Vault 7: Projects
This publication series is about specific projects related to the Vault 7 main publication.
// Structure to contain the created AES round keys
AES_ROUND_KEYS_128_BIT round_keys;
// Buffer to contain encrypted plaintext
uint8_t cipher_text[sizeof(plain_text)];
//keyStream could also be allocated memory instead of fixed memory
uint8_t keyStream[AES_BLOCK_SIZE*4];
// Structure to contain the calculated authentication tag
uint8_t tag[16];
// Initialization call for the AES module
sysObject = DRV_AES_Initialize (DRV_AES_INDEX, NULL);
if (sysObject != SYS_MODULE_OBJ_STATIC)
{
// error
}
// Driver open call for the AES module
handle = DRV_AES_Open (DRV_AES_INDEX, 0);
if (handle != DRV_AES_HANDLE)
{
// error
}
//Create the AES round keys. This only needs to be done once for each AES key.
AES_RoundKeysCreate (&round_keys, (uint8_t*)AESKey128, AES_KEY_SIZE_128_BIT);
// Initialize the Block Cipher context
BLOCK_CIPHER_GCM_Initialize (handle, &context, AES_Encrypt, AES_Decrypt, AES_BLOCK_SIZE,
(uint8_t *)ivValue, 12, (void *)&keyStream, sizeof(keyStream), &round_keys);
//Generate 4 blocks of key stream
BLOCK_CIPHER_GCM_KeyStreamGenerate(handle, 4, &round_keys, &context, 0);
// Authenticate the non-encrypted data
if (BLOCK_CIPHER_GCM_Encrypt (handle, NULL, (uint8_t *)authData, 20, NULL, 0, &round_keys,
&context, BLOCK_CIPHER_OPTION_AUTHENTICATE_ONLY) != BLOCK_CIPHER_ERROR_NONE)
{
// An error occured
while(1);
}
// As an example, this data will be encrypted in two blocks, to demonstrate how to use the
options.
// Encrypt the first forty bytes of data.
// Note that at this point, you don't really need to specify the tag pointer or its
length. This parameter only
// needs to be specified when the BLOCK_CIPHER_OPTION_STREAM_COMPLETE option is used.
if (BLOCK_CIPHER_GCM_Encrypt (handle, cipherText, (uint8_t *)ptShort, 40, tag, 16,
&round_keys, &context, BLOCK_CIPHER_OPTION_STREAM_CONTINUE) != BLOCK_CIPHER_ERROR_NONE)
{
// An error occured
while(1);
}
//Encrypt the final twenty bytes of data.
// Since we are using BLOCK_CIPHER_OPTION_STREAM_COMPLETE, we must specify a pointer to and
length of the tag array, to store the auth tag.
if (BLOCK_CIPHER_GCM_Encrypt (handle, cipherText + 40, (uint8_t *)ptShort + 40, 20, tag,
16, &round_keys, &context, BLOCK_CIPHER_OPTION_STREAM_COMPLETE) != BLOCK_CIPHER_ERROR_NONE)
{
// An error occured
while(1);
}
Parameters
Parameters Description
handle A handle that is passed to the block cipher's encrypt/decrypt
functions to specify which instance of the block cipher
module to use. This parameter can be specified as NULL if
the block cipher does not have multiple instances.
1.7 Library Interface MLA - Crypto Library Help Block Cipher Modes
80
Protego_Release_01_05-Related-OEM-Documentation-MLA_v2013_12_20-help_mla_crypto.pdf