Cryptographic Protocol on a PICO

Posted on
  • Bob and Sally communicate over an open channel and Bill can listen in. (the messages are sent as plaintext)
    Bob and Sally use the following scheme using cryptographic algorithms, one-way functions, keys, and permutations.
    Sally sends the following message S1:
    “Hi I’m Sally are you Bob”
    Sally adds a 16 byte random number A and a ‘hash’ of the message +random number.
    Bill records the message.
    Bob receives the message S1, computes the ‘hash’ and compares the computed ‘hash’ to the received ‘hash’.
    If the ‘hashes’ are equal, Bob sends the reply comprised of
    The message B1:
    “Yes I am Bob, are you sure you are Sally”,
    A 16 byte random number B,
    A 16 byte value C computed from A using a cryptographic function, keys and permutations, and
    A 16 byte ‘hash’ of the message +random number B +C
    Bill records this message.
    Sally receives the message B1 computes and compares the ‘hash’ with the sent ‘hash’
    If the ‘hashes’ are equal,
    Sally computes C from A and compares the results with sent value of C
    If the computed value of C equals the sent value of C then Sally has authenticated Bob.
    Sally then sends the following:
    The message S2:
    “Bob transfer big bucks to my account and turn on the LED”,
    A 16 byte random number D
    A 16 byte value E computed from B using a cryptographic function, keys and permutations, and
    A 16 byte ‘hash’ of the message +random number D +E.
    Bill records the message.
    Bob receives the message S2 computes and compares the ‘hash’ with the sent ‘hash’
    If the ‘hashes’ are equal,
    Bob computes E from B and compares the results with sent value of E
    If the computed value of E equals the sent value of E then Bob has authenticated Sally.
    Bob transfers the big buck and turns on the LED
    The message exchange continues until one party terminates the session. Each message contains the message, random number, computed value, and ‘hash’.
    Time passes:
    Bill connects to Bob and replays the messages sent by Sally.
    Will Bob transfer the funds and turn on the LED?
    Bob will receive message S1 and it will validate and Bob will reply with a modified message B1 with a different random number B and ‘hash’.
    Sally doesn’t receive the message. Bill sends recorded message S2.
    Bob doesn’t validate the message because the sent E not equal to the computed E.
    Could Bill modify the message? Not without knowing the ‘hash’ algorithm and keys.
    If Bill can catch Sally’s messages to Bob, can Bill modify Sally’s message before sending it to Bob? Not without knowing the ‘hash’ algorithm and keys.
    Do Bob and Sally really authenticate each other or do their computers authenticate each other?
    If Bill steals Sally’s computer could he cause Bob to transfer funds and turn on the LED? How could this be prevented?
    Implementation on a PICO is in the attached file. Both client and server are present as I don’t have the WIFI shim. It’s a test of the idea.
    To add a user ID and password consider the following:
    A user ID, and a password.
    Define the cryptographic parameters of a password hash and compute the password hash. The client operator enters the password and the password hash is calculated.
    The password hash is maintained in the server and index to the user ID.
    Derive two encryption keys EKuserID and EKpassword from a shared random number using two sets of cryptographic ‘hash’ keys.
    Message.text[1]=encryption(user ID,key1), and
    Message.text[2]=encryption(password hash, key2)
    Use a 32 element permutation to scramble the bytes between text[1] and text[2].
    Use a 128 element permutation to scramble the bits in text[1] and then in text[2].
    Send the message to the server.
    The server validates the message hash and authentication hash. A value in text[0][0] informs the server to process the password.
    Unscramble the bits and then the bytes and decrypt. Use the user ID to look up the password hash in the server’s table and compare the table password hash value to the decrypted password hash from the message.


    1 Attachment

  • The output of Cryptomsg2.js

    >echo(0);
    In left pane enter go(); and press return.
    =undefined
    >go();
    Client Random # keys
    245,23,232,200,114,36,105,20,254,96,85,201,114,36,105,4
    69,150,99,34,208,230,34,168,128,106,45,199,203,46,28,219
    Hash keys
    232,65,134,243,114,36,105,20,195,103,245,243,114,36,105,1
    188,177,5,173,141,150,119,10,10,7,153,174,225,238,77,145
    Hash keys
    242,148,162,50,115,36,105,20,180,39,16,51,115,36,105,250
    217,67,207,60,54,115,75,227,116,255,243,203,112,230,97,82
    Server Random # keys
    217,1,45,181,115,36,105,20,79,84,156,181,115,36,105,203
    215,180,29,227,242,69,139,118,47,238,145,221,141,226,213,38
    {
      "text": [
        new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94]),
      "Auth": new Uint8Array(16),
      "Mhash": new ArrayBuffer([26, 16, 180, 124, 63, 107, 133, 33, 128, 52, 101, 195, 208, 190, 102, 93])
     }
    Client msg 1 hash OK
    {
      "text": [
        new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60]),
      "Auth": new ArrayBuffer([3, 170, 20, 135, 37, 121, 216, 99, 141, 128, 79, 223, 167, 46, 246, 123]),
      "Mhash": new ArrayBuffer([99, 179, 42, 101, 76, 3, 51, 218, 226, 53, 95, 70, 171, 105, 83, 175])
     }
    Server msg1 hash OK
    Server is authentic
    {
      "text": [
        new Uint8Array([66, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69]),
      "Auth": new ArrayBuffer([34, 224, 5, 131, 161, 65, 136, 88, 134, 75, 54, 238, 99, 203, 160, 179]),
      "Mhash": new ArrayBuffer([61, 176, 71, 104, 148, 148, 164, 97, 70, 194, 169, 104, 156, 182, 148, 76])
     }
    Client msg 2 hash OK
    Client is authentic
    {
      "text": [
        new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34]),
      "Auth": new ArrayBuffer([3, 170, 20, 135, 37, 121, 216, 99, 141, 128, 79, 223, 167, 46, 246, 123]),
      "Mhash": new ArrayBuffer([74, 248, 250, 163, 194, 76, 103, 238, 169, 3, 248, 117, 159, 233, 64, 220])
     }
    Trying to replay
    Client msg 1 hash OK
    Client msg 2 hash OK
    Client not authentic
    167,33,148,163,150,43,129,28,79,255,93,113,35,215,40,72
    34,224,5,131,161,65,136,88,134,75,54,238,99,203,160,179
    New messages
    {
      "text": [
        new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119]),
      "Auth": new Uint8Array(16),
      "Mhash": new ArrayBuffer([79, 10, 74, 218, 32, 96, 55, 0, 116, 245, 80, 95, 54, 76, 54, 114])
     }
    Client msg 1 hash OK
    {
      "text": [
        new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248]),
      "Auth": new ArrayBuffer([241, 254, 62, 248, 237, 77, 127, 26, 115, 224, 51, 144, 124, 210, 7, 250]),
      "Mhash": new ArrayBuffer([93, 70, 18, 33, 28, 195, 215, 238, 123, 48, 146, 157, 176, 143, 82, 131])
     }
    Server msg1 hash OK
    Server is authentic
    {
      "text": [
        new Uint8Array([66, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]),
      "Auth": new ArrayBuffer([168, 38, 120, 193, 88, 64, 50, 150, 39, 150, 95, 251, 65, 68, 138, 66]),
      "Mhash": new ArrayBuffer([184, 131, 13, 136, 192, 234, 14, 184, 72, 113, 231, 145, 199, 149, 231, 150])
     }
    Client msg 2 hash OK
    Client is authentic
    {
      "text": [
        new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248]),
      "Auth": new ArrayBuffer([241, 254, 62, 248, 237, 77, 127, 26, 115, 224, 51, 144, 124, 210, 7, 250]),
      "Mhash": new ArrayBuffer([143, 19, 133, 234, 45, 4, 48, 57, 126, 126, 176, 205, 243, 97, 8, 8])
     }
    =0
    
    
  • Cryptomsg3.js
    In this version a user ID and password have been added
    The following is the output of one session. The setup function creates the cryptographic keys used in the client and server objects. Note that client and server have different random number keys and permutations. None of the permutation arrays are shown.

    PICO 1v86 
    >echo(0);
    In left pane enter setup(); and press return.
    =undefined
    >setup();
    Client Random # keys
    147,218,39,254,251,124,105,20,249,242,176,254,251,124,105,138
    124,171,219,12,155,172,248,197,93,220,85,14,86,211,101,122
    Msg Hash keys
    183,198,0,48,252,124,105,20,27,113,129,48,252,124,105,170
    232,149,224,242,228,159,142,123,127,115,23,205,73,51,112,58
    Auth Hash keys
    82,25,235,120,252,124,105,20,163,183,112,121,252,124,105,248
    90,33,23,232,223,50,115,84,170,190,44,139,113,153,65,249
    IDPW Hash keys
    179,197,74,194,252,124,105,20,240,89,206,194,252,124,105,142
    23,120,142,240,228,46,156,128,54,32,224,158,21,49,50,162
    IDPWkey Hash keys
    254,143,24,11,253,124,105,20,217,234,155,11,253,124,105,49
    255,224,2,245,157,160,44,204,179,206,10,57,236,82,67,23
    Server Random # keys
    53,87,29,162,253,124,105,20,95,37,162,162,253,124,105,26
    78,233,136,63,69,30,248,93,255,66,4,177,179,192,75,192
    To setup a User ID and password
    In the left pane enter ID="<user ID>";
    In the left pane enter PW="<password>";
    In left pane enter setupID(); and press return.
    =undefined
    

    The setupID() function performs a hash of the ID and Password and stores it in the server object for later reference.

    >ID="sam"
    ="sam"
    >PW="a1234";
    ="a1234"
    >setupID();
    IDPW_hash
    20,198,57,30,198,43,156,233,212,6,187,246,210,28,110,194
    In left pane enter connect(); and press return.
    =undefined
    

    The setup process is completed at this point.
    The connect() function sends a command from the client to the server. The message in the text, a random number Rnum, and a MHash of the text and Rnum blocks.
    The server calculated the hash1 of the text and Rnum blocks of the received message and performs a comparison.
    The server creates a reply message.

    >connect();
    {
      "text": [
        new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107]),
      "Auth": new Uint8Array(16),
      "Mhash": new ArrayBuffer([67, 224, 209, 99, 57, 134, 239, 227, 82, 141, 121, 73, 1, 34, 87, 53])
     }
    Client msg 1 hash OK
    

    The server creates a reply.
    It generates a new random number Rnum.
    It calculates the Auth value by hashing the Rnum in the clients message
    It calculates the MHash of the text, Rnum, and Auth blocks.

    {
      "text": [
        new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95]),
      "Auth": new ArrayBuffer([177, 4, 182, 80, 32, 193, 133, 253, 206, 70, 222, 40, 50, 103, 253, 84]),
      "Mhash": new ArrayBuffer([174, 166, 145, 239, 250, 142, 29, 89, 132, 47, 94, 235, 3, 148, 16, 180])
     }
    

    The client validates the Mhash, and the Auth and asked the user for ID and password.

    Server msg1 hash OK
    Server is authentic
    Enter User ID and password
    In the left pane enter ID="<user ID>";
    In the left pane enter PW="<password>";
    In left pane enter login(); and press return.
    =undefined
    >
    

    The user enters the ID and password and the client sends a message to the server using the login() function.
    The message contains the text[0] block with the command, the text[1] block, a Rnum random number block, the Auth block and a Mhash of both text blocks, the Rnum and Auth blocks.
    An encryption key is created using a hash of the Rnum in the last server message.
    The encryption key is used to encrypt the hash of the ID and password.
    Text[1]= the permutation of the encrypted hash of ID and password.
    Note: the permutation uses an array of 128 values to swap bits in the block thus increasing the difficulty level for a hacker.

    >ID
    ="sam"
    >PW
    ="a1234"
    >login();
    {
      "text": [
        new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
        new ArrayBuffer([188, 251, 96, 214, 196, 152, 12, 153, 116, 62, 142, 67, 36, 191, 9, 37])
       ],
      "Rnum": new Uint8Array([231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231]),
      "Auth": new ArrayBuffer([85, 202, 193, 237, 229, 82, 213, 28, 17, 66, 76, 168, 105, 110, 34, 181]),
      "Mhash": new ArrayBuffer([246, 246, 153, 109, 110, 234, 46, 198, 250, 173, 197, 70, 46, 130, 198, 8])
     }
    Client msg 2 hash OK
    Client is authentic
    User ID and password valid
    

    The server validates the Mhash, and the Auth blocks.
    The server reverses the permutation and decrypts the text[1] block and uses the previously saved IDPW hash to validate the user ID and password.
    The server replies as follows:

    {
      "text": [
        new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197]),
      "Auth": new ArrayBuffer([203, 178, 225, 223, 185, 157, 208, 10, 205, 106, 25, 48, 148, 14, 178, 244]),
      "Mhash": new ArrayBuffer([136, 235, 215, 192, 46, 125, 93, 102, 232, 66, 154, 94, 254, 96, 125, 171])
     }
    

    The client validates the Mhash, and the Auth blocks.

    Server msg1 hash OK
    Server is authentic
    In left pane enter replay(); or LEDon(); or LEDoff(); and press return.
    =undefined
    >
    

    The user enters LEDon() and the client sends a message with text[0][1]=153

    >LEDon();
    {
      "text": [
        new Uint8Array([67, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245]),
      "Auth": new ArrayBuffer([84, 61, 229, 17, 188, 93, 153, 84, 8, 11, 141, 163, 234, 109, 215, 22]),
      "Mhash": new ArrayBuffer([161, 191, 122, 233, 14, 1, 107, 240, 101, 7, 97, 214, 109, 87, 47, 227])
     }
    

    The server validates the Mhash and Auth blocks and uses the value on text[0][1] to turn the Green LED on the PICO on or off.

    Client msg 3 hash OK
    Client is authentic
    {
      "text": [
        new Uint8Array([67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9]),
      "Auth": new ArrayBuffer([25, 138, 122, 203, 160, 27, 197, 203, 83, 67, 94, 253, 166, 101, 177, 61]),
      "Mhash": new ArrayBuffer([156, 67, 30, 184, 3, 5, 237, 23, 4, 169, 138, 33, 245, 137, 166, 242])
     }
    Server msg hash OK
    Server is authentic
    In left pane enter replay(); or LEDon(); or LEDoff(); and press return.
    =undefined
    

    The user enters LEDoff(), and the client sends the following message to the server.

    >LEDoff();
    {
      "text": [
        new Uint8Array([67, 152, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32]),
      "Auth": new ArrayBuffer([173, 227, 7, 74, 231, 212, 57, 149, 211, 167, 182, 168, 50, 163, 100, 136]),
      "Mhash": new ArrayBuffer([166, 234, 76, 46, 39, 225, 249, 161, 72, 87, 168, 112, 131, 189, 17, 179])
     }
    Client msg 3 hash OK
    Client is authentic
    

    The server turns the LED off and replies as follows.

    {
      "text": [
        new Uint8Array([67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
       ],
      "Rnum": new Uint8Array([91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91]),
      "Auth": new ArrayBuffer([69, 156, 77, 140, 124, 163, 20, 171, 113, 5, 219, 192, 52, 186, 236, 247]),
      "Mhash": new ArrayBuffer([58, 187, 167, 69, 103, 61, 35, 28, 56, 158, 186, 83, 30, 230, 152, 10])
     }
    Server msg hash OK
    Server is authentic
    In left pane enter replay(); or LEDon(); or LEDoff(); and press return.
    

    Along the way the client and server messages have been saved by Bill the black hat hacker. So Bill tries sending the client’s messages to the server with the following results.

    >replay();
    Trying to replay
    Client msg 1 hash OK
    Client msg 2 hash OK
    Client not authentic
    ((the calculated and message Auth values are shown here))
    73,37,138,217,81,69,32,247,92,136,225,154,124,8,83,157
    85,202,193,237,229,82,213,28,17,66,76,168,105,110,34,181
    =undefined
    

    Try it and have the client enter the wrong ID or password.
    The random number generator uses Date.now, and Math.random() as a seed.
    A permutation followed by encryption or decryption is applied to the seed.
    A one way matrix operation is applied followed by a second permutation and finally a second encryption or decryption. Again this makes life hard for hackers as compared to a simple counter applied to the AES algorithm.
    The hash function does a similar process permutation1, encrypt, one way, permutation2, encrypt. For the first block the one way is initialized. For subsequent blocks the one way uses the results from the previous block.


    1 Attachment

  • Permutation2.js
    A permutation of bits:

    0 168 0
    1 133 1
    2 2 2
    3 0 3
    4 1 4
    5 112 5
    6 16 6
    7 150 7
    8 49 8
    9 2 9
    10 134 10
    11 14 11
    12 36 12
    13 16 13
    14 9 14
    15 4 15
    

    A permutation of bytes

    0 6 0
    1 1 1
    2 14 2
    3 12 3
    4 15 4
    5 4 5
    6 7 6
    7 10 7
    8 13 8
    9 2 9
    10 5 10
    11 0 11
    12 11 12
    13 9 13
    14 3 14
    15 8 15
    

    Links:
    http://www.scientificamerican.com/article/nsa-nist-encryption-scandal/

    http://www.infosecurity-magazine.com/magazine-features/the-dark-side-of-cryptography-kleptography-in/

    https://cpunks.org/pipermail/cypherpunks/2013-September/000984.html

    https://www.schneier.com/blog/archives/2013/10/defending_again_1.html

    https://en.wikipedia.org/wiki/Dual_EC_DRBG


    1 Attachment

  • Onewayx.js
    Apply addition, exclusive or, or multiplication to a matrix by rows, columns, left diagonals and right diagonals and then take the modulus 256 to create a one way function.
    0 1 2 3
    4 5 6 7
    8 9 10 11
    12 13 14 15

    //onewayx.js
    function oneway1(mode,A,B,C,D,E){
      switch(mode){
        case 0:
         return A+B+C+D+E;
        case 1:
         return A^B^C^D^E;
        case 2:
         return A*B*C*D*E;
      }//end switch
    }//end oneway1
    
    function modit(A,B){
     for(var i=0;i<16;i++)A[i]=B[i]%256;
    }//end modit
    
    function fillit(A,b){
     for(var i=0;i<16;i++)A[i]=b;
    }//end fillit
    
    function oneway(mode,A,B){
    //rows
     A[0]=oneway1(mode,A[0],B[0],B[1],B[2],B[3]);
     A[1]=oneway1(mode,A[1],B[4],B[5],B[6],B[7]);
     A[2]=oneway1(mode,A[2],B[8],B[9],B[10],B[11]);
     A[3]=oneway1(mode,A[3],B[12],B[13],B[14],B[15]);
    //columns
     A[4]=oneway1(mode,A[4],B[0],B[4],B[8],B[12]);
     A[5]=oneway1(mode,A[5],B[1],B[5],B[9],B[13]);
     A[6]=oneway1(mode,A[6],B[2],B[6],B[10],B[14]);
     A[7]=oneway1(mode,A[7],B[3],B[7],B[11],B[15]);
    //diagonals\
     A[8]=oneway1(mode,A[8],B[0],B[5],B[10],B[15]);
     A[9]=oneway1(mode,A[9],B[1],B[6],B[11],B[12]);
     A[10]=oneway1(mode,A[10],B[2],B[7],B[8],B[13]);
     A[11]=oneway1(mode,A[11],B[3],B[4],B[9],B[14]);
    //diagonals/
     A[12]=oneway1(mode,A[12],B[3],B[6],B[9],B[12]);
     A[13]=oneway1(mode,A[13],B[0],B[7],B[10],B[13]);
     A[14]=oneway1(mode,A[14],B[1],B[4],B[11],B[14]);
     A[15]=oneway1(mode,A[15],B[2],B[5],B[8],B[15]);
    }//end oneway
    

    The output:

    The inital data
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
    use mutltiply
    Data after applying oneway function and modit
    24 144 104 160 73 144 137 0 32 136 208 184 56 208 8 32
    Do it again using xor
    The inital data
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
    Data after applying oneway function and modit
    5 13 5 29 1 1 1 17 29 5 13 5 5 13 5 29
    Do it again using addition
    The inital data
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
    Data after applying oneway function and modit
    11 27 43 59 29 33 37 41 35 35 35 35 35 35 35 35
    

    Try it with different initial data.


    1 Attachment

  • Cryptomsg4.js
    Some changes made to the hash function.
    Add a logoff function.
    Noticed that the Rnum in the messages were all the same value.
    Fixed it.

    >setupID();
    IDPW_hash
    199,118,61,228,125,51,183,83,209,53,107,248,75,23,162,128
    In left pane enter connect(); and press return.
    =undefined
    >connect();
    {
      "text": [
        new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
        new Uint8Array(16)
       ],
      "Rnum": new Uint8Array([106, 252, 92, 219, 97, 146, 133, 70, 139, 53, 121, 170, 154, 73, 162, 119]),
      "Auth": new Uint8Array(16),
      "Mhash": new ArrayBuffer([207, 109, 3, 165, 191, 27, 97, 58, 131, 189, 253, 144, 214, 189, 226, 240])
     }
    Client msg 1 hash OK
    {
      "text": [
        new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
        new Uint8Array(16)
       ],
      "Rnum": new Uint8Array([224, 101, 186, 153, 117, 133, 224, 12, 118, 39, 165, 92, 202, 210, 183, 51]),
      "Auth": new ArrayBuffer([66, 169, 179, 113, 114, 202, 57, 74, 89, 29, 96, 192, 147, 30, 236, 36]),
      "Mhash": new ArrayBuffer([22, 187, 159, 26, 112, 116, 187, 148, 127, 211, 158, 113, 40, 126, 194, 165])
     }
    Server msg1 hash OK
    Server is authentic
    Enter User ID and password
    In the left pane enter ID="<user ID>";
    In the left pane enter PW="<password>";
    In left pane enter login(); and press return.
    

    A Phat phinger mistake in the copy function.

    function copy(A,B){for(var i=0;i<16;i++)A[i]=B[1];}
    

    Changed it to:

    function copy(A,B){for(var i=0;i<16;i++)A[i]=B[i];}
    

    1 Attachment

  • ClassDatenowKey2.js
    The random number generator:

    //ClassDatenowKey2.js
    //a permutation class
    function Perm(n){
     this.N=n;
     this.C=new Uint8Array(n);
    }
    
    Perm.prototype.swap=function(i,j){
     var a=0;
     a=this.C[i];
     this.C[i]=this.C[j];
     this.C[j]=a;
    };//end swap
    
    //Initialize a random permutation
    Perm.prototype.createPerm=function(){
      var i,j;
      var k=this.N;
      E.srand(E.hwRand());
      for(j=0;j<this.N;j++)this.C[j]=j;
      for(i=0;i<(this.N-1);i++){
       j=parseInt((Math.random()*256)%k,10);
       this.swap(i,i+j);
       k--;
      }//next i
    };//end createPerm
    
    //Use permutation to relocate bits in E to D
    //dir determines the indirection direction
    Perm.prototype.doPerm=function(dir,D,E){
     var i,j,k,m;
     for(i=0;i<this.N/8;i++)D[i]=0;
     for(i=0;i<this.N;i++){
      j=this.C[i];
      k=i%8;
      m=j%8;
      var a=1;
      var b=1;
      a=1<<k;
      b=1<<m;
      if(dir){
       if(E[(i-k)/8]&a) D[(j-m)/8]=D[(j-m)/8]|b;
      }else{
       if(E[(j-m)/8]&b) D[(i-k)/8]=D[(i-k)/8]|a;
      }//end else
     }//next i
    };//end doPerm
    
    //Use permutation of length N in E to relocate bytes in C to D
    Perm.prototype.doPermBytes=function(dir,E,C){
     var i,j,k,m;
     for(i=0;i<this.N;i++)D[i]=0;
     for(i=0;i<this.N;i++){
      j=this.C[i];
      if(dir){
       D[i]=E[j];
      }else{
       D[j]=E[i];
      }//end else
     }//next i
    };//end doPermBytes
    ///////////////////////////
    
    //a oneway class
    
    function Oneway(){
     this.A=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];
    }
    
    Oneway.prototype.oneway1=function(mode,A,B,C,D,E){
      switch(mode){
        case 0:
         return A+B+C+D+E;
        case 1:
         return A^B^C^D^E;
        case 2:
         return A*B*C*D*E;
      }//end switch
    };//end oneway1
    
    Oneway.prototype.modit=function(A){
     for(var i=0;i<16;i++)A[i]=this.A[i]%256;
    };//end modit
    
    Oneway.prototype.fillit=function(b){
     for(var i=0;i<16;i++)this.A[i]=b;
    };//end fillit
    
    Oneway.prototype.oneway=function(mode,B){
      var oneway1=this.oneway1;
    //rows
     this.A[0]=oneway1(mode,this.A[0],B[0],B[1],B[2],B[3]);
     this.A[1]=oneway1(mode,this.A[1],B[4],B[5],B[6],B[7]);
     this.A[2]=oneway1(mode,this.A[2],B[8],B[9],B[10],B[11]);
     this.A[3]=oneway1(mode,this.A[3],B[12],B[13],B[14],B[15]);
    //columns
     this.A[4]=oneway1(mode,this.A[4],B[0],B[4],B[8],B[12]);
     this.A[5]=oneway1(mode,this.A[5],B[1],B[5],B[9],B[13]);
     this.A[6]=oneway1(mode,this.A[6],B[2],B[6],B[10],B[14]);
     this.A[7]=oneway1(mode,this.A[7],B[3],B[7],B[11],B[15]);
    //diagonals\
     this.A[8]=oneway1(mode,this.A[8],B[0],B[5],B[10],B[15]);
     this.A[9]=oneway1(mode,this.A[9],B[1],B[6],B[11],B[12]);
     this.A[10]=oneway1(mode,this.A[10],B[2],B[7],B[8],B[13]);
     this.A[11]=oneway1(mode,this.A[11],B[3],B[4],B[9],B[14]);
    //diagonals/
     this.A[12]=oneway1(mode,this.A[12],B[3],B[6],B[9],B[12]);
     this.A[13]=oneway1(mode,this.A[13],B[0],B[7],B[10],B[13]);
     this.A[14]=oneway1(mode,this.A[14],B[1],B[4],B[11],B[14]);
     this.A[15]=oneway1(mode,this.A[15],B[2],B[5],B[8],B[15]);
    };//end oneway
    
    // Random object
    // aes1 0= encrypt, 1=decrypt
    // aes2 0= encrypt, 1=decrypt
    // pdir1 permutation direction 0 or 1
    // pdir2 permutation direction 0 or 1
    // owtype 0= add, 1= xor, 2=multiply
    function Random(aes1,aes2,pdir1,pdir2,owtype){
     this.AES1=aes1;
     this.AES2=aes2;
     this.Pdir1=pdir1;
     this.Pdir2=pdir2;
     this.Owtype=owtype;
    
     this.ow=new Oneway();
     this.plain=new Uint8Array(16);
     this.R=new ArrayBuffer(16);
     this.perm1=new Perm(128);
     this.key1=new Uint8Array(16);
     this.perm2=new Perm(128);
     this.key2=new Uint8Array(16);
    }
    
    Random.prototype.random=function(){
      var a;
    var tt=Date.now()*1000000;
    for(var i=0;i<16;i++){
     if(i===8)tt=Date.now()*1000000;
     this.R[i]=tt%256;
     tt=tt-this.R[i];
     tt=tt/256;
    }//nexti
    E.srand(E.hwRand());
    this.R[0]=(Math.random()*256)%256;
    this.R[8]=(Math.random()*256)%256;
    this.R[15]=(Math.random()*256)%256;
    //  printit(R);
    this.perm1.doPerm(this.Pdir1,this.plain,this.R);
    //printit(plain);
    if(this.AES1){this.R=AES.encrypt(this.plain,this.key1);
     }else{
     this.R=AES.decrypt(this.plain,this.key1);
    }
    //printit(this.R);
    
    this.ow.fillit(1);
    this.ow.oneway(this.Owtype,this.R);
    this.ow.modit(this.R);
    //printit(this.R);
    
    this.perm2.doPerm(this.Pdir2,this.plain,this.R);
    //printit(plain);
    if(this.AES2){this.R=AES.encrypt(this.plain,this.key2);
     }else{
     this.R=AES.decrypt(this.plain,this.key2);
    }
    //printit(this.R);
     return this.R;
    };//end random
    
    Random.prototype.setup_random=function(){
     for(var i=0;i<16;i++){
      E.srand(E.hwRand());
      this.key1[i]=parseInt((Math.random()*256),10);
      E.srand(E.hwRand());
      this.key2[i]=parseInt((Math.random()*256),10);
     }//nexti
    
     this.perm1.createPerm();
     this.perm2.createPerm();
    
    };
    ///////////////////////////////
    
    function printit(W){
    console.log(W[0]+','+W[1]+','+W[2]+','+W[3]+','+
                W[4]+','+W[5]+','+W[6]+','+W[7]+','+
                W[8]+','+W[9]+','+W[10]+','+W[11]+','+
                W[12]+','+W[13]+','+W[14]+','+W[15]
               );
    }//end printit
    
    function copy(A,B){for(var i=0;i<16;i++)A[i]=B[i];}
    
    function compare(A,B){
     for(var i=0;i<16;i++)if(A[i]!=B[i])return 0;
     return 1;
    }
    ///////////////////////////////
    // Random object
    // aes1 0= encrypt, 1=decrypt
    // aes2 0= encrypt, 1=decrypt
    // pdir1 permutation direction 0 or 1
    // pdir2 permutation direction 0 or 1
    // owtype 0= add, 1= xor, 2=multiply
    //function Random(aes1,aes2,pdir1,pdir2,owtype){
    var R=new Random(1,1,0,0,0);
    R.setup_random();
    console.log("keys");
     printit(R.key1);
     printit(R.key2);
     console.log("Enter go(); into left screen, press enter");
    function go(){
      R.key1=R.random();
      R.key2=R.random();
      R.key1=R.random();
      R.key2=R.random();
    console.log("keys");
     printit(R.key1);
     printit(R.key2);
    console.log("Randoms");
    for(var j=0;j<16;j++){
     printit(R.random());
    }
    }//end go
    

    The output:

