in source/kms.c [2568:2604]
static int s_decrypt_ciphertext_for_recipient(
struct aws_allocator *allocator,
struct aws_byte_buf *ciphertext_for_recipient,
struct aws_rsa_keypair *keypair,
struct aws_byte_buf *plaintext) {
AWS_PRECONDITION(aws_allocator_is_valid(allocator));
AWS_PRECONDITION(aws_byte_buf_is_valid(ciphertext_for_recipient));
AWS_PRECONDITION(keypair != NULL);
struct aws_byte_buf encrypted_symm_key, decrypted_symm_key, iv, ciphertext_out;
int rc = aws_cms_parse_enveloped_data(ciphertext_for_recipient, &encrypted_symm_key, &iv, &ciphertext_out);
if (rc != AWS_OP_SUCCESS) {
fprintf(stderr, "Cannot parse CMS enveloped data.\n");
return AWS_OP_ERR;
}
rc = aws_attestation_rsa_decrypt(allocator, keypair, &encrypted_symm_key, &decrypted_symm_key);
if (rc != AWS_OP_SUCCESS) {
aws_byte_buf_clean_up(&encrypted_symm_key);
aws_byte_buf_clean_up(&iv);
aws_byte_buf_clean_up(&ciphertext_out);
return rc;
}
rc = aws_cms_cipher_decrypt(&ciphertext_out, &decrypted_symm_key, &iv, plaintext);
if (rc != AWS_OP_SUCCESS) {
fprintf(stderr, "Cannot decrypt CMS encrypted content\n");
return rc;
}
aws_byte_buf_clean_up(&encrypted_symm_key);
aws_byte_buf_clean_up(&decrypted_symm_key);
aws_byte_buf_clean_up(&iv);
aws_byte_buf_clean_up(&ciphertext_out);
return rc;
}