diff options
Diffstat (limited to 'src/mbedTLS++')
-rw-r--r-- | src/mbedTLS++/AesCfb128Decryptor.cpp | 48 | ||||
-rw-r--r-- | src/mbedTLS++/AesCfb128Decryptor.h | 19 |
2 files changed, 55 insertions, 12 deletions
diff --git a/src/mbedTLS++/AesCfb128Decryptor.cpp b/src/mbedTLS++/AesCfb128Decryptor.cpp index 523e06161..6243a3ded 100644 --- a/src/mbedTLS++/AesCfb128Decryptor.cpp +++ b/src/mbedTLS++/AesCfb128Decryptor.cpp @@ -10,10 +10,17 @@ -cAesCfb128Decryptor::cAesCfb128Decryptor(void): +cAesCfb128Decryptor::cAesCfb128Decryptor(void) : m_IsValid(false) { +#ifdef _WIN32 + if (!CryptAcquireContext(&m_Aes, nullptr, nullptr, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) + { + throw std::system_error(GetLastError(), std::system_category()); + } +#else mbedtls_aes_init(&m_Aes); +#endif } @@ -22,8 +29,12 @@ cAesCfb128Decryptor::cAesCfb128Decryptor(void): cAesCfb128Decryptor::~cAesCfb128Decryptor() { - // Clear the leftover in-memory data, so that they can't be accessed by a backdoor + // Clear the leftover in-memory data, so that they can't be accessed by a backdoor: +#ifdef _WIN32 + CryptReleaseContext(m_Aes, 0); +#else mbedtls_aes_free(&m_Aes); +#endif } @@ -34,8 +45,27 @@ void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16]) { ASSERT(!IsValid()); // Cannot Init twice - memcpy(m_IV, a_IV, 16); +#ifdef _WIN32 + struct Key + { + PUBLICKEYSTRUC Header; + DWORD Length; + Byte Key[16]; + } Key; + + const DWORD Mode = CRYPT_MODE_CFB; + Key.Header = { PLAINTEXTKEYBLOB, CUR_BLOB_VERSION, 0, CALG_AES_128 }; + Key.Length = 16; + std::copy_n(a_Key, 16, Key.Key); + + CryptImportKey(m_Aes, reinterpret_cast<const BYTE *>(&Key), sizeof(Key), 0, 0, &m_Key); + CryptSetKeyParam(m_Key, KP_MODE, reinterpret_cast<const BYTE *>(&Mode), 0); + CryptSetKeyParam(m_Key, KP_IV, a_IV, 0); +#else + std::copy_n(a_IV, 16, m_IV); mbedtls_aes_setkey_enc(&m_Aes, a_Key, 128); +#endif + m_IsValid = true; } @@ -43,8 +73,16 @@ void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16]) -void cAesCfb128Decryptor::ProcessData(std::byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length) +void cAesCfb128Decryptor::ProcessData(std::byte * const a_EncryptedIn, const size_t a_Length) { ASSERT(IsValid()); // Must Init() first - mbedtls_aes_crypt_cfb8(&m_Aes, MBEDTLS_AES_DECRYPT, a_Length, m_IV, a_EncryptedIn, reinterpret_cast<unsigned char *>(a_DecryptedOut)); + +#ifdef _WIN32 + ASSERT(a_Length <= std::numeric_limits<DWORD>::max()); + + DWORD Length = static_cast<DWORD>(a_Length); + CryptDecrypt(m_Key, 0, FALSE, 0, reinterpret_cast<BYTE *>(a_EncryptedIn), &Length); +#else + mbedtls_aes_crypt_cfb8(&m_Aes, MBEDTLS_AES_DECRYPT, a_Length, m_IV, reinterpret_cast<unsigned char *>(a_EncryptedIn), reinterpret_cast<unsigned char *>(a_EncryptedIn)); +#endif } diff --git a/src/mbedTLS++/AesCfb128Decryptor.h b/src/mbedTLS++/AesCfb128Decryptor.h index 601699998..a2c9d6a05 100644 --- a/src/mbedTLS++/AesCfb128Decryptor.h +++ b/src/mbedTLS++/AesCfb128Decryptor.h @@ -9,7 +9,11 @@ #pragma once +#ifdef _WIN32 +#include <wincrypt.h> +#else #include "mbedtls/aes.h" +#endif @@ -26,14 +30,20 @@ public: /** Initializes the decryptor with the specified Key / IV */ void Init(const Byte a_Key[16], const Byte a_IV[16]); - /** Decrypts a_Length bytes of the encrypted data; produces a_Length output bytes */ - void ProcessData(std::byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length); + /** Decrypts a_Length bytes of the encrypted data in-place; produces a_Length output bytes */ + void ProcessData(std::byte * a_EncryptedIn, size_t a_Length); /** Returns true if the object has been initialized with the Key / IV */ bool IsValid(void) const { return m_IsValid; } protected: + +#ifdef _WIN32 + HCRYPTPROV m_Aes; + HCRYPTKEY m_Key; +#else mbedtls_aes_context m_Aes; +#endif /** The InitialVector, used by the CFB mode decryption */ Byte m_IV[16]; @@ -41,8 +51,3 @@ protected: /** Indicates whether the object has been initialized with the Key / IV */ bool m_IsValid; } ; - - - - - |