    >echo(0);
    keys
    95,199,130,197,32,174,21,94,190,94,212,0,219,24,220,209
    127,253,226,16,70,146,185,11,202,192,44,70,83,51,120,177
    Enter go(); into left screen, press enter
    =undefined
    >go();
    keys
    37,115,239,249,173,235,105,20,202,187,119,250,173,235,105,187
    194,44,127,205,23,115,36,6,237,95,250,210,33,201,23,211
    Randoms
    142,254,220,240,136,215,19,239,149,77,77,124,190,204,102,97
    172,247,225,194,124,184,176,179,201,85,70,33,145,196,50,223
    171,173,84,67,240,166,53,84,189,241,190,160,65,126,46,16
    240,110,20,89,34,209,82,26,84,141,66,199,178,107,45,129
    8,76,198,85,81,141,148,70,243,37,27,18,101,39,53,75
    156,154,240,83,125,40,83,111,48,193,73,90,88,52,152,150
    132,58,124,16,109,99,134,187,72,139,84,109,254,5,163,173
    18,166,184,35,1,188,74,73,75,24,107,129,229,6,203,35
    46,71,178,73,32,142,191,110,254,127,233,195,82,219,214,121
    219,68,7,110,28,230,173,64,123,179,128,4,232,61,157,244
    26,86,10,201,79,18,159,126,178,165,128,213,0,220,233,219
    160,45,66,180,92,106,130,148,224,180,18,141,20,194,197,167
    116,187,81,184,197,46,64,197,107,157,58,72,70,42,241,205
    106,243,200,96,187,42,68,165,111,85,121,61,150,128,81,63
    112,139,103,246,27,71,38,240,100,136,250,230,24,145,76,69
    96,130,236,218,128,193,47,234,34,3,10,30,130,18,74,154
    
    

    1 Attachment

  • myhash1.js
    Uses permutations, oneway, and random functions.
    var MH=new Myhash(1,1,0,0,0). Try varying the numbers. First 4 can be 0 or 1.
    5th number can be 0,1,2 and changes the oneway function operator.
    // aes1 0= encrypt, 1=decrypt
    // aes2 0= encrypt, 1=decrypt
    // pdir1 permutation direction 0 or 1
    // pdir2 permutation direction 0 or 1
    // owtype 0= add, 1= xor, 2=multiply

    //myhash1.js
    //a permutation class
    function Perm(n){
     this.N=n;
     this.C=new Uint8Array(n);
    }
    
    Perm.prototype.swap=function(i,j){
     var a=0;
     a=this.C[i];
     this.C[i]=this.C[j];
     this.C[j]=a;
    };//end swap
    
    //Initialize a random permutation
    Perm.prototype.createPerm=function(){
      var i,j;
      var k=this.N;
      E.srand(E.hwRand());
      for(j=0;j<this.N;j++)this.C[j]=j;
      for(i=0;i<(this.N-1);i++){
       j=parseInt((Math.random()*256)%k,10);
       this.swap(i,i+j);
       k--;
      }//next i
    };//end createPerm
    
    //Use permutation to relocate bits in E to D
    //dir determines the indirection direction
    Perm.prototype.doPerm=function(dir,D,E){
     var i,j,k,m;
     for(i=0;i<this.N/8;i++)D[i]=0;
     for(i=0;i<this.N;i++){
      j=this.C[i];
      k=i%8;
      m=j%8;
      var a=1;
      var b=1;
      a=1<<k;
      b=1<<m;
      if(dir){
       if(E[(i-k)/8]&a) D[(j-m)/8]=D[(j-m)/8]|b;
      }else{
       if(E[(j-m)/8]&b) D[(i-k)/8]=D[(i-k)/8]|a;
      }//end else
     }//next i
    };//end doPerm
    
    //Use permutation of length N in E to relocate bytes in C to D
    Perm.prototype.doPermBytes=function(dir,E,C){
     var i,j,k,m;
     for(i=0;i<this.N;i++)D[i]=0;
     for(i=0;i<this.N;i++){
      j=this.C[i];
      if(dir){
       D[i]=E[j];
      }else{
       D[j]=E[i];
      }//end else
     }//next i
    };//end doPermBytes
    ///////////////////////////
    
    //a oneway class
    
    function Oneway(){
     this.A=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];
    }
    
    Oneway.prototype.oneway1=function(mode,A,B,C,D,E){
      switch(mode){
        case 0:
         return A+B+C+D+E;
        case 1:
         return A^B^C^D^E;
        case 2:
         return A*B*C*D*E;
      }//end switch
    };//end oneway1
    
    Oneway.prototype.modit=function(A){
     for(var i=0;i<16;i++)A[i]=this.A[i]%256;
    };//end modit
    
    Oneway.prototype.fillit=function(b){
     for(var i=0;i<16;i++)this.A[i]=b;
    };//end fillit
    
    Oneway.prototype.oneway=function(mode,B){
      var oneway1=this.oneway1;
    //rows
     this.A[0]=oneway1(mode,this.A[0],B[0],B[1],B[2],B[3]);
     this.A[1]=oneway1(mode,this.A[1],B[4],B[5],B[6],B[7]);
     this.A[2]=oneway1(mode,this.A[2],B[8],B[9],B[10],B[11]);
     this.A[3]=oneway1(mode,this.A[3],B[12],B[13],B[14],B[15]);
    //columns
     this.A[4]=oneway1(mode,this.A[4],B[0],B[4],B[8],B[12]);
     this.A[5]=oneway1(mode,this.A[5],B[1],B[5],B[9],B[13]);
     this.A[6]=oneway1(mode,this.A[6],B[2],B[6],B[10],B[14]);
     this.A[7]=oneway1(mode,this.A[7],B[3],B[7],B[11],B[15]);
    //diagonals\
     this.A[8]=oneway1(mode,this.A[8],B[0],B[5],B[10],B[15]);
     this.A[9]=oneway1(mode,this.A[9],B[1],B[6],B[11],B[12]);
     this.A[10]=oneway1(mode,this.A[10],B[2],B[7],B[8],B[13]);
     this.A[11]=oneway1(mode,this.A[11],B[3],B[4],B[9],B[14]);
    //diagonals/
     this.A[12]=oneway1(mode,this.A[12],B[3],B[6],B[9],B[12]);
     this.A[13]=oneway1(mode,this.A[13],B[0],B[7],B[10],B[13]);
     this.A[14]=oneway1(mode,this.A[14],B[1],B[4],B[11],B[14]);
     this.A[15]=oneway1(mode,this.A[15],B[2],B[5],B[8],B[15]);
    };//end oneway
    
    // Random object
    // aes1 0= encrypt, 1=decrypt
    // aes2 0= encrypt, 1=decrypt
    // pdir1 permutation direction 0 or 1
    // pdir2 permutation direction 0 or 1
    // owtype 0= add, 1= xor, 2=multiply
    function Random(aes1,aes2,pdir1,pdir2,owtype){
     this.AES1=aes1;
     this.AES2=aes2;
     this.Pdir1=pdir1;
     this.Pdir2=pdir2;
     this.Owtype=owtype;
    
     this.ow=new Oneway();
     this.plain=new Uint8Array(16);
     this.R=new ArrayBuffer(16);
     this.perm1=new Perm(128);
     this.key1=new Uint8Array(16);
     this.perm2=new Perm(128);
     this.key2=new Uint8Array(16);
    }
    
    Random.prototype.random=function(){
    var tt=Date.now()*1000000;
    for(var i=0;i<16;i++){
     if(i===8)tt=Date.now()*1000000;
     this.R[i]=tt%256;
     tt=tt-this.R[i];
     tt=tt/256;
    }//nexti
    E.srand(E.hwRand());
    this.R[0]=(Math.random()*256)%256;
    this.R[8]=(Math.random()*256)%256;
    this.R[15]=(Math.random()*256)%256;
    //  printit(R);
    this.perm1.doPerm(this.Pdir1,this.plain,this.R);
    //printit(plain);
    if(this.AES1){this.R=AES.encrypt(this.plain,this.key1);
     }else{
     this.R=AES.decrypt(this.plain,this.key1);
    }
    //printit(this.R);
    
    this.ow.fillit(1);
    this.ow.oneway(this.Owtype,this.R);
    this.ow.modit(this.R);
    //printit(this.R);
    
    this.perm2.doPerm(this.Pdir2,this.plain,this.R);
    //printit(plain);
    if(this.AES2){this.R=AES.encrypt(this.plain,this.key2);
     }else{
     this.R=AES.decrypt(this.plain,this.key2);
    }
    //printit(this.R);
     return this.R;
    };//end random
    
    Random.prototype.setup_random=function(){
     for(var i=0;i<16;i++){
      E.srand(E.hwRand());
      this.key1[i]=parseInt((Math.random()*256),10);
      E.srand(E.hwRand());
      this.key2[i]=parseInt((Math.random()*256),10);
     }//nexti
    
     this.perm1.createPerm();
     this.perm2.createPerm();
    
    };
    ///////////////////////////////
    //Myhash object
    // aes1 0= encrypt, 1=decrypt
    // aes2 0= encrypt, 1=decrypt
    // pdir1 permutation direction 0 or 1
    // pdir2 permutation direction 0 or 1
    // owtype 0= add, 1= xor, 2=multiply
    function Myhash(aes1,aes2,pdir1,pdir2,owtype){
     this.AES1=aes1;
     this.AES2=aes2;
     this.Pdir1=pdir1;
     this.Pdir2=pdir2;
     this.Owtype=owtype;
    
     this.ow=new Oneway();
     this.plain=new Uint8Array(16);
     this.plain1=new Uint8Array(16);
     this.R=new ArrayBuffer(16);
     this.perm1=new Perm(128);
     this.key1=new Uint8Array(16);
     this.perm2=new Perm(128);
     this.key2=new Uint8Array(16);
    }
    
    Myhash.prototype.myhash=function(R,flag){
     var i;
    this.perm1.doPerm(this.Pdir1,this.plain,R);
    if(this.AES1){this.R=AES.encrypt(this.plain,this.key1);
     }else{
     this.R=AES.decrypt(this.plain,this.key1);
    }
      if(flag){
        this.ow.fillit(1);
        for(i=0;i<16;i++)this.plain1[i]=0;
      }
    this.ow.oneway(this.Owtype,this.R);
    this.ow.modit(this.R);
    
    this.perm2.doPerm(this.Pdir2,this.plain,this.R);
    if(this.AES2){this.R=AES.encrypt(this.plain,this.key2);
     }else{
     this.R=AES.decrypt(this.plain,this.key2);
    }
     for(i=0;i<16;i++)this.R[i]=this.R[i]^ this.plain1[i];
      copy(this.plain1,this.R);
     return this.R;
    };//end random
    
    Myhash.prototype.setup_myhash=function(R){
      this.key1=R.random();
      this.key2=R.random();
    console.log("Hash keys");
     printit(this.key1);
     printit(this.key2);
    
     this.perm1.createPerm();
     this.perm2.createPerm();
    
    };
    ///////////////////////////////
    function printit(W){
    console.log(W[0]+','+W[1]+','+W[2]+','+W[3]+','+
                W[4]+','+W[5]+','+W[6]+','+W[7]+','+
                W[8]+','+W[9]+','+W[10]+','+W[11]+','+
                W[12]+','+W[13]+','+W[14]+','+W[15]
               );
    }//end printit
    
    function copy(A,B){for(var i=0;i<16;i++)A[i]=B[i];}
    
    function compare(A,B){
     for(var i=0;i<16;i++)if(A[i]!=B[i])return 0;
     return 1;
    }
    ///////////////////////////////
    // Random object
    // aes1 0= encrypt, 1=decrypt
    // aes2 0= encrypt, 1=decrypt
    // pdir1 permutation direction 0 or 1
    // pdir2 permutation direction 0 or 1
    // owtype 0= add, 1= xor, 2=multiply
    //function Random(aes1,aes2,pdir1,pdir2,owtype){
    var R=new Random(1,1,0,0,0);
    R.setup_random();
    console.log("keys");
     printit(R.key1);
     printit(R.key2);
     console.log("Enter go(); into left screen, press enter");
    
    function go(){
      R.key1=R.random();
      R.key2=R.random();
      R.key1=R.random();
      R.key2=R.random();
    console.log("Randomkeys");
     printit(R.key1);
     printit(R.key2);
    ///////////////////////////////
    // Myhash object
    // aes1 0= encrypt, 1=decrypt
    // aes2 0= encrypt, 1=decrypt
    // pdir1 permutation direction 0 or 1
    // pdir2 permutation direction 0 or 1
    // owtype 0= add, 1= xor, 2=multiply
    var MH=new Myhash(1,1,0,0,0);
    MH.setup_myhash(R);
    console.log("Myhashes");
    C=new Uint8Array(16);
    D=new Uint8Array(16);
    C1=new Uint8Array(16);
    D1=new Uint8Array(16);
    for(var j=0;j<4;j++){
      C=R.random(); //fisrt block to hash
      C1=R.random();//second block to hash
      D=MH.myhash(C,1);//initializes hash
      D1=MH.myhash(C1,0);//adds to hash
     console.log(j+" plaintext");
     printit(C);
     printit(C1);
     console.log(j+" hash(PT1), hash(PT1&PT2)");
     printit(D);
     printit(D1);
    }
    }//end go
    

    The output:

    >echo(0);
    keys
    86,241,83,165,231,187,118,151,10,24,224,247,5,155,169,173
    98,173,140,6,192,202,181,73,5,180,107,39,255,128,101,152
    Enter go(); into left screen, press enter
    =undefined
    >go();
    Randomkeys
    42,27,58,194,230,236,105,20,255,239,187,194,230,236,105,131
    35,107,93,130,7,198,150,121,118,23,83,143,243,104,133,129
    Hash keys
    3,173,75,244,230,236,105,20,199,51,208,244,230,236,105,108
    78,11,5,145,114,186,64,56,35,74,240,253,216,142,195,239
    Myhashes
    0 plaintext
    94,233,45,61,231,236,105,20,129,249,178,61,231,236,105,254
    221,170,249,50,122,205,13,201,183,162,161,143,108,90,139,132
    0 hash(PT1), hash(PT1&PT2)
    71,76,23,135,37,184,17,104,9,201,154,228,75,139,43,70
    210,79,102,138,26,8,203,47,131,217,136,28,223,42,118,1
    1 plaintext
    77,121,156,159,231,236,105,20,127,138,34,160,231,236,105,29
    60,154,90,164,13,40,94,68,30,61,8,23,20,20,250,142
    1 hash(PT1), hash(PT1&PT2)
    187,159,41,38,232,148,215,100,160,137,110,238,132,225,187,30
    131,47,12,173,43,34,244,214,196,202,243,66,152,44,80,24
    2 plaintext
    118,53,38,1,232,236,105,20,117,90,163,1,232,236,105,210
    100,3,81,31,17,127,119,23,221,106,166,29,214,11,65,159
    2 hash(PT1), hash(PT1&PT2)
    229,120,199,141,209,44,28,26,243,118,209,239,21,203,233,121
    106,110,17,4,66,253,193,144,149,44,178,108,5,152,222,13
    3 plaintext
    100,248,143,98,232,236,105,20,100,178,16,99,232,236,105,58
    234,172,140,20,0,12,253,183,231,119,12,218,29,75,127,80
    3 hash(PT1), hash(PT1&PT2)
    48,226,109,106,2,245,197,206,251,241,239,74,211,245,123,138
    155,135,118,138,242,147,191,120,240,157,133,162,141,219,83,151
    
    

    1 Attachment

  • Cryptographic Parameters Used in cryptomsg4.js
    The objects that use cryptographic parameters:

    1. Random
      1.1. AES1 flag 0 or 1
      1.2. AES2 flag 0 or 1
      1.3. Pdir1 0 or 1
      1.4. Pdir2 0 or 1
      1.5. Owtype 0, 1, or 2
      1.6. Perm1 128 bytes
      1.7. Perm2 128 bytes
      1.8. Key1 16 bytes
      1.9. Key2 16 bytes
      293 bytes

    2. Myhash
      2.1. AES1 flag 0 or 1
      2.2. AES2 flag 0 or 1
      2.3. Pdir1 0 or 1
      2.4. Pdir2 0 or 1
      2.5. Owtype 0, 1, or 2
      2.6. Perm1 128 bytes
      2.7. Perm2 128 bytes
      2.8. Key1 16 bytes
      2.9. Key2 16 bytes
      293 bytes

    3. Client only:
      One Random object 293 bytes

    4. Server only:

    5. One Random object 293 bytes
      Shared copies on Client and Server:

    6. .permIDPW 128 bytes
      4 sets of hash parameters

    7. MsgHash 293 bytes

    8. AuthHash 293 bytes

    9. IDPWHash 293 bytes

    10. IDPWkeyHash 293 byes
      1210 bytes
      Total cryptographic bytes in server or client = 1210+292 = 1503 bytes.

    Since the client and server have independent Random objects in the cryptomsg5.js, it would be possible to periodically generate new cryptographic parameters. Perhaps this rekey could be implemented with a setInterval() function using a random interval.

    Additional cryptographic entropy could be added to the message by the following means:
    Currently the text[1] part of the message only carries the encrypted ID+password hash and is cleared to zero for all other messages. If in the zero cases, text[1] contained a random number, and a 32 element permutation of bytes over the text[1] and Rnd blocks the entropy would be increased. A 256 element permutation of bits could also be used, or do the 32 byte permutation followed by 128 bit permutation on each resulting block.
    A key exchange password could allow the text[1] to be used to move keys in a covert manner that would appear to be normal operation.
    The protocol could require the ID password hash be validated on every logged in command instead of just once.
    In the first call to a hash, two parameters are initialized. Cryptographic salt could be used for the initial values.
    Note on the direction flags:
    The direction flags make use of the bidirectional properties of AES and the permutations.
    AES1 flag 0 or 1
    AES2 flag 0 or 1
    Pdir1 0 or 1
    Pdir2 0 or 1
    Plaintext can be encrypted to cipher text A and the decrypted back to plaintext, or
    Plaintext can be decrypted to cipher text B and then encrypted back to plaintext.
    A not equal to B.
    A similar process occurs with the permutation function.
    It would be possible to use bits in the RND field to modulate the flags dynamically.

    The low cryptographic entropy problem:
    A commercial device allows remote operation of a lock.
    The device is controlled by two messages Lock and Unlock.
    The messages differ by one bit in the message and by several bits in the CRC or hashed check code.
    A modem using a stream cipher is used to send the Lock and Unlock messages.
    The stream cipher makes uses of synchronized random number generators to exclusive or a different random byte with each byte of the message. A=R1 ^ M1, M1=A^R1.
    If an attacker can intercept and modify the message, show that he could use:
    B= M1^M2, C=B^A to change a Lock to an Unlock or an Unlock to a Lock command.
    The stream cipher produces cryptographic confusion but no diffusion. A permutation function can be used to introduce diffusion ( swapping the bits/bytes around in the message) Note that AES in block mode produces both confusion and diffusion but produces the same output for the same input making the message subject to replay without additional steps.

    Link from the cryptographic anxiety closet: (Once a can of worms is opened the only process that works is to contain them is a larger can,)
    https://securityevaluators.com/knowledge/case_studies/rfid/

  • Some changes to the oneway function:
    A test program oneway16bit.js was created. (type go(); in the left pane after loading)
    It was found that the oneway add and xor modes produce the same results. The xor mode doesn’t require the modit function. The add mode produces a lot of hash collisions. As written with a seed of all 1’s the xor and add modes produce 4 collisions over a field of 1024 values.
    This results are shown in oneway16bit1024.xlxs.

    The program was modified oneway16bita.js. (type go(); in the left pane after loading)
    The function is seeded with the initial data in place of all 1’s.
    This change eliminated the collisions in the xor mode.
    The results are shown in oneway16bita1024.xlxs.
    The changes have been applied in cryptomsg5.js


    4 Attachments

  • I'm a bit lost... What is it that you are implementing? Some well-know crypto protocol?

  • I'm trying to create and implement a cryptographic protocol that makes it difficult to replay, modify or spoof command messages and the reply messages. Both the server and client are together on one Pico for the development phase. At some point I would like to implement to server and client on separate devices with a suitable communication link.

    I've run into problems with the one way function and am seriously considering its elimination.
    It is not needed or could be replaced with one of the SHA functions.(SHA1, SHA256 etc.)

