summaryrefslogtreecommitdiffstats
path: root/src/mbedTLS++/AesCfb128Decryptor.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mbedTLS++/AesCfb128Decryptor.cpp')
-rw-r--r--src/mbedTLS++/AesCfb128Decryptor.cpp48
1 files changed, 43 insertions, 5 deletions
diff --git a/src/mbedTLS++/AesCfb128Decryptor.cpp b/src/mbedTLS++/AesCfb128Decryptor.cpp
index 523e06161..6243a3ded 100644
--- a/src/mbedTLS++/AesCfb128Decryptor.cpp
+++ b/src/mbedTLS++/AesCfb128Decryptor.cpp
@@ -10,10 +10,17 @@
-cAesCfb128Decryptor::cAesCfb128Decryptor(void):
+cAesCfb128Decryptor::cAesCfb128Decryptor(void) :
m_IsValid(false)
{
+#ifdef _WIN32
+ if (!CryptAcquireContext(&m_Aes, nullptr, nullptr, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
+ {
+ throw std::system_error(GetLastError(), std::system_category());
+ }
+#else
mbedtls_aes_init(&m_Aes);
+#endif
}
@@ -22,8 +29,12 @@ cAesCfb128Decryptor::cAesCfb128Decryptor(void):
cAesCfb128Decryptor::~cAesCfb128Decryptor()
{
- // Clear the leftover in-memory data, so that they can't be accessed by a backdoor
+ // Clear the leftover in-memory data, so that they can't be accessed by a backdoor:
+#ifdef _WIN32
+ CryptReleaseContext(m_Aes, 0);
+#else
mbedtls_aes_free(&m_Aes);
+#endif
}
@@ -34,8 +45,27 @@ void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
{
ASSERT(!IsValid()); // Cannot Init twice
- memcpy(m_IV, a_IV, 16);
+#ifdef _WIN32
+ struct Key
+ {
+ PUBLICKEYSTRUC Header;
+ DWORD Length;
+ Byte Key[16];
+ } Key;
+
+ const DWORD Mode = CRYPT_MODE_CFB;
+ Key.Header = { PLAINTEXTKEYBLOB, CUR_BLOB_VERSION, 0, CALG_AES_128 };
+ Key.Length = 16;
+ std::copy_n(a_Key, 16, Key.Key);
+
+ CryptImportKey(m_Aes, reinterpret_cast<const BYTE *>(&Key), sizeof(Key), 0, 0, &m_Key);
+ CryptSetKeyParam(m_Key, KP_MODE, reinterpret_cast<const BYTE *>(&Mode), 0);
+ CryptSetKeyParam(m_Key, KP_IV, a_IV, 0);
+#else
+ std::copy_n(a_IV, 16, m_IV);
mbedtls_aes_setkey_enc(&m_Aes, a_Key, 128);
+#endif
+
m_IsValid = true;
}
@@ -43,8 +73,16 @@ void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
-void cAesCfb128Decryptor::ProcessData(std::byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length)
+void cAesCfb128Decryptor::ProcessData(std::byte * const a_EncryptedIn, const size_t a_Length)
{
ASSERT(IsValid()); // Must Init() first
- mbedtls_aes_crypt_cfb8(&m_Aes, MBEDTLS_AES_DECRYPT, a_Length, m_IV, a_EncryptedIn, reinterpret_cast<unsigned char *>(a_DecryptedOut));
+
+#ifdef _WIN32
+ ASSERT(a_Length <= std::numeric_limits<DWORD>::max());
+
+ DWORD Length = static_cast<DWORD>(a_Length);
+ CryptDecrypt(m_Key, 0, FALSE, 0, reinterpret_cast<BYTE *>(a_EncryptedIn), &Length);
+#else
+ mbedtls_aes_crypt_cfb8(&m_Aes, MBEDTLS_AES_DECRYPT, a_Length, m_IV, reinterpret_cast<unsigned char *>(a_EncryptedIn), reinterpret_cast<unsigned char *>(a_EncryptedIn));
+#endif
}