| 197 | } |
| 198 | |
| 199 | bool AES_GCM_DecryptContext::Decrypt( |
| 200 | const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag, |
| 201 | const void *pIV, |
| 202 | void *pPlaintextData, uint32 *pcbPlaintextData, |
| 203 | const void *pAdditionalAuthenticationData, size_t cbAuthenticationData |
| 204 | ) |
| 205 | { |
| 206 | BCryptContext *ctx = (BCryptContext *)(this->m_ctx); |
| 207 | BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO paddingInfo; |
| 208 | BCRYPT_INIT_AUTH_MODE_INFO(paddingInfo); |
| 209 | char buffer[32] = { 0 }; |
| 210 | AssertFatal( m_cbTag <= sizeof( buffer ) ); |
| 211 | AssertFatal( m_cbTag <= cbEncryptedDataAndTag ); |
| 212 | memcpy( buffer, ( PUCHAR )pEncryptedDataAndTag + cbEncryptedDataAndTag - m_cbTag, m_cbTag ); |
| 213 | cbEncryptedDataAndTag -= m_cbTag; |
| 214 | paddingInfo.pbTag = m_cbTag ? ( PUCHAR )buffer : NULL; |
| 215 | paddingInfo.cbTag = m_cbTag; |
| 216 | paddingInfo.pbNonce = (PUCHAR)pIV; |
| 217 | paddingInfo.cbNonce = m_cbIV; |
| 218 | paddingInfo.cbAuthData = (ULONG)cbAuthenticationData; |
| 219 | paddingInfo.pbAuthData = cbAuthenticationData ? (PUCHAR)pAdditionalAuthenticationData : NULL; |
| 220 | ULONG pt_size; |
| 221 | NTSTATUS status = BCryptDecrypt( |
| 222 | ctx->hKey, |
| 223 | ( PUCHAR )pEncryptedDataAndTag, (ULONG)cbEncryptedDataAndTag, |
| 224 | &paddingInfo, |
| 225 | NULL, 0, |
| 226 | ( PUCHAR )pPlaintextData, *pcbPlaintextData, |
| 227 | &pt_size, |
| 228 | 0 ); |
| 229 | *pcbPlaintextData = pt_size; |
| 230 | return NT_SUCCESS(status); |
| 231 | } |
| 232 | |
| 233 | //----------------------------------------------------------------------------- |
| 234 | // Purpose: Generate a SHA256 hash |
no outgoing calls