Pages: [1]   Go Down
Author Topic: SipHash, cryptographic hash library now available for Arduino (8bit)  (Read 1233 times)
0 Members and 1 Guest are viewing this topic.
Offline Offline
Newbie
*
Karma: 1
Posts: 34
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

I have finished a streaming SipHash library for Arduino.  
It is available here (http://www.forward.com.au/pfod/SipHashLibrary/index.html)

From the https://131002.net/siphash/  page
Quote
SipHash is a family of pseudorandom functions (a.k.a. keyed hash functions) optimized for speed on short messages
SipHash is secure, fast, and simple (for real):
SipHash is simpler and faster than previous cryptographic algorithms (e.g. MACs based on universal hashing)
SipHash is competitive in performance with insecure non-cryptographic algorithms (e.g. MurmurHash)


The library is small (~1200 bytes code and 42byte RAM) and fast and uses 128bit secret keys.

I will be using it to provide a per message MAC (http://en.wikipedia.org/wiki/Message_authentication_code) for authentication and verification of pfod (www.pfod.com.au) messages to provide security against hackers taking control of my pfodDevice when I am accessing it over the internet.

See http://www.forward.com.au/pfod/secureChallengeResponse/index.html for the detailed design of the message security.

matthew
« Last Edit: June 09, 2013, 11:21:01 pm by drmpf » Logged

Rapa Nui
Offline Offline
Edison Member
*
Karma: 60
Posts: 2061
Pukao hats cleaning services
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Does the key use only lower nibbles? Can I use higher nibble as well?
How long the message can be?
« Last Edit: June 09, 2013, 04:25:30 pm by pito » Logged

Offline Offline
Newbie
*
Karma: 1
Posts: 34
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

The key is 128bits  i.e. 16 bytes,  all bits are used. Upper and lower nibbles in each byte are used.
For security this key MUST BE RANDOM.  See the "Generating the Password" section towards the bottom of http://www.forward.com.au/pfod/secureChallengeResponse/index.html for a method of getting 'random' keys

The message size in unlimited (by the SipHash)
you call SipHash.updateHash((byte)c);  for each byte in the message. 
SipHash internally accumulates 8 bytes and then adds them to the hash and then discards them.
In finalize() SipHash adds the msg length % 256.  The code assigns one byte to keep this value and updates it each time updateHash() is called.

sample usage
 // Define your 'secret' 16 byte key in program memory (flash memory)
 unsigned char key[] PROGMEM = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
                               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
 // to start hashing initialize with your key
 SipHash.init(key);
 // for each byte in the message call updateHash()
 for (int i=0; i<msgLen;i++) {
   SipHash.updateHash((byte)c); // update hash with each byte of msg
 }
 // at the end of the message call finalize to calculate the result
 SipHash.finalize(); // finish
 // the unsigned char[8] variable, SipHash.result, then contains the 8 bytes of the hash in BigEndian format
Logged

Rapa Nui
Offline Offline
Edison Member
*
Karma: 60
Posts: 2061
Pukao hats cleaning services
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

So it does not encrypt the message, just creates a hash, so when I send a message to my second arduino (B), the B creates the hash (based on the same secret key I have got) upon the message, the B sends me the hash back, and I may compare the B-hash with my hash I did for the same message before. When my compare of both hashes match, I know a) the B is my friend, b) the message has not been altered by somebody during the transport to the B. Is my understanding correct please?
« Last Edit: June 09, 2013, 05:08:41 pm by pito » Logged

Offline Offline
Newbie
*
Karma: 1
Posts: 34
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Correct, the message is not encrypted (hidden). 
BUT the hash lets you check 
i) that the other party has the same secret key
ii) that the message has not be modified by some third party.

There are a few more details that need to be attended to
See http://www.forward.com.au/pfod/secureChallengeResponse/index.html for the detailed security design based on this (or some other) secure hash.
matthew
Logged

Rapa Nui
Offline Offline
Edison Member
*
Karma: 60
Posts: 2061
Pukao hats cleaning services
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

That could be used with optiboot when doing remote upload:
a) it confirms I did the upload to the proper device,
b) that nobody modified my sketch,
c) that upload has has been received properly..
Logged

SF Bay Area (USA)
Offline Offline
Tesla Member
***
Karma: 124
Posts: 6633
Strongly opinionated, but not official!
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
could be used with optiboot
Hmm.  "Could be used with a bootloader", I guess.  Adding 800+ bytes of crypto code to a 500 byte bootloader would sort of do away with the "opti" designation.
Logged

Offline Offline
Newbie
*
Karma: 1
Posts: 34
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Just checked the latest SipHash code and it appears to add about 1200 bytes in its current form (the 800 came from an eariler AVR studio code set)
Logged

Offline Offline
Newbie
*
Karma: 1
Posts: 34
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Have updated the library to allow initialization from either a key in RAM or in PROGMEM
Logged

Rapa Nui
Offline Offline
Edison Member
*
Karma: 60
Posts: 2061
Pukao hats cleaning services
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
Hmm.  "Could be used with a bootloader", I guess.  Adding 800+ bytes of crypto code to a 500 byte bootloader would sort of do away with the "opti" designation.
Adding 1200bytes to a "standard bootloader" will do it a "gigauploader". So adding it to the optiboot it will still be "opti" smiley
« Last Edit: June 10, 2013, 02:37:20 am by pito » Logged

SF Bay Area (USA)
Offline Offline
Tesla Member
***
Karma: 124
Posts: 6633
Strongly opinionated, but not official!
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
1200 bytes in its current form (the 800 came from an eariler AVR studio code set)
Really?  50% code growth going from AVR Studio to Arduino?  What happened?
Logged

Offline Offline
Newbie
*
Karma: 1
Posts: 34
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

rechecked the C code got
            Program Memory Usage    :   1032 bytes   12.6 % Full
            Data Memory Usage       :   44 bytes   8.6 % Full
found note that size was previously 920 so no idea what I was thinking when I wrote 800
Logged

Offline Offline
Newbie
*
Karma: 1
Posts: 34
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

I have added a Java version also here
 http://www.forward.com.au/pfod/SipHashJavaLibrary/index.html

This Java version differs from the existing Java implementations in two ways

i) It gives the correct result for bytes whose leading bit is set (128-255)
ii) and is a streaming implementation

matthew
Logged

Pages: [1]   Go Up
Jump to: