in source/default_cmm.c [100:150]
static int default_cmm_decrypt_materials(
struct aws_cryptosdk_cmm *cmm,
struct aws_cryptosdk_dec_materials **output,
struct aws_cryptosdk_dec_request *request) {
struct aws_cryptosdk_dec_materials *dec_mat;
struct default_cmm *self = (struct default_cmm *)cmm;
dec_mat = aws_cryptosdk_dec_materials_new(request->alloc, request->alg);
if (!dec_mat) goto err;
if (aws_cryptosdk_keyring_on_decrypt(
self->kr,
request->alloc,
&dec_mat->unencrypted_data_key,
&dec_mat->keyring_trace,
&request->encrypted_data_keys,
request->enc_ctx,
request->alg))
goto err;
if (!dec_mat->unencrypted_data_key.buffer) {
aws_raise_error(AWS_CRYPTOSDK_ERR_CANNOT_DECRYPT);
goto err;
}
const struct aws_cryptosdk_alg_properties *props = aws_cryptosdk_alg_props(request->alg);
struct aws_hash_element *pElement = NULL;
aws_hash_table_find(request->enc_ctx, EC_PUBLIC_KEY_FIELD, &pElement);
if (props->signature_len) {
if (!pElement || !pElement->key) {
aws_raise_error(AWS_CRYPTOSDK_ERR_BAD_CIPHERTEXT);
goto err;
}
if (aws_cryptosdk_sig_verify_start(&dec_mat->signctx, request->alloc, pElement->value, props)) {
goto err;
}
} else if (pElement) {
// If alg suite is unsigned, enc_ctx must not contain EC_PUBLIC_KEY_FIELD
aws_raise_error(AWS_CRYPTOSDK_ERR_BAD_CIPHERTEXT);
goto err;
}
*output = dec_mat;
return AWS_OP_SUCCESS;
err:
*output = NULL;
aws_cryptosdk_dec_materials_destroy(dec_mat);
return AWS_OP_ERR;
}