int aws_kms_decrypt_blocking_with_context()

in source/kms.c [2653:2716]


int aws_kms_decrypt_blocking_with_context(
    struct aws_nitro_enclaves_kms_client *client,
    const struct aws_string *key_id,
    const struct aws_string *encryption_algorithm,
    const struct aws_byte_buf *ciphertext,
    const struct aws_string *encryption_context,
    struct aws_byte_buf *plaintext) {
    AWS_PRECONDITION(client != NULL);
    AWS_PRECONDITION(ciphertext != NULL);
    AWS_PRECONDITION(plaintext != NULL);

    struct aws_kms_decrypt_request *request_structure = NULL;
    int rc = 0;

    request_structure = aws_kms_decrypt_request_new(client->allocator);
    if (request_structure == NULL) {
        return AWS_OP_ERR;
    }

    aws_byte_buf_init_copy(&request_structure->ciphertext_blob, client->allocator, ciphertext);

    if (key_id != NULL) {
        request_structure->key_id = aws_string_clone_or_reuse(client->allocator, key_id);
        if (aws_string_compare(encryption_algorithm, s_ea_symmetric_default) == 0) {
            request_structure->encryption_algorithm = AWS_EA_SYMMETRIC_DEFAULT;
        } else if (aws_string_compare(encryption_algorithm, s_ea_rsaes_oaep_sha_1) == 0) {
            request_structure->encryption_algorithm = AWS_EA_RSAES_OAEP_SHA_1;
        } else if (aws_string_compare(encryption_algorithm, s_ea_rsaes_oaep_sha_256) == 0) {
            request_structure->encryption_algorithm = AWS_EA_RSAES_OAEP_SHA_256;
        } else {
            fprintf(stderr, "Invalid encryption algorithm\n");
            goto err_clean;
        }
    }

    request_structure->recipient = aws_recipient_new(client->allocator);
    if (request_structure->recipient == NULL) {
        goto err_clean;
    }
    rc = aws_attestation_request(
        client->allocator, client->keypair, &request_structure->recipient->attestation_document);
    if (rc != AWS_OP_SUCCESS) {
        goto err_clean;
    }
    request_structure->recipient->key_encryption_algorithm = AWS_KEA_RSAES_OAEP_SHA_256;

    if (encryption_context) {
        struct json_object *context_json = s_json_object_from_string(encryption_context);
        rc = s_aws_hash_table_from_json(client->allocator, context_json, &request_structure->encryption_context);
        json_object_put(context_json);
        if (rc != AWS_OP_SUCCESS) {
            goto err_clean;
        }
    }

    rc = aws_kms_decrypt_blocking_from_request(client, request_structure, plaintext);

    aws_kms_decrypt_request_destroy(request_structure);
    return rc;

err_clean:
    aws_kms_decrypt_request_destroy(request_structure);
    return AWS_OP_ERR;
}