Password encryption/decryption moved to standalone methods to make reusable

lib/EAPBase/include/Credentials.h

@@ -225,6 +225,78 @@ namespace eap
 
         /// @}
 
+        /// \name Encryption
+        /// @{
+
+        ///
+        /// Encrypts data
+        ///
+        /// \param[in ] hProv       Handle of cryptographics provider
+        /// \param[in ] data        Pointer to data to encrypt
+        /// \param[in ] size        Size of \p data in bytes
+        /// \param[out] enc         Encrypted data
+        /// \param[out] ppEapError  Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[out] hHash       Handle of hashing object
+        ///
+        /// \returns
+        /// - \c ERROR_SUCCESS if succeeded
+        /// - error code otherwise
+        ///
+        DWORD encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const;
+
+        ///
+        /// Decrypts data
+        ///
+        /// \param[in ] hProv       Handle of cryptographics provider
+        /// \param[in ] data        Pointer to data to decrypt
+        /// \param[in ] size        Size of \p data in bytes
+        /// \param[out] enc         Decrypted data
+        /// \param[out] ppEapError  Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[out] hHash       Handle of hashing object
+        ///
+        /// \returns
+        /// - \c ERROR_SUCCESS if succeeded
+        /// - error code otherwise
+        ///
+        template<class _Ty, class _Ax>
+        DWORD decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<_Ty, _Ax> &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const
+        {
+            assert(ppEapError);
+            DWORD dwResult;
+
+            // Import the private key.
+            HRSRC res = FindResource(m_module.m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PRIVATE), RT_RCDATA);
+            assert(res);
+            HGLOBAL res_handle = LoadResource(m_module.m_instance, res);
+            assert(res_handle);
+            crypt_key key;
+            unique_ptr<unsigned char[], LocalFree_delete<unsigned char[]> > keyinfo_data;
+            DWORD keyinfo_size = 0;
+            if (!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_module.m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) {
+                *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."), NULL);
+                return dwResult;
+            }
+
+            if (!key.import(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0)) {
+                *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Private key import failed."), NULL);
+                return dwResult;
+            }
+
+            // Decrypt the data using our private key.
+            vector<unsigned char, sanitizing_allocator<unsigned char> > buf(size);
+            memcpy(buf.data(), data, size);
+            if (!CryptDecrypt(key, hHash, TRUE, 0, buf)) {
+                *ppEapError = m_module.make_error(dwResult = GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Decrypting password failed."), NULL);
+                return dwResult;
+            }
+
+            dec.assign(buf.begin(), buf.end());
+
+            return ERROR_SUCCESS;
+        }
+
+        /// @}
+
     public:
         std::wstring m_identity;    ///< Identity (username\@domain, certificate name etc.)
     };