Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

1.4.3.1.2 AES
Describes how the AES module works.
Description
The AES module defines DRV_AES_Initialize/DRV_AES_Deinitialize functions to initialize and deinitialize the module, and
DRV_AES_Open/DRV_AES_Close functions to control assignment of drive handles. These functions are intended to
provide compatibility with hardware AES modules; if a hardware AES driver is used, these functions will initialize it and
assign an instance of the hardware (if multiple instances are available) to the user for the AES operation they are attempting
to perform. For pure software implementations, the software driver defines default values for DRV_AES_HANDLE and
DRV_AES_INDEX that will be used in all cases.
The AES module should be used with a block cipher mode of operation (see the block cipher modes of operation section for
more information). For AES, the block cipher mode module's BLOCK_CIPHER_[mode]_Initialize functions should be
initialized with the AES_Encrypt function, the AES_Decrypt function, and the AES_BLOCK_SIZE block size macro. If an
initialization vector or nonce/counter is required by the block cipher mode being used, it should be 16 bytes long (one block
length).
When using the AES module, the user must first use the AES_RoundKeysCreate function to generate a series of round keys
from the 128-, 192- or 256-bit AES key. A pointer to the AES_ROUND_KEYS_128_BIT, AES_ROUND_KEYS_192_BIT, or
AES_ROUND_KEYS_256_BIT structure containing these round keys is passed into the block cipher mode module's
encrypt/decrypt functions (or to the AES_Encrypt/AES_Decrypt function if a block cipher mode of operation is not being
used).
1.4.3.1.3 TDES
Describes how the TDES module works.
Description
The TDES module provides a software-only implementation. As TDES is maintained only until AES can be fully adopted, it is
unlikely that any hardware TDES modules will become available, so TDES does not include any intialize/deinitialize or
open/close functionality.
The TDES module should be used with a block cipher mode of operation (see the block cipher modes of operation section
for more information). For TDES, the block cipher mode module's BLOCK_CIPHER_[mode]_Initialize functions should be
initialized with the TDES_Encrypt function, the TDES_Decrypt function, and the TDES_BLOCK_SIZE block size macro. If an
initialization vector or nonce/counter is required by the block cipher mode being used, it should be 8 bytes long (one block
length).
TDES uses up to 3 64-bit DES keys, depending on the keyring option being used. In keyring option 1, all three keys will be
distinct. This provides the most security. In keyring option 2, the first and third key are the same. This provides more security
than the DES algorithm that TDES is based on. Keyring option 3 uses the same key three times. It is functionally equivalent
to DES, and is provided for backwards compatibility; it should not be used in new applications. In all cases, the three keys
should be concatenated into a single 192-bit array.
When using the TDES module, the user must first use the TDES_RoundKeysCreate function to generate a series of round
keys from the 192-bit TDES key. A pointer to the TDES_ROUND_KEYS structure containing these round keys is passed into
the block cipher mode module's encrypt/decrypt functions (or to the TDES_Encrypt/TDES_Decrypt function if a block cipher
mode of operation is not being used).
1.4.3.1.4 XTEA
Describes how the XTEA module works.
Description
The XTEA module should be used with a block cipher mode of operation (see the block cipher modes of operation section
1.4 Using the Library MLA - Crypto Library Help How the Library Works
19

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh