Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

The AES, TDES, and RSA modules are implemented using mixed C and assembly code. This can limit the architectures that
they are available on. The AES and TDES modules are implemented for the PIC24 architecture. Note that since the
instructions used by the PIC24 architecture are a subset of the instruction sets of other 16-bit architectures, the AES and
TDES modules can be used with other 16-bit architectures as well.
The RSA module has two implementations. The first implementation is for the dsPIC architecture only. This implementation
makes use of DSP instructions that are only available on this platform. This greatly improves the execution time. However,
this implementation is only available in a blocking mode. The other implementation of RSA works on all 16- and 32-bit
architectures (including dsPIC) and is available in blocking and non-blocking mode, but the execution time is greater than the
dsPIC-only implementation.
1.4.3 How the Library Works
Describes how the library works.
Description
Describes how the library works.
1.4.3.1 Block Ciphers
Describes how the block ciphers work, and how to use them with the block cipher modes of operation.
Description
Describes how the block ciphers work, and how to use them with the block cipher modes of operation.
1.4.3.1.1 Modes of Operation
Describes how the block cipher modes of operation work with each block cipher.
Description
General Functionality
Each mode of operation in the block cipher mode module is used with a specific block cipher module (e.g. AES). Before
using the block cipher mode, the user must initialize the block cipher module (if necessary). The user must then use the
block cipher's parameters and functions to initialize a block cipher mode context that will be used for the
encryption/decryption. To do this, the user will initialize several parameters for the block cipher module:
Function pointers to the encrypt/decrypt functions for their block cipher. These follow a standard prototype defined in
block_cipher_modes.h (encrypt prototype, decrypt prototype). The AES, TDES, and XTEA modules have encrypt/decrypt
functions implemented in this format, but if you use a custom cipher module you may need to create a shim layer to allow
your functions to be called with the standard prototypes.
A handle that can be passed to the encrypt/decrypt functions to uniquely identify which resources the function should use
(if necessary). If no handle is required for your block cipher you can pass in NULL for this parameter.
The block size of the block cipher you are using. The AES, TDES, and XTEA modules included with this cryptographic
library define macros that indicate their block size (AES_BLOCK_SIZE, TDES_BLOCK_SIZE, XTEA_BLOCK_SIZE).
Any initialization data needed by the mode you are using.
ECB
Using the ECB mode of operation is essentially the same as not using a mode of operation. This mode will encrypt blocks of
data individually, without providing feedback from previous encryptions.
This mode does not provide sufficient security
for use with cryptographic operations.
The only advantage that this mode will provide over the raw block cipher
encrypt/decrypt functions is that it will manage encryption/decryption of multiple blocks, cache data to be
encrypted/decrypted if there is not enough to comprise a full block, and add padding at the end of a plain text based on
1.4 Using the Library MLA - Crypto Library Help How the Library Works
17

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh