Vault 7: Projects
This publication series is about specific projects related to the Vault 7 main publication.
• BLOCK_CIPHER_ERROR_KEY_STREAM_GEN_OUT_OF_SPACE - There was not enough room remaining in the
context->keyStream buffer to fit the key data requested by the numBlocks parameter.
• BLOCK_CIPHER_ERROR_GCM_COUNTER_EXPIRED - The requesting call has caused the counter number to run out
of unique combinations.
• BLOCK_CIPHER_ERROR_INVALID_AUTHENTICATION - The calculated authentication tag did not match the one
provided by the user.
Description
Decrypts/authenticates plain text using Galois/counter mode. This function accepts a combination of data that must be
authenticated but not decrypted, and data that must be authenticated and decrypted. The user should initialize a GCM
context using BLOCK_CIPHER_GCM_Initialize, then pass all authenticated-but-not-decrypted data into this function with the
BLOCK_CIPHER_OPTION_AUTHENTICATE_ONLY option, and then pass any authenticated-and-decrypted data in using
the BLOCK_CIPHER_OPTION_STREAM_CONTINUE option. When calling this function for the final time, the user must use
the BLOCK_CIPHER_OPTION_STREAM_COMPLETE option to generate padding required to compute the authentication
tag successfully. Note that BLOCK_CIPHER_OPTION_STREAM_COMPLETE must always be specified at the end of a
stream, even if no encryption is being done.
The GMAC (Galois Message Authentication Code) mode can be used by using GCM without providing any data to decrypt
(e.g. by only using BLOCK_CIPHER_OPTION_AUTHENTICATE_ONLY and
BLOCK_CIPHER_OPTION_STREAM_COMPLETE options).
Preconditions
The GCM context must be initialized with the block cipher encrypt/decrypt functions and the block cipher algorithm's block
size. The block cipher module must be initialized, if necessary.
The initializationVector parameter in the BLOCK_CIPHER_GCM_CONTEXT structure should be initialized. See section 8.2
of the GCM specification for more information.
Example
// ***************************************************************
// Decrypt data in GCM mode with the AES algorithm.
// ***************************************************************
// System module object variable (for initializing AES)
SYS_MODULE_OBJ sysObject;
// Drive handle variable, to describe which AES module to use
DRV_HANDLE handle;
// GCM mode context
BLOCK_CIPHER_GCM_CONTEXT context;
// Initialization vector for GCM mode
static uint8_t ivValue[12] = {0xca,0xfe,0xba,0xbe,0xfa,0xce,0xdb,0xad,0xde,0xca,0xf8,0x88};
// Data that will be authenticated, but not decrypted.
uint8_t authData[20] =
{0xfe,0xed,0xfa,0xce,0xde,0xad,0xbe,0xef,0xfe,0xed,0xfa,0xce,0xde,0xad,0xbe,0xef,0xab,0xad,0
xda,0xd2,};
// Cipher text to decrypt
static uint8_t cipher_text[] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b,
0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 0x35, 0xc1,
0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f,
0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x3d, 0x58,
0xe0, 0x91,};
// The decryption key
static uint8_t AESKey128[] =
{0xfe,0xff,0xe9,0x92,0x86,0x65,0x73,0x1c,0x6d,0x6a,0x8f,0x94,0x67,0x30,0x83,0x08};
// Structure to contain the created AES round keys
1.7 Library Interface MLA - Crypto Library Help Block Cipher Modes
82
Protego_Release_01_05-Related-OEM-Documentation-MLA_v2013_12_20-help_mla_crypto.pdf