  • On the Pico there's also the Crypto library that should do AES encryption - you could use that with the code that you already have for key exchange?

  • AES is used in the hash function and the password functions. The Pico seems to do the AES without using the library. For the SHA functions the library has to be "required". If this is a problem please let me know.

    The key exchange still needs to be implemented. I favor calling it the "Squirt" function after the "technical" term I heard when hanging out in a committee. A Diffie-Helman key exchange or AES? The method really depends on how many clients. One client and one server or many clients (one at a time likely) and one or more servers.

    A transport layer needs to be added. TLS would add the information hiding of a stream cipher and if used with a digital certificate it would add authentication. Some reading on TLS says it can be made to authenticate both ends, although it commonly only authenticates the server.
    The transport layer could also add permutations to swap bytes and bits around in the message.
    It's harder search for a key given known plaintext and cipher text if the bits have been repositioned. (Get out your solar powered calculator and ask it to do 128 factorial and watch the Sun dim.)

    As for using the SHA algorithms, one must consider the results of a Google search such as SHA256 decrypt
    For example:
    https://md5hashing.net/hash/sha256

  • For the SHA functions the library has to be "required". If this is a problem please let me know.

    No, it's no problem at all - to be honest you should kind of need it for most of them.

    It's a thought actually - Espruino supports TLS over sockets. You could actually write a JS Socket library (like is done for ESP8266/SIM900) that sends data over your given transport layer (if you were using some custom radio) and then you could use the built-in TLS support.

  • For better understanding:
    Cryptographic Protocol vs Cryptographic Primatives
    https://en.wikipedia.org/wiki/Cryptographic_protocol
    https://en.wikipedia.org/wiki/Cryptographic_primitive

    Primitives used:
    Block Cipher: Notation is CIPHkey(M), where CIPH = AES128, using key, on block M
    https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

    CMAC: Notation CMAC(key,M)
    https://en.wikipedia.org/wiki/CBC-MAC
    https://en.wikipedia.org/wiki/One-key_MAC
    http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
    https://github.com/allan-stewart/node-aes-cmac

    Permutations: Notation Perm(P,M) for bit level, Permbyte(P,M)
    http://courses.cs.vt.edu/~cs1044/fall02/mcquain/Projects/4/PermuCrypt.pdf
    http://www.mathplanet.com/education/algebra-2/discrete-mathematics-and-probability/permutations-and-combinations

    Random Number Generator: Notation RNG(key)

    The protocol: ( note the “||” indicates concatenation of blocks)
    A message is composed of four 16 byte blocks followed by a 16 byte MAC,
    The blocks are denoted as:
    Text1=RNG(keyrng) but Text1[0] contains crypto command, other bytes can be payload
    Text2=RNG(keyrng), or CMAC(keyIdPw,ID || Password), can be payload if not IDPW
    RND=RNG(keyrng),
    AUTH=CMAC(keyauth,RND in previous message),
    and
    MAC = CMAC(keymac,Text1 || Text2 || RND || AUTH )
    Bit and byte permutations can be applied as well as sending the message using a stream cipher.

    I am currently working on porting the allan-stewart/node-aes-cmac onto the Pico in preparation of a rewrite of the protocol implementation.

  • Run this on a PICO. See previous post to explain a CMAC.
    The CMAC is working as a module. AEScmac.js
    testAEScmac.js uses the module to run the NIST test values.
    There are two tests.
    Test one expects one long array as input.
    Test two allows 16 byte blocks in different locations to be pointed to as input.
    In test two if there is a partial block at the end, remember to pad the block. (see the test code for the 320 bit example. Test one inserts the padding.
    The output of testAEScmac.js

    AEScmac from one large array
    keys
    2b,7e,15,16,28,ae,d2,a6,ab,f7,15,88,9,cf,4f,3c,
    fb,ee,d6,18,35,71,33,66,7c,85,e0,8f,72,36,a8,de,
    f7,dd,ac,30,6a,e2,66,cc,f9,b,c1,1e,e4,6d,51,3b,
    Example 1 null message
    bb,1d,69,29,e9,59,37,28,7f,a3,7d,12,9b,75,67,46,
    Valid
    Example 2 , 128 bit message
    7,a,16,b4,6b,4d,41,44,f7,9b,dd,9d,d0,4a,28,7c,
    Valid
    example 3, 320 bit message
    df,a6,67,47,de,9a,e6,30,30,ca,32,61,14,97,c8,27,
    Valid
    example 4, 512 bit message
    51,f0,be,bf,7e,3b,9d,92,fc,49,74,17,79,36,3c,fe,
    Valid
    AEScmac from Uint8Arrays
    keys
    2b,7e,15,16,28,ae,d2,a6,ab,f7,15,88,9,cf,4f,3c,
    fb,ee,d6,18,35,71,33,66,7c,85,e0,8f,72,36,a8,de,
    f7,dd,ac,30,6a,e2,66,cc,f9,b,c1,1e,e4,6d,51,3b,
    Example 1 null message
    bb,1d,69,29,e9,59,37,28,7f,a3,7d,12,9b,75,67,46,
    Valid
    Example 2 , 128 bit message
    7,a,16,b4,6b,4d,41,44,f7,9b,dd,9d,d0,4a,28,7c,
    Valid
    example 3, 320 bit message
    df,a6,67,47,de,9a,e6,30,30,ca,32,61,14,97,c8,27,
    Valid
    example 4, 512 bit message
    51,f0,be,bf,7e,3b,9d,92,fc,49,74,17,79,36,3c,fe,
    Valid
    

    2 Attachments

  • Message4.js 18 Aug 2016
    Testing the RNG and AEScmac cryptographic primitives for use in the cryptographic protocol.
    require("RNG")
    require("AEScmac")
    The AEScmac is used to validate the entire message in Mhash
    The AEScmac is applied to the previously sent Rnd and compared to
    The Auth block to validate that the sender of the message possesses
    The keys and is authentic.
    The AEScmac is NIST approved
    The RNG (random number generators) are two different instances with different keys on the client and server and do not need to be synchronized
    They can be randomized at random intervals.
    The output of Message4.js

    Auth and Mhash keys
    97,79,5c,b2,76,68,8,ea,88,a9,11,b3,ca,a7,d8,d,
    3a,8b,60,3c,70,61,9c,7,99,3e,c,c3,65,dd,b1,ff,
    Client builds and sends inital message
    Message=
    41,31,fd,1e,8f,21,41,d6,f2,33,90,16,be,c5,b0,75,
    94,84,49,64,37,1b,74,7,b7,81,62,95,6c,3b,98,da,
    6,6,a7,8c,7e,ff,21,29,d8,4a,e3,60,e4,a6,d,21,
    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
    ab,c3,87,86,83,e8,c6,47,e4,41,fa,62,43,70,56,a,
    Server checks the message
    checking Mhash
    Valid
    Server builds and sends reply message
    Message=
    41,86,93,5b,ee,5f,f1,c9,b4,59,5e,42,f3,72,cf,c2,
    da,f9,db,87,d0,b,47,6b,e4,59,c8,26,59,9c,5e,2f,
    b0,9b,f7,e0,70,16,ed,bd,fe,5c,18,de,a5,25,eb,e3,
    8,a9,a5,1d,59,55,37,c3,45,bc,65,37,fe,12,34,50,
    2f,a6,4e,35,94,3f,77,fc,89,45,68,ec,fe,15,b6,62,
    Client checks the message
    checking Mhash
    Valid
    checking Auth
    Valid
    Client builds and sends reply message
    Message=
    42,9,63,23,50,5f,4b,0,d1,bd,c0,32,cc,e1,2a,e9,
    21,cd,fd,f,f8,4,cc,57,c0,b3,50,c1,fc,1b,1a,7,
    dc,98,81,85,9d,5e,e5,b1,d,e,21,ea,bd,2c,53,17,
    c3,9b,80,a8,bb,f1,22,27,9c,e4,71,3a,6,21,62,d8,
    59,f8,7,1f,ba,d7,3a,6b,7b,b8,13,10,5c,e7,53,a7,
    Server checks the message
    checking Mhash
    Valid
    checking Auth
    Valid
    Server builds and sends reply message
    Message=
    42,68,9a,41,25,a1,f7,76,30,ce,a,88,82,bc,e5,75,
    50,8f,4e,1e,2f,97,64,c8,68,2d,9,68,77,98,ff,de,
    6c,c,3c,6,46,d6,8d,76,64,47,ac,a8,76,eb,ce,3c,
    b9,39,9,51,80,da,7c,95,c2,4e,6e,d9,71,7,97,82,
    66,72,34,4a,2a,54,61,39,a,a3,3e,cd,c,90,75,4e,
    
    

    3 Attachments

  • Message6.js
    19 Aug 2016
    Added encryption and permutation options to the message transport.
    Set the flags at the top of this program to enable these features.
    Additional module require("permutation")

    The function that creates the permutation array has been modified.
    Let N=16, then there are 15*13*11*9*7*5*3 = 2,027,025 combinations
    If N=80, then there are 79*77*75*…*3 = 7.9777941814E+58 combinations

    Sample output with the flags set as follows:
    // flags used in the Msg transport function
    var EncryptionFlag=false;
    var PermutationFlag=false;

    In left pane enter test1();
    =undefined
    >test1();
    Auth,Mhash, and Transport keys
    f9,77,1,73,1d,86,4d,40,82,1e,29,89,0,f8,5,2c,
    56,d3,9,f8,63,58,d5,35,80,63,0,6f,91,e3,56,ff,
    ad,7d,48,da,84,3d,d,31,5,e9,52,9d,1e,4,93,bb,
    Client builds and sends inital message
    Message=
    41,40,7d,c2,d1,9b,2,a6,43,c1,24,3,6d,29,d0,6a,
    e2,f5,5a,9a,b0,f7,4f,fe,9f,73,17,f7,46,22,d4,53,
    88,cc,f4,32,59,a1,13,4c,c3,61,eb,95,11,7c,a3,ac,
    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
    6,d0,7,b0,2e,c7,3a,95,ec,39,14,76,2c,32,51,9d,
    Server checks the message
    

