Plaintext Messages

VCA defines a standard VMessage plaintext message protection format.

VMessage

Most block ciphers will happily decrypt anything fed into them, however if there are errors in the ciphertext or the ciphertext has been tampered with then the output will be something different than the original ciphertext.

How can one know that the decrypted data is indeed identical to the original plaintext? One method that can be used is to wrap blocks plaintext inside packages or “messages” which include control data indicating whether package content was modified.

In order to have a standard way of exchanging encrypted data which also includes data integrity validation the platform defines VMessage as a standard plaintext message format.

Plaintext messages

Plaintext is split up into blocks of minimum 1 and maximum 65536 bytes. For each block, a plaintext message is constructed for that block. Messages are concatenated in the same sequence as the order of their original input plaintext blocks, in order to create a message-protected representation of the plaintext.

The message format requires a hash function h, the block size b of the cipher used to encrypt, and a byte sequence mac_secret.

The message m of a single plaintext block p is

m = M(p, msg_num)

msg_num is a message number, starting with 0 for the first message in a series of messages, and incremented by one for each new message.

The output of M is a concatenation of the following byte data:

  • p_len-1, the length of p minus 1 as 2 bytes (MSB first)
  • plaintext, the plaintext p
  • padding bytes (any scheme, e.g. zero or random)
  • mac bytes for the message

The mac bytes are generated by computing a HMAC with mac_secret as the secret, and with a message which is a concatenation of msg_num_bytes, p_len, plaintext and padding. msg_num_bytes is a posint_to_bytes representation of msg_num (see VInteger Helper Functions).

The length of the padding data should be the minimum number of bytes such that the total length of the message M(p) is a multiple of the block size b.

Message validation

A message is considered valid as long as a computed HMAC of the message number, length, plaintext and padding data embedded in the message is identical to the HMAC value which is embedded in the message.

Why it works

Block ciphers are generally designed so that changes to plaintext input should cause seemingly large and random changes to encryption output, and similar for decryption. If ciphertext is tampered with then parts of the reconstructed message data should be different from the original message, and due to how hash functions work there is only a very small probability that the HMAC values align after such modifications.

Implementations

An implementation of Versile Platform must support using plaintext message protection in combination with any of the supported block ciphers and hash methods.

Table Of Contents

Previous topic

Hash Methods

Next topic

Glossary

Versile Platform

Implementations