Vault 7: Projects
This publication series is about specific projects related to the Vault 7 main publication.
Authenticating Block Cipher Modes
Galois/Counter Mode (GCM) is a special case. It provides encryption/decryption and authentication for a set of data. The
encryption/decryption uses operations that are equivalent to counter mode, but the authentication mechanism operates on
whole blocks of data. For this reason, GCM uses keystreams to encrypt/decrypt data, but must also be padded at the end of
a set of encryptions/decryptions to generate an authentication tag. GCM can also authenticate a set of data that will not be
encrypted. For example, if you have a packet of data with a header and a payload, you could use GCM to authenticate the
header and payload with one authentication tag, but only encrypt the payload.
GCM operates on data in a specific order. First, data that is to be authenticated but not encrypted/decrypted is processed. If
necessary this data is padded to one block size. For an encryption, the plaintext is then encrypted and the resulting
ciphertext is authenticated. For a decryption, the ciphertext is authenticated, and then decrypted into a plaintext. The
authenticated ciphertext is also padded. Finally, the lengths of the non-encrypted/decrypted data and ciphertext are
authenticated, and an authentication tag is generated.
GCM Authenticated Data Organization
1.4 Using the Library MLA - Crypto Library Help Abstraction Model
12
Protego_Release_01_05-Related-OEM-Documentation-MLA_v2013_12_20-help_mla_crypto.pdf