in source/kms.c [2653:2716]
int aws_kms_decrypt_blocking_with_context(
struct aws_nitro_enclaves_kms_client *client,
const struct aws_string *key_id,
const struct aws_string *encryption_algorithm,
const struct aws_byte_buf *ciphertext,
const struct aws_string *encryption_context,
struct aws_byte_buf *plaintext) {
AWS_PRECONDITION(client != NULL);
AWS_PRECONDITION(ciphertext != NULL);
AWS_PRECONDITION(plaintext != NULL);
struct aws_kms_decrypt_request *request_structure = NULL;
int rc = 0;
request_structure = aws_kms_decrypt_request_new(client->allocator);
if (request_structure == NULL) {
return AWS_OP_ERR;
}
aws_byte_buf_init_copy(&request_structure->ciphertext_blob, client->allocator, ciphertext);
if (key_id != NULL) {
request_structure->key_id = aws_string_clone_or_reuse(client->allocator, key_id);
if (aws_string_compare(encryption_algorithm, s_ea_symmetric_default) == 0) {
request_structure->encryption_algorithm = AWS_EA_SYMMETRIC_DEFAULT;
} else if (aws_string_compare(encryption_algorithm, s_ea_rsaes_oaep_sha_1) == 0) {
request_structure->encryption_algorithm = AWS_EA_RSAES_OAEP_SHA_1;
} else if (aws_string_compare(encryption_algorithm, s_ea_rsaes_oaep_sha_256) == 0) {
request_structure->encryption_algorithm = AWS_EA_RSAES_OAEP_SHA_256;
} else {
fprintf(stderr, "Invalid encryption algorithm\n");
goto err_clean;
}
}
request_structure->recipient = aws_recipient_new(client->allocator);
if (request_structure->recipient == NULL) {
goto err_clean;
}
rc = aws_attestation_request(
client->allocator, client->keypair, &request_structure->recipient->attestation_document);
if (rc != AWS_OP_SUCCESS) {
goto err_clean;
}
request_structure->recipient->key_encryption_algorithm = AWS_KEA_RSAES_OAEP_SHA_256;
if (encryption_context) {
struct json_object *context_json = s_json_object_from_string(encryption_context);
rc = s_aws_hash_table_from_json(client->allocator, context_json, &request_structure->encryption_context);
json_object_put(context_json);
if (rc != AWS_OP_SUCCESS) {
goto err_clean;
}
}
rc = aws_kms_decrypt_blocking_from_request(client, request_structure, plaintext);
aws_kms_decrypt_request_destroy(request_structure);
return rc;
err_clean:
aws_kms_decrypt_request_destroy(request_structure);
return AWS_OP_ERR;
}