Vault 7: Projects
This publication series is about specific projects related to the Vault 7 main publication.
AES_ROUND_KEYS_128_BIT round_keys;
// Buffer to contain decrypted ciphertext
uint8_t plain_text[sizeof(cipher_text)];
//keyStream could also be allocated memory instead of fixed memory
uint8_t keyStream[AES_BLOCK_SIZE*4];
// The authentication tag for our ciphertext and our authData.
uint8_t tag[] = {0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, 0x94, 0xfa, 0xe9, 0x5a,
0xe7, 0x12, 0x1a, 0x47,};
// Initialization call for the AES module
sysObject = DRV_AES_Initialize (DRV_AES_INDEX, NULL);
if (sysObject != SYS_MODULE_OBJ_STATIC)
{
// error
}
// Driver open call for the AES module
handle = DRV_AES_Open (DRV_AES_INDEX, 0);
if (handle != DRV_AES_HANDLE)
{
// error
}
//Create the AES round keys. This only needs to be done once for each AES key.
AES_RoundKeysCreate (&round_keys, (uint8_t*)AESKey128, AES_KEY_SIZE_128_BIT);
// Initialize the Block Cipher context
BLOCK_CIPHER_GCM_Initialize (handle, &context, AES_Encrypt, AES_Decrypt, AES_BLOCK_SIZE,
(uint8_t *)ivValue, 12, (void *)&keyStream, sizeof(keyStream), &round_keys);
//Generate 4 blocks of key stream
BLOCK_CIPHER_GCM_KeyStreamGenerate(handle, 4, &round_keys, &context, 0);
// Authenticate the non-encrypted data
if (BLOCK_CIPHER_GCM_Decrypt (handle, NULL, (uint8_t *)authData, 20, NULL, 0, &round_keys,
&context, BLOCK_CIPHER_OPTION_AUTHENTICATE_ONLY) != BLOCK_CIPHER_ERROR_NONE)
{
// An error occured
while(1);
}
// As an example, this data will be decrypted in two blocks, to demonstrate how to use the
options.
// Decrypt the first forty bytes of data.
// Note that at this point, you don't really need to specify the tag pointer or its
length. This parameter only
// needs to be specified when the BLOCK_CIPHER_OPTION_STREAM_COMPLETE option is used.
if (BLOCK_CIPHER_GCM_Decrypt (handle, plain_text, (uint8_t *)cipher_text, 40, tag, 16,
&round_keys, &context, BLOCK_CIPHER_OPTION_STREAM_CONTINUE) != BLOCK_CIPHER_ERROR_NONE)
{
// An error occured
while(1);
}
// Decrypt the final twenty bytes of data.
// Since we are using BLOCK_CIPHER_OPTION_STREAM_COMPLETE, we must specify the
authentication tag and its length. If it does not match
// the tag we obtain by decrypting the data, the Decrypt function will return
BLOCK_CIPHER_ERROR_INVALID_AUTHENTICATION.
if (BLOCK_CIPHER_GCM_Decrypt (handle, plain_text + 40, (uint8_t *)cipher_text + 40, 20,
tag, 16, &round_keys, &context, BLOCK_CIPHER_OPTION_STREAM_COMPLETE) !=
BLOCK_CIPHER_ERROR_NONE)
{
// An error occured
while(1);
}
1.7 Library Interface MLA - Crypto Library Help Block Cipher Modes
83
Protego_Release_01_05-Related-OEM-Documentation-MLA_v2013_12_20-help_mla_crypto.pdf