Use BCrypt-provided AES for PRG on Windows

faest-sign · Feb 11, 2025 · fa4ce3e · fa4ce3e
1 parent 91d6e67
commit fa4ce3e
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/aes.c b/aes.c
@@ -14,6 +14,8 @@
 
 #if defined(HAVE_OPENSSL)
 #include <openssl/evp.h>
+#elif defined(_WIN32)
+#include <windows.h>
 #endif
 #include <string.h>
 
@@ -346,6 +348,37 @@ void prg(const uint8_t* key, const uint8_t* iv, uint32_t tweak, uint8_t* out, un
     memcpy(out, last_block, outlen % IV_SIZE);
   }
   EVP_CIPHER_CTX_free(ctx);
+#elif defined(_WIN32)
+  BCRYPT_ALG_HANDLE hAes = NULL;
+  BCRYPT_KEY_HANDLE hKey = NULL;
+
+  NTSTATUS ret = BCryptOpenAlgorithmProvider(&hAes, BCRYPT_AES_ALGORITHM, NULL, 0);
+  assert(BCRYPT_SUCCESS(ret));
+  ret = BCryptGenerateSymmetricKey(hAes, &hKey, NULL, 0, (PUCHAR)key, seclvl / 8, 0);
+  assert(BCRYPT_SUCCESS(ret));
+
+  ret = BCryptSetProperty(hAes, BCRYPT_CHAINING_MODE, (PUCHAR)BCRYPT_CHAIN_MODE_ECB,
+                          (ULONG)((wcslen(BCRYPT_CHAIN_MODE_ECB) + 1) * sizeof(wchar_t)), 0);
+  assert(BCRYPT_SUCCESS(ret));
+
+  for (size_t idx = 0; idx < outlen / IV_SIZE; idx += 1, out += IV_SIZE) {
+    ULONG len = 0;
+    ret       = BCryptEncrypt(hKey, internal_iv, IV_SIZE, NULL, NULL, 0, out, IV_SIZE, &len, 0);
+    assert(BCRYPT_SUCCESS(ret));
+    assert(len == (ULONG)IV_SIZE);
+    aes_increment_iv(internal_iv);
+  }
+  if (outlen % IV_SIZE) {
+    uint8_t last_block[IV_SIZE];
+    ULONG len = 0;
+    ret = BCryptEncrypt(hKey, internal_iv, IV_SIZE, NULL, NULL, 0, last_block, IV_SIZE, &len, 0);
+    assert(BCRYPT_SUCCESS(ret));
+    assert(len == (ULONG)IV_SIZE);
+    memcpy(out, last_block, outlen % IV_SIZE);
+  }
+
+  BCryptDestroyKey(hKey);
+  BCryptCloseAlgorithmProvider(hAes, 0);
 #else
   aes_round_keys_t round_key;