text[1] block and uses the previously saved IDPW hash to validate the user ID and password.
The server replies as follows:
The server turns the LED off and replies as follows.
{
"text": [
new Uint8Array([67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
],
"Rnum": new Uint8Array([91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91]),
"Auth": new ArrayBuffer([69, 156, 77, 140, 124, 163, 20, 171, 113, 5, 219, 192, 52, 186, 236, 247]),
"Mhash": new ArrayBuffer([58, 187, 167, 69, 103, 61, 35, 28, 56, 158, 186, 83, 30, 230, 152, 10])
}
Server msg hash OK
Server is authentic
In left pane enter replay(); or LEDon(); or LEDoff(); and press return.
Along the way the client and server messages have been saved by Bill the black hat hacker. So Bill tries sending the client’s messages to the server with the following results.
>replay();
Trying to replay
Client msg 1 hash OK
Client msg 2 hash OK
Client not authentic
((the calculated and message Auth values are shown here))
73,37,138,217,81,69,32,247,92,136,225,154,124,8,83,157
85,202,193,237,229,82,213,28,17,66,76,168,105,110,34,181
=undefined
Try it and have the client enter the wrong ID or password.
The random number generator uses Date.now, and Math.random() as a seed.
A permutation followed by encryption or decryption is applied to the seed.
A one way matrix operation is applied followed by a second permutation and finally a second encryption or decryption. Again this makes life hard for hackers as compared to a simple counter applied to the AES algorithm.
The hash function does a similar process permutation1, encrypt, one way, permutation2, encrypt. For the first block the one way is initialized. For subsequent blocks the one way uses the results from the previous block.
Espruino is a JavaScript interpreter for low-power Microcontrollers. This site is both a support community for Espruino and a place to share what you are working on.
Cryptomsg3.js
In this version a user ID and password have been added
The following is the output of one session. The setup function creates the cryptographic keys used in the client and server objects. Note that client and server have different random number keys and permutations. None of the permutation arrays are shown.
The setupID() function performs a hash of the ID and Password and stores it in the server object for later reference.
The setup process is completed at this point.
The connect() function sends a command from the client to the server. The message in the text, a random number Rnum, and a MHash of the text and Rnum blocks.
The server calculated the hash1 of the text and Rnum blocks of the received message and performs a comparison.
The server creates a reply message.
The server creates a reply.
It generates a new random number Rnum.
It calculates the Auth value by hashing the Rnum in the clients message
It calculates the MHash of the text, Rnum, and Auth blocks.
The client validates the Mhash, and the Auth and asked the user for ID and password.
The user enters the ID and password and the client sends a message to the server using the login() function.
The message contains the text[0] block with the command, the text[1] block, a Rnum random number block, the Auth block and a Mhash of both text blocks, the Rnum and Auth blocks.
An encryption key is created using a hash of the Rnum in the last server message.
The encryption key is used to encrypt the hash of the ID and password.
Text[1]= the permutation of the encrypted hash of ID and password.
Note: the permutation uses an array of 128 values to swap bits in the block thus increasing the difficulty level for a hacker.
The server validates the Mhash, and the Auth blocks.
The server reverses the permutation and decrypts the text[1] block and uses the previously saved IDPW hash to validate the user ID and password.
The server replies as follows:
The client validates the Mhash, and the Auth blocks.
The user enters LEDon() and the client sends a message with text[0][1]=153
The server validates the Mhash and Auth blocks and uses the value on text[0][1] to turn the Green LED on the PICO on or off.
The user enters LEDoff(), and the client sends the following message to the server.
The server turns the LED off and replies as follows.
Along the way the client and server messages have been saved by Bill the black hat hacker. So Bill tries sending the client’s messages to the server with the following results.
Try it and have the client enter the wrong ID or password.
The random number generator uses Date.now, and Math.random() as a seed.
A permutation followed by encryption or decryption is applied to the seed.
A one way matrix operation is applied followed by a second permutation and finally a second encryption or decryption. Again this makes life hard for hackers as compared to a simple counter applied to the AES algorithm.
The hash function does a similar process permutation1, encrypt, one way, permutation2, encrypt. For the first block the one way is initialized. For subsequent blocks the one way uses the results from the previous block.
1 Attachment