Vault 7: Projects
This publication series is about specific projects related to the Vault 7 main publication.
user-specified options.
CBC
The Cipher-block Chaining (CBC) mode of operation uses an initialization vector and information from previous block
encryptions to provide additional security.
Before the first encryption, the initialization vector is exclusive or'd (xor'd) with the first block of plaintext. After each
encryption, the resulting block of ciphertext is xor'd with the next block of plaintext being encrypted.
When decrypting this message, the IV is xor'd with the first block of decrypted ciphertext to recover the first block of
plaintext, the first block of ciphertext is xor'd with the second block of decrypted ciphertext, and so on.
CFB
Like the CBC mode, the Cipher Feedback (CFB) mode of operation uses an initialization vector and propagates information
from en/decryptions to subsequent en/decryptions.
In CFB, the initialization vector is encrypted first, then the resulting value is xor'd with the first block of the plaintext to
produce the first block of ciphertext. The first ciphertext is then encrypted, the resulting value is xor'd with the second block
of plaintext to produce the second block of ciphertext, and so on.
When decrypting, the IV is encrypted again. The resulting value is xor'd with the ciphertext to produce the plaintext, and then
the ciphertext is encrypted and xor'd with the next block of ciphertext to produce the second block of plaintext. This process
continues until the entire message has been decrypted.
OFB
The Output Feedback (OFB) mode is the same as the CFB mode, except the data being encrypted for the subsequent
encryptions is simply the result of the previous encryption instead of the result of the previous encryption xor'd with the
plaintext. Note that the result of the encryption is still xor'd with the plaintext to produce the ciphertext; the value is just
propagated to the next block encryption before this happens.
Since you don't need to have the plaintext before determining the encrypted values to xor with it, you can pre-generate a
keystream for OFB as soon as you get the Initialization Vector and Key, and then use it to encrypt the plaintext when it
becomes available. Also, since you can simply xor your keystream with a non-specific amount of plaintext, OFB is effectively
a stream cipher, not a block cipher (thought you will still use the block cipher to generate the keystream).
CTR
The Counter (CTR) mode encrypts blocks that contain a counter to generate a keystream. This keystream is then xor'd with
the plaintext to produce the ciphertext.
Usually the counter blocks are combined with an Initialization Vector (a security nonce) to provide additional security. In most
cases the counter simply is incremented after each block is encrypted/decrypted, but any operation could be applied to the
counter as long as the values of the counter didn't repeat frequently. CTR mode combines the advantages of ECB (blocks
are encrypted/decrypted without need for information from previous operations, which allows encryptions to be run in
parallel) with the advantages of OFB (keystreams can be generated before all of the plaintext is available).
GCM
The Galois/Counter Mode (GCM) is essentially the same as the counter mode for purposes of encryption and decryption.
The difference is that GCM will also provide authentication functionality. GCM will use an initialization vector to generate an
initial counter. That counter will be used with CTR-mode encryption to produce a ciphertext. The GCM will apply a hashing
function to the ciphertext, a user-specified amount of non-encrypted data, and some padding data to produce an output. This
hashed value will then be encrypted with the initial counter to produce an authentication tag. See the Abstraction Model topic
for more information on how the authentication tag is constructed.
GCM provides several requirements and methods for constructing an initialization vector. In practice, the easiest way to
create an acceptable Initialization Vector is to pass a 96-bit random number generated by an approved random bit generator
with a sufficient security strength into the BLOCK_CIPHER_GCM_Initialize function. See section 8.2 in the GCM
specification (NIST SP-800-32D) for more information.
1.4 Using the Library MLA - Crypto Library Help How the Library Works
18
Protego_Release_01_05-Related-OEM-Documentation-MLA_v2013_12_20-help_mla_crypto.pdf