2 files changed, 55 insertions, 12 deletions

diff --git a/src/mbedTLS++/AesCfb128Decryptor.cpp b/src/mbedTLS++/AesCfb128Decryptor.cpp
index 523e06161..6243a3ded 100644
--- a/src/mbedTLS++/AesCfb128Decryptor.cpp
+++ b/src/mbedTLS++/AesCfb128Decryptor.cpp
@@ -10,10 +10,17 @@
 
 
 
-cAesCfb128Decryptor::cAesCfb128Decryptor(void):
+cAesCfb128Decryptor::cAesCfb128Decryptor(void) :
 	m_IsValid(false)
 {
+#ifdef _WIN32
+	if (!CryptAcquireContext(&m_Aes, nullptr, nullptr, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
+	{
+		throw std::system_error(GetLastError(), std::system_category());
+	}
+#else
 	mbedtls_aes_init(&m_Aes);
+#endif
 }
 
 
@@ -22,8 +29,12 @@ cAesCfb128Decryptor::cAesCfb128Decryptor(void):
 
 cAesCfb128Decryptor::~cAesCfb128Decryptor()
 {
-	// Clear the leftover in-memory data, so that they can't be accessed by a backdoor
+	// Clear the leftover in-memory data, so that they can't be accessed by a backdoor:
+#ifdef _WIN32
+	CryptReleaseContext(m_Aes, 0);
+#else
 	mbedtls_aes_free(&m_Aes);
+#endif
 }
 
 
@@ -34,8 +45,27 @@ void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
 {
 	ASSERT(!IsValid());  // Cannot Init twice
 
-	memcpy(m_IV, a_IV, 16);
+#ifdef _WIN32
+	struct Key
+	{
+		PUBLICKEYSTRUC Header;
+		DWORD Length;
+		Byte Key[16];
+	} Key;
+
+	const DWORD Mode = CRYPT_MODE_CFB;
+	Key.Header = { PLAINTEXTKEYBLOB, CUR_BLOB_VERSION, 0, CALG_AES_128 };
+	Key.Length = 16;
+	std::copy_n(a_Key, 16, Key.Key);
+
+	CryptImportKey(m_Aes, reinterpret_cast<const BYTE *>(&Key), sizeof(Key), 0, 0, &m_Key);
+	CryptSetKeyParam(m_Key, KP_MODE, reinterpret_cast<const BYTE *>(&Mode), 0);
+	CryptSetKeyParam(m_Key, KP_IV, a_IV, 0);
+#else
+	std::copy_n(a_IV, 16, m_IV);
 	mbedtls_aes_setkey_enc(&m_Aes, a_Key, 128);
+#endif
+
 	m_IsValid = true;
 }
 
@@ -43,8 +73,16 @@ void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
 
 
 
-void cAesCfb128Decryptor::ProcessData(std::byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length)
+void cAesCfb128Decryptor::ProcessData(std::byte * const a_EncryptedIn, const size_t a_Length)
 {
 	ASSERT(IsValid());  // Must Init() first
-	mbedtls_aes_crypt_cfb8(&m_Aes, MBEDTLS_AES_DECRYPT, a_Length, m_IV, a_EncryptedIn, reinterpret_cast<unsigned char *>(a_DecryptedOut));
+
+#ifdef _WIN32
+	ASSERT(a_Length <= std::numeric_limits<DWORD>::max());
+
+	DWORD Length = static_cast<DWORD>(a_Length);
+	CryptDecrypt(m_Key, 0, FALSE, 0, reinterpret_cast<BYTE *>(a_EncryptedIn), &Length);
+#else
+	mbedtls_aes_crypt_cfb8(&m_Aes, MBEDTLS_AES_DECRYPT, a_Length, m_IV, reinterpret_cast<unsigned char *>(a_EncryptedIn), reinterpret_cast<unsigned char *>(a_EncryptedIn));
+#endif
 }
diff --git a/src/mbedTLS++/AesCfb128Decryptor.h b/src/mbedTLS++/AesCfb128Decryptor.h
index 601699998..a2c9d6a05 100644
--- a/src/mbedTLS++/AesCfb128Decryptor.h
+++ b/src/mbedTLS++/AesCfb128Decryptor.h
@@ -9,7 +9,11 @@
 
 #pragma once
 
+#ifdef _WIN32
+#include <wincrypt.h>
+#else
 #include "mbedtls/aes.h"
+#endif
 
 
 
@@ -26,14 +30,20 @@ public:
 	/** Initializes the decryptor with the specified Key / IV */
 	void Init(const Byte a_Key[16], const Byte a_IV[16]);
 
-	/** Decrypts a_Length bytes of the encrypted data; produces a_Length output bytes */
-	void ProcessData(std::byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length);
+	/** Decrypts a_Length bytes of the encrypted data in-place; produces a_Length output bytes */
+	void ProcessData(std::byte * a_EncryptedIn, size_t a_Length);
 
 	/** Returns true if the object has been initialized with the Key / IV */
 	bool IsValid(void) const { return m_IsValid; }
 
 protected:
+
+#ifdef _WIN32
+	HCRYPTPROV m_Aes;
+	HCRYPTKEY m_Key;
+#else
 	mbedtls_aes_context m_Aes;
+#endif
 
 	/** The InitialVector, used by the CFB mode decryption */
 	Byte m_IV[16];
@@ -41,8 +51,3 @@ protected:
 	/** Indicates whether the object has been initialized with the Key / IV */
 	bool m_IsValid;
 } ;
-
-
-
-
-