    Sample output with the flags set as follows:
    // flags used in the Msg transport function
    var EncryptionFlag=true;
    var PermutationFlag=false;

    In left pane enter test1();
    =undefined
    >test1();
    Auth,Mhash, and Transport keys
    f,96,3d,11,4,a2,3b,f8,9a,3c,4a,13,95,62,bc,49,
    7c,ec,7e,a,a7,a6,e1,39,d,44,dc,8b,89,c6,38,36,
    43,97,71,b7,48,f4,a9,d0,3b,57,1c,18,33,2a,22,85,
    Client builds and sends inital message
    Sending Encrpyted Message=
    ae,a9,64,60,ee,39,bb,4a,54,81,fc,dd,a6,1,28,34,
    ca,3b,e3,a3,2,d8,d2,69,6c,94,da,c8,6f,31,5a,a5,
    4,4a,5e,97,83,a2,5c,e6,f1,dc,69,a9,29,c3,18,b,
    49,5d,99,ab,36,22,32,34,45,d5,f4,1,65,9b,61,ad,
    38,59,c2,a5,27,30,6,30,df,f0,1f,35,41,b7,17,83,
    decrypt
    Message=
    41,df,1d,24,2d,c7,5f,57,64,56,48,d9,cf,6,49,d8,
    b4,a8,9f,48,c3,73,7d,a5,27,58,8,a8,17,95,e4,2f,
    c8,56,14,5a,bc,d9,35,69,6d,91,9a,85,e8,59,f8,d0,
    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
    48,71,67,d0,3d,7a,89,10,88,7a,4c,ac,f2,ba,85,c8,
    Server checks the message
    

    Sample output with the flags set as follows:
    // flags used in the Msg transport function
    var EncryptionFlag=false;
    var PermutationFlag=true;
    The permutation rearranges the byte order in the message.
    Can you find the 0x41?

    In left pane enter test1();
    =undefined
    >test1();
    Auth,Mhash, and Transport keys
    e1,b4,52,64,3c,68,ab,fc,c7,94,66,90,b6,ad,b7,a5,
    29,b3,82,22,c3,d5,5e,36,97,a6,39,e3,46,77,4a,f1,
    bd,6e,76,7,f,d6,37,24,8f,10,40,c2,5f,6,49,e7,
    Client builds and sends inital message
    Sending Permutated Message=
    6d,0,ef,98,0,a8,66,ea,ed,41,a8,51,fc,9,5b,8f,
    0,22,a6,0,1e,d5,e,ae,94,0,0,0,0,0,88,0,
    61,8,ce,0,1b,66,c5,58,7a,d4,cb,3,5b,66,4a,0,
    68,b4,f5,98,9e,0,54,51,10,b4,0,58,c1,30,50,34,
    f8,3e,0,66,71,cf,f2,d4,74,91,36,c5,81,0,3d,0,
    Message=
    41,c1,d4,cf,b4,81,9,ea,94,6d,c5,f2,3d,66,3e,0,
    54,a6,22,98,91,3,71,61,ed,58,f5,30,68,34,ce,10,
    ae,58,88,8f,1b,66,f8,8,cb,ef,7a,d5,d4,4a,66,9e,
    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
    c5,5b,51,74,e,98,51,5b,66,1e,36,a8,a8,50,fc,b4,
    Server checks the message
    

    Sample output with the flags set as follows:
    // flags used in the Msg transport function
    var EncryptionFlag=true;
    var PermutationFlag=true;

    In left pane enter test1();
    =undefined
    >test1();
    Auth,Mhash, and Transport keys
    6,ce,ee,5b,9e,2b,7c,1c,6,cd,a2,b4,71,be,e,68,
    fe,67,2a,fc,85,17,2f,66,7c,4b,42,a1,e7,de,d9,46,
    19,4d,1,69,61,72,64,e0,17,3b,fb,4c,2e,9e,96,f4,
    Client builds and sends inital message
    Sending Permutated Message=
    23,7a,a2,ba,15,8b,9,a2,ce,7d,6a,32,83,bb,20,48,
    fb,ef,65,8d,79,cf,97,53,2e,30,69,98,c1,8a,62,89,
    fe,8a,f9,b5,6,d8,6f,cd,e4,82,17,e0,51,28,5f,72,
    d6,db,61,5e,cb,5,7a,4,7f,bd,9b,e4,24,1a,7e,d5,
    6e,52,ad,a8,34,b7,6b,27,c7,be,e8,96,8b,34,94,1c,
    Sending Encrpyted Message=
    8d,b5,e4,fe,32,8a,1c,ce,a2,6,6a,15,fb,5,d5,ad,
    83,51,6f,23,82,2e,e0,5e,cf,7e,c7,8a,1a,8b,62,f9,
    ba,98,89,7a,7d,9b,65,6b,a2,79,34,97,ef,52,be,7f,
    61,b7,d6,53,4,bb,bd,cb,72,7a,d8,34,a8,c1,30,20,
    27,28,48,24,17,db,cd,6e,69,5f,94,8b,96,e4,e8,9,
    decrypt
    Message=
    41,10,bf,23,b,4c,7,f8,a5,d9,9f,d5,f4,d7,23,6a,
    ec,59,7c,62,5e,3f,a,1f,94,c1,af,ed,d5,a5,38,4,
    59,48,4d,c6,70,c7,90,7d,b,a8,7a,f1,53,48,99,4b,
    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
    b8,85,cc,6,a4,2b,db,b,26,58,de,8a,8e,5,dc,ea,
    Server checks the message
    

    4 Attachments

  • KryptoMessage1.js
    20 Aug 2016
    The left pane of the WebIDE is used as the client input.
    Run the program and type help(); to list the commands.
    Added encryption and permutation options to the message transport
    Set the flags at the top of this program to enable these features.
    This cryptographic protocol uses the permutation. RNG, AES, and AEScmac cryptographic primitives.
    require("RNG") ("AEScmac") ("permutation")
    The AEScmac is used to validate the entire message in MsgCmac.
    The AEScmac is applied to the previously sent random number (Rnd.) and compared to
    the Auth block to validate that the sender of the message possesses the keys and is authentic.
    The server contains a list of user IDs, an AEScmac( ID,password), and a lexical level.
    The client has to enter a user ID and password. The AESmac is calculated and AES encrypted using a key derived from an AES encryption of the random number in the last server message. A lexical level of zero allows access to the LED on and LED off commands. A lexical level of one is to be used to allow transfer of cryptographic keys
    AES and AEScmac algorithms are NIST approved.
    This implementation of AES and AEScmac are not NIST certified
    The RNG (random number generators) are two different instances with different keys on the client and server and do not need to be synchronized and they can be randomized at random intervals.
    // flags used in the Msg transport function
    //var EncryptionFlag=true;
    //var PermutationFlag=true;
    var EncryptionFlag=false;
    var PermutationFlag=false;
    // ReplayFlag controls the recording of msgs for replay
    var ReplayFlag=true;
    //var ReplayFlag=false;


    4 Attachments

  • Keygenerator1.js creates keys for the Kryptomessage protocol and writes them to EEROM in the Pico.
    The screen output at the end is copied into the
    Squirt1.js program.
    Copy and paste the buff[] and IDPWlist[] arrays into the Squirt program
    Loading and running Squirt1 can then write the same keys into other Pico devices.
    KeyFromRom1.js is used to read the keys from the EEROM and will be incorporated into the Kryptomessage.js at a later time.


    3 Attachments

  • KryptoMessage3.js 25 Aug 2016
    For use on Espruino Pico device
    Requires: RNG.js, AEScmac.js, permutation.js (see posts above for files)
    FlashEEPROM.js from Espruino web site.
    Uses serial port 1 (can be changed in configuration at top) in a hardware loopback.
    Connect pins B6 and B7 together.
    Reads analog input on Pin B1.
    There are a number of flag variables at the top of the program:
    Flag to suppress server text to console:
    var showserver=0;
    //var showserver=1;
    Where to get the cryptographic keys:
    //var KeysFromRom=0; //Generate keys as before this point
    var KeysFromRom=1;//read keys from ROM see previous post for the key generator and squirt programs to insert the keys into the EEROM
    Serial port parameters:
    //var useserialflag=0;
    var useserialflag=1;
    var baudrate=115200;
    var Port=Serial1;
    Flags used in the Msg transport function:
    //var EncryptionFlag=false;
    var EncryptionFlag=true;
    //var PermutationFlag=false;
    var PermutationFlag=true;
    ReplayFlag controls the recording of msgs for replay:
    var ReplayFlag=true;
    //var ReplayFlag=false;
    This version redirects the console in order to create a menu on the USB port to that the program can be operated from a terminal program or from the left pane of the WebIDE.
    BE SURE TO TYPE 0 TO MAKE THE RUNNING PROGRAM RESTORE THE CONSOLE TO THE USB PORT! This will avoid having to reset the PICO by cycling the power.
    The Menu:

    Select using digit and return key
    1 Connect    6 Cshow
    2 Logoff     7 LEDon
    3 Creplay    8 LEDoff
    4 Creset     9 Read ADC
    5 Sshow      0 Exit
    

    Connect starts the client to server connection.
    It asks for the User ID and Password Id= Sam, PW= 1234
    (unless you change these in the key generator program)
    Logoff tells the server that connect will be needed for access.
    Creplay is used after a session to replay client messages for testing
    Creset resets the replay buffers
    Sshow prints the recorded server messages
    Cshow prints the recorded client messages
    LEDon, LEDoff operate the LED on the PICO.
    Read Adc reads a 0 to 4096 (12 bits) value from pin B1.
    And finally Exit restores the console to the USB port.
    /*
    Todo add0x32 message if wrong Id and password
    Todo rework PICO commands into a User client and server functions
    Todo add code for lexlevel 1 to generate keys on the client and send them to the server
    Todo split into server and client versions on two different PICOs
    Todo connect server and client PICOs using serial port
    */

    /*
    Done see if serial1 and serial2 on PICO can be used to connect
    the server and client portions of this program
    Solution use serial1 in loopback with flag
    Done write a program that generates keys and writes the to ROM
    Done read the keys from the ROM
    Done add 0x30 and 0x31 code for server bad msg, client not authentic
    Done add blend function to msg send and recieve functions
    Done add code to do menu on USB allows terminal program to operate

    Select using digit and return key
    1 Connect    6 Cshow
    2 Logoff     7 LEDon
    3 Creplay    8 LEDoff
    4 Creset     9 Read ADC
    5 Sshow      0 Exit
    <- USB
    >1
    do connect
     Client builds and sends inital message
    Permutated Encrypted Message=
    60,d4,88,53,63,4e,c1,43,d,94,61,c,e6,37,14,e8,
    a3,68,bd,c0,cd,c0,2a,e8,a4,3a,7e,aa,dd,82,91,4f,
    1d,66,74,41,b7,90,45,97,7,51,13,8e,ab,7f,2c,c,
    45,2,e3,4f,e3,8e,c3,aa,ec,a6,e1,f9,ab,c7,4f,93,
    3b,a6,a7,61,14,3b,25,90,9b,32,4f,d4,54,70,f,d8,
    Enter User ID
    process server
    decrypt
    Server replies to connect message
    Permutated Encrypted Message=
    8b,cf,f9,2b,85,10,79,ca,9d,3d,c9,80,19,c4,ed,5b,
    2,bf,c0,5,74,fb,9e,2f,88,5f,c5,11,ba,8d,31,51,
    9,e9,78,90,24,e0,35,8c,e6,a7,eb,de,69,b8,57,9a,
    19,f1,f1,9f,ee,f9,6e,48,e1,d9,3a,8c,1a,7e,bc,68,
    33,7b,3a,e2,39,b4,a3,61,ca,98,fd,aa,ec,d8,6f,a5,
    server transmits
    process client 80
    decrypt
     Client checks the server message
    Client check of server msg OK
    Client checks if the server is authentic
    Server is Authentic
    Enter User ID
    Sam
    Enter Password
    1234
    Login using Sam and 1234
    Client login message
    Permutated Encrypted Message=
    1f,f0,25,77,2,b5,d0,13,cf,63,8e,b9,ef,fe,95,e8,
    73,ae,f9,88,a3,d4,0,56,32,d5,f9,c0,4c,6,5b,d9,
    7c,e4,c,ef,64,ee,2c,a3,cf,dc,c3,86,d3,f,2f,3f,
    57,c4,98,31,b6,ad,47,81,3a,21,ae,3f,90,22,57,69,
    7c,d0,da,0,54,88,34,7c,f0,5f,ef,a0,c5,a7,e,ab,
    process server
    decrypt
    Permutated Encrypted Message=
    63,28,3e,c4,c5,3,b5,f0,7d,66,81,c8,74,99,5e,4f,
    6,a3,46,29,49,a5,e,bf,79,b7,64,4f,98,4c,c4,34,
    75,46,7c,7c,5e,a0,1f,af,32,9d,e6,13,2b,66,b9,18,
    54,32,83,19,63,ff,3e,f1,de,ab,77,ab,f,f2,65,fb,
    d8,f0,49,e9,80,16,ee,e7,b,bd,fd,63,4d,48,49,e7,
    server transmits
    process client 80
    decrypt
     Client checks the server message
    Client check of server msg OK
    Client checks if the server is authentic
    Server is Authentic
    Client sees msg 0x42
     
    Select using digit and return key
    1 Connect    6 Cshow
    2 Logoff     7 LEDon
    3 Creplay    8 LEDoff
    4 Creset     9 Read ADC
    5 Sshow      0 Exit
    

    1 Attachment

  • ServerKM1.js and ClientKM1.js 29 Aug. 2016
    KryptoMessage3.js has been divided into the server and client programs that run on two different PICOs.
    I used the Squirt.js to install the cryptographic keys on both PICOs.
    To use connect the serial1 ports on each PICO to the other PICO.
    P1 B6 to P2 B7, and P1 B7 to P2 B6. Connect the PICO grounds if they are to run on separate computers. I ran both from one computer.
    Using WebIDE load and run one PICO with ServerKM1.js. If on one computer disconnect from the server PICO and connect to the remaining client PICO. Load and run Client KM1.js

    >echo(0);
    =undefined
    >Auth key
    48,5b,9,c,e2,9d,61,91,a2,b0,d2,87,ee,4e,cb,e4,
    MsgCmac key
    83,52,a2,d3,a4,fd,7d,a3,91,8f,91,81,76,c,f3,83,
    PWIDcmac key
    f,7a,fc,89,2,57,45,33,7f,bd,37,5c,c4,a7,f7,d2,
    PWIDCkeykey key
    86,69,df,9f,25,21,bb,a1,5f,1f,28,1d,92,29,96,85,
    Transport Encryption key
    a1,62,33,fb,c3,36,86,9d,ef,9f,58,7f,a,1b,be,96,
    Permutation
    9,69,44,5,17,3,37,46,72,0,74,21,70,19,40,26,27,4,79,13,
    58,11,68,59,51,56,15,16,60,32,49,73,29,61,42,77,66,6,67,52,
    14,48,34,63,2,78,7,62,41,30,50,24,39,64,76,65,25,57,20,23,
    28,33,47,43,53,55,36,38,22,1,12,71,8,31,10,75,54,35,45,18,
    ID= Sam PW= 1234
    -> LoopbackB
     
    Select using digit and return key
    1 Connect    6 Cshow
    2 Logoff     7 LEDon
    3 Creplay    8 LEDoff
    4 Creset     9 Read ADC
    5 n/a        0 Exit
    <- USB
    

    Notice item 5 of the menu has been removed as there is no access to the sever code on the client.


    3 Attachments

  • ServerKM3init.js and ClientKM3.js 4 Sep. 2016
    These files incorporate the Kryptomessage protocol into two different PICOs each connected to an ESP8266 using the PICO shim.
    The Squirt utility was used to write the cryptographic keys into the EPROM on each PICO. See previous posts for modules and squirt.js
    To run these programs you will need to “Squirt” the keys into the PICOs.
    Edit ServerKM3init.js with your router information:
    var SSID="router SSID";
    var key= "router key";
    Load Server KM3init.js into the first PICO and enter “save();” into the left screen.
    It should save the program so that at power up the program will run. It usually goes on to connect to the router. Note the server IP address. With a browser you can pull the server up by using http://192.168.1.4:8080/ where 192.168.1.4 is the IP address. Your server IP address may be different
    With the second client PICO pull up ClientKM3.js and edit the following with your local information.
    ServerIP="192.168.1.4";
    //setup WiFi access parameters
    var RouterSSID="router SSID";
    var Routerkey= "routerkey";
    Load and run ClientKM3.js.
    At this point, I disconnect from the client PICO and reconnect with the Server PICO using WebIDE. I use Putty (or another terminal program, to connect to the Client PICO at 155,200 baud.

    The Client Screen using Putty

    8
    do LEDoff
    Client user message
    Permutated Encrypted Message=
    e6,f8,af,13,54,7e,b7,e9,3b,c0,7e,95,2b,6b,14,4c,
    15,24,41,37,ae,36,76,18,d2,bc,31,ae,3d,62,74,9a,
    ed,e1,3d,f,7d,1,10,c6,ea,66,b,de,bc,27,72,6c,
    e1,cf,2a,b4,2f,1a,b7,e,4a,ef,a6,43,30,cf,9,d0,
    57,3b,9a,c7,e9,3a,e6,10,2a,83,ef,9b,a5,6a,d8,db,
    80
    192.168.1.4
    send
    Closed: 80
    process client
    decrypt
     Client checks the server message
    Client check of server msg OK
    Client checks if the server is authentic
    Server is Authentic
    Client sees msg 0x43
    
    Select using digit and return key
    1 Connect    6 Cshow
    2 Logoff     7 LEDon
    3 Creplay    8 LEDoff
    4 Creset     9 Read ADC
    5 n/a        0 Exit                                                            { "free": 2311, "usage": 2789, "total": 5100, "history": 2021,
      "stackEndAddress": 536959420, "flash_start": 134217728, "flash_binary_end": 376280, "flash_code_start": 134234112, "flash_length": 393216 }
    >
    

    The Server Screen:

    decrypt
     Server checks the client message
    Server check of client msg OK
    Server checks if the client authentic
    Server check of client authenticity OK
    Permutated Encrypted Message=
    5a,7f,c2,cd,3d,c3,1d,c6,c3,a3,b6,f9,6e,cd,2f,b1,
    52,b0,27,b5,ae,8b,5c,29,48,9f,70,a,3d,51,7,3a,
    4f,a1,f2,17,7,d1,cf,f5,d5,b6,76,ad,b4,46,d3,db,
    7f,d0,b2,c7,8a,48,e7,4f,f9,1d,b2,41,46,b8,23,44,
    8e,29,13,33,fd,5b,9b,21,9d,73,3,30,d9,54,e4,e8,
    server transmits
    Close= false
    Post
    Post length=  80
    doing command
    process server
    undefined
    e6,f8,af,13,54,7e,b7,e9,3b,c0,7e,95,2b,6b,14,4c,
    15,24,41,37,ae,36,76,18,d2,bc,31,ae,3d,62,74,9a,
    ed,e1,3d,f,7d,1,10,c6,ea,66,b,de,bc,27,72,6c,
    e1,cf,2a,b4,2f,1a,b7,e,4a,ef,a6,43,30,cf,9,d0,
    57,3b,9a,c7,e9,3a,e6,10,2a,83,ef,9b,a5,6a,d8,db,
    decrypt
     Server checks the client message
    Server check of client msg OK
    Server checks if the client authentic
    Server check of client authenticity OK
    Permutated Encrypted Message=
    fb,c3,53,2,49,68,36,87,4a,28,cd,f8,55,b9,bf,79,
    16,2d,6b,39,af,ec,d5,ee,b2,2c,d7,77,12,83,88,ed,
    50,9c,29,30,2a,c3,3e,2,a7,3,18,f9,7a,48,ef,2a,
    5,57,f7,cd,71,c7,17,f1,52,16,4e,17,e6,da,5e,c0,
    c8,a5,3b,1f,22,a0,6e,5f,6d,fc,78,25,3a,96,12,57,
    server transmits
    Close= false
    

    User ID = "Sam" Password "1234"


    2 Attachments

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Cryptographic Protocol on a PICO

Posted by Avatar for ClearMemory041063 @ClearMemory041063

Actions