| 163 | } |
| 164 | |
| 165 | bool AES_GCM_EncryptContext::Encrypt( |
| 166 | const void *pPlaintextData, size_t cbPlaintextData, |
| 167 | const void *pIV, |
| 168 | void *pEncryptedDataAndTag, uint32 *pcbEncryptedDataAndTag, |
| 169 | const void *pAdditionalAuthenticationData, size_t cbAuthenticationData // Optional additional authentication data. Not encrypted, but will be included in the tag, so it can be authenticated. |
| 170 | ) |
| 171 | { |
| 172 | BCryptContext *ctx = (BCryptContext *)(this->m_ctx); |
| 173 | BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO paddingInfo; |
| 174 | BCRYPT_INIT_AUTH_MODE_INFO(paddingInfo); |
| 175 | char buffer[32] = { 0 }; |
| 176 | AssertFatal( m_cbTag <= sizeof( buffer ) ); |
| 177 | paddingInfo.pbTag = m_cbTag ? ( PUCHAR )buffer : NULL; |
| 178 | paddingInfo.cbTag = m_cbTag; |
| 179 | paddingInfo.pbNonce = ( PUCHAR )pIV; |
| 180 | paddingInfo.cbNonce = m_cbIV; |
| 181 | paddingInfo.cbAuthData = (ULONG)cbAuthenticationData; |
| 182 | paddingInfo.pbAuthData = cbAuthenticationData ? (PUCHAR)pAdditionalAuthenticationData : NULL; |
| 183 | ULONG ct_size; |
| 184 | NTSTATUS status = BCryptEncrypt( |
| 185 | ctx->hKey, |
| 186 | ( PUCHAR )pPlaintextData, (ULONG)cbPlaintextData, |
| 187 | &paddingInfo, |
| 188 | NULL, 0, |
| 189 | ( PUCHAR )pEncryptedDataAndTag, *pcbEncryptedDataAndTag, |
| 190 | &ct_size, |
| 191 | 0 ); |
| 192 | AssertFatal( ( ct_size + m_cbTag ) < *pcbEncryptedDataAndTag ); |
| 193 | memcpy( ( PUCHAR )( pEncryptedDataAndTag ) + ct_size, buffer, m_cbTag ); |
| 194 | ct_size += m_cbTag; |
| 195 | *pcbEncryptedDataAndTag = ct_size; |
| 196 | return NT_SUCCESS(status); |
| 197 | } |
| 198 | |
| 199 | bool AES_GCM_DecryptContext::Decrypt( |
| 200 | const void *pEncryptedDataAndTag, size_t cbEncryptedDataAndTag, |
no outgoing calls