Authenticated Ciphertext Message Examples #
An empty Message #
When a message containing 0 bytes is encrypted and authenticated, the result consists solely of a single header with a length field of value 0 (bytes in brown below).
Sending this minimal authenticated message, the sender thus identifies its random source material and its interpretation towards the receiver.
If the timestamp (bytes in red below) is filled with something meaningful or not - and whether the receiver accepts this - lays outside the AXPad method itself (this is useful for replay attack prevention when the AXPad method is used to transport network datagram packets in realtime, for example).
In any case, the timestamp contents (bytes in red below) are authenticated with everything else and included in the SHA265 HMAC computation.
The random selector that has been chosen (bytes in green below) has no effect on the ciphertext data itself (obviously, because there is none) and is included in the SHA265 HMAC computation as it is.
With #define SelectorBytes 32 the long header components are:
uint8_t hmac[32];uint8_t selector[SelectorBytes];uint8_t timestamp[8];uint8_t sequence_number[4];uint8_t message_length[4];
$ hexdump -C null.txt.axpad
00000000 02 a8 04 3b d3 af 8e ff 2e e6 c2 d1 4a de 03 e9 |...;........J...|
00000010 86 f1 08 d7 4a 64 cd 58 ae f8 29 5e 92 5c 61 b3 |....Jd.X..)^.\a.|
00000020 80 c2 28 bb 29 82 ae 0b 46 48 bd 2f 02 f0 cb 92 |..(.)...FH./....|
00000030 3a ae e3 07 b7 27 20 00 47 fa 60 b0 37 3d 36 f5 |:....' .G.`.7=6.|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050
With Partial Header Obfuscation a null (empty) message looks like this:
00000000 84 fa 40 17 e8 8d e8 5f 07 c5 55 25 6c 7f 7d 10 |..@...._..U%l.}.|
00000010 45 c7 42 5c 50 fe 5c 44 99 cc bc 55 6b b0 e3 13 |E.B\P.\D...Uk...|
00000020 94 97 69 40 63 c6 69 6c fe fd 98 16 1d 9d 26 24 |..i@c.il......&$|
00000030 c9 5d a6 00 67 79 11 a6 e7 c3 9d 79 1c 8f e6 60 |.]..gy.....y...`|
00000040 9c f7 cd 0b bc cc cc d1 87 37 ec 1f 06 dd 5e 47 |.........7....^G|
00000050
A small Message #
This is a small authenticated and encrypted message consisting of its header followed by
14 (0x0e) bytes of ciphertext (the timestamp has been set to the time of encryption in this case):
$ hexdump -C hello.txt.axpad
00000000 b5 4d 5f 51 19 2b 04 d8 84 34 f3 5b 2f 56 57 7c |.M_Q.+...4.[/VW||
00000010 eb 8a 2c bd 6f d1 49 a7 22 f5 47 7d 61 2c 74 05 |..,.o.I.".G}a,t.|
00000020 a8 00 1b 1e 6c 56 51 8a 19 bd 4d c4 e2 39 6a 4a |....lVQ...M..9jJ|
00000030 63 6e e9 b0 dd e8 00 68 f2 e0 5c 82 3f 6b 89 0a |cn.....h..\.?k..|
00000040 00 00 00 00 65 82 e4 4d 00 00 00 00 00 00 00 0e |....e..M........|
00000050 bf b3 7f e1 33 91 2c 28 2c 04 ea 8d ee c3 |....3.,(,.....|
0000005e
Again, the same small authenticated ciphertext with Partial Header Obfuscation enabled:
00000000 e4 76 28 58 74 ed 03 ae d4 23 ac a9 f3 58 58 01 |.v(Xt....#...XX.|
00000010 45 7c 81 76 0d 9f 1a 23 65 da 44 2f 9d 6b 42 ee |E|.v...#e.D/.kB.|
00000020 9c 18 cb d7 83 69 61 2e ad 89 ec b6 a0 bd 0d 17 |.....ia.........|
00000030 37 35 3f 6e 62 14 87 23 8c 46 f9 9e b2 7b 1a 53 |75?nb..#.F...{.S|
00000040 0a 27 5d 97 98 0f ff 80 90 36 fd ae 7c f5 0d a5 |.']......6..|...|
00000050 34 20 7d 59 02 b3 50 18 2d ba 78 b2 9c 0b |4 }Y..P.-.x...|
0000005e
The corresponding plaintext message in both cases was the following:
$ hexdump -C hello.txt
00000000 48 65 6c 6c 6f 2c 20 41 58 50 61 64 21 0a |Hello, AXPad!.|
0000000e
What is revealed? #
The selector and the ciphertext payload data have random properties per definition,
the hmac field inherits the random properties of the HMAC algorithm result,
the remaining 16 bytes are obfuscated by encryption.
Only without partial header obfuscation (encryption) the following data is visible:
- The length of the ciphertext payload (in the range \(0\leq{n}\lt{PadBytes}\) ).
- Timestamp and sequence number as provided by the upper protocol.