From 9eae00edec5b1af915d05fccc6087eaeebfa63b2 Mon Sep 17 00:00:00 2001
From: qmuntal <qmuntaldiaz@microsoft.com>
Date: Fri, 18 Mar 2022 17:59:08 +0100
Subject: [PATCH] use byte slice instead of byte pointers in sys functions

---
 cng/aes.go                          | 18 ++++++------
 internal/bcrypt/bcrypt_windows.go   |  6 ++--
 internal/bcrypt/zsyscall_windows.go | 44 +++++++++++++++++++++++++----
 3 files changed, 50 insertions(+), 18 deletions(-)

diff --git a/cng/aes.go b/cng/aes.go
index b970e6b..d0bba10 100644
--- a/cng/aes.go
+++ b/cng/aes.go
@@ -80,7 +80,7 @@ func NewAESCipher(key []byte) (cipher.Block, error) {
 	}
 	c := &aesCipher{key: make([]byte, len(key))}
 	copy(c.key, key)
-	err = bcrypt.GenerateSymmetricKey(h.h, &c.kh, nil, 0, &c.key[0], uint32(len(c.key)), 0)
+	err = bcrypt.GenerateSymmetricKey(h.h, &c.kh, nil, c.key, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -105,7 +105,7 @@ func (c *aesCipher) Encrypt(dst, src []byte) {
 		panic("crypto/aes: output not full block")
 	}
 	var ret uint32
-	err := bcrypt.Encrypt(c.kh, &src[0], uint32(len(src)), nil, nil, 0, &dst[0], uint32(len(dst)), &ret, 0)
+	err := bcrypt.Encrypt(c.kh, src, nil, nil, dst, &ret, 0)
 	if err != nil {
 		panic(err)
 	}
@@ -127,7 +127,7 @@ func (c *aesCipher) Decrypt(dst, src []byte) {
 	}
 
 	var ret uint32
-	err := bcrypt.Decrypt(c.kh, &src[0], uint32(len(src)), nil, nil, 0, &dst[0], uint32(len(dst)), &ret, 0)
+	err := bcrypt.Decrypt(c.kh, src, nil, nil, dst, &ret, 0)
 	if err != nil {
 		panic(err)
 	}
@@ -180,7 +180,7 @@ func newCBC(encrypt bool, key, iv []byte) *aesCBC {
 	}
 	x := &aesCBC{encrypt: encrypt}
 	x.SetIV(iv)
-	err = bcrypt.GenerateSymmetricKey(h.h, &x.kh, nil, 0, &key[0], uint32(len(key)), 0)
+	err = bcrypt.GenerateSymmetricKey(h.h, &x.kh, nil, key, 0)
 	if err != nil {
 		panic(err)
 	}
@@ -210,9 +210,9 @@ func (x *aesCBC) CryptBlocks(dst, src []byte) {
 	var ret uint32
 	var err error
 	if x.encrypt {
-		err = bcrypt.Encrypt(x.kh, &src[0], uint32(len(src)), nil, &x.iv[0], uint32(len(x.iv)), &dst[0], uint32(len(dst)), &ret, 0)
+		err = bcrypt.Encrypt(x.kh, src, nil, x.iv[:], dst, &ret, 0)
 	} else {
-		err = bcrypt.Decrypt(x.kh, &src[0], uint32(len(src)), nil, &x.iv[0], uint32(len(x.iv)), &dst[0], uint32(len(dst)), &ret, 0)
+		err = bcrypt.Decrypt(x.kh, src, nil, x.iv[:], dst, &ret, 0)
 	}
 	if err != nil {
 		panic(err)
@@ -253,7 +253,7 @@ func newGCM(key []byte, tls bool) (*aesGCM, error) {
 		return nil, err
 	}
 	g := &aesGCM{tls: tls}
-	err = bcrypt.GenerateSymmetricKey(h.h, &g.kh, nil, 0, &key[0], uint32(len(key)), 0)
+	err = bcrypt.GenerateSymmetricKey(h.h, &g.kh, nil, key, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -308,7 +308,7 @@ func (g *aesGCM) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
 
 	info := bcrypt.NewAUTHENTICATED_CIPHER_MODE_INFO(nonce, additionalData, out[len(out)-gcmTagSize:])
 	var encSize uint32
-	err := bcrypt.Encrypt(g.kh, &plaintext[0], uint32(len(plaintext)), info, nil, 0, &out[0], uint32(len(out)), &encSize, 0)
+	err := bcrypt.Encrypt(g.kh, plaintext, info, nil, out, &encSize, 0)
 	if err != nil {
 		panic(err)
 	}
@@ -345,7 +345,7 @@ func (g *aesGCM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, er
 
 	info := bcrypt.NewAUTHENTICATED_CIPHER_MODE_INFO(nonce, additionalData, tag)
 	var decSize uint32
-	err := bcrypt.Decrypt(g.kh, &ciphertext[0], uint32(len(ciphertext)), info, nil, 0, &out[0], uint32(len(out)), &decSize, 0)
+	err := bcrypt.Decrypt(g.kh, ciphertext, info, nil, out, &decSize, 0)
 	if err != nil || int(decSize) != len(ciphertext) {
 		for i := range out {
 			out[i] = 0
diff --git a/internal/bcrypt/bcrypt_windows.go b/internal/bcrypt/bcrypt_windows.go
index 566eb16..58180e5 100644
--- a/internal/bcrypt/bcrypt_windows.go
+++ b/internal/bcrypt/bcrypt_windows.go
@@ -107,7 +107,7 @@ func NewAUTHENTICATED_CIPHER_MODE_INFO(nonce, additionalData, tag []byte) *AUTHE
 
 // Keys
 
-//sys   GenerateSymmetricKey(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, pbKeyObject *byte, cbKeyObject uint32, pbSecret *byte, cbSecret uint32, dwFlags uint32) (s error) = bcrypt.BCryptGenerateSymmetricKey
+//sys   GenerateSymmetricKey(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, pbKeyObject []byte, pbSecret []byte, dwFlags uint32) (s error) = bcrypt.BCryptGenerateSymmetricKey
 //sys   DestroyKey(hKey KEY_HANDLE) (s error) = bcrypt.BCryptDestroyKey
-//sys   Encrypt(hKey KEY_HANDLE, pbInput *byte, cbInput uint32, pPaddingInfo *AUTHENTICATED_CIPHER_MODE_INFO, pbIV *byte, cbIV uint32, pbOutput *byte, cbOutput uint32, pcbResult *uint32, dwFlags uint32) (s error) = bcrypt.BCryptEncrypt
-//sys   Decrypt(hKey KEY_HANDLE, pbInput *byte, cbInput uint32, pPaddingInfo *AUTHENTICATED_CIPHER_MODE_INFO, pbIV *byte, cbIV uint32, pbOutput *byte, cbOutput uint32, pcbResult *uint32, dwFlags uint32) (s error) = bcrypt.BCryptDecrypt
+//sys   Encrypt(hKey KEY_HANDLE, pbInput []byte, pPaddingInfo *AUTHENTICATED_CIPHER_MODE_INFO, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (s error) = bcrypt.BCryptEncrypt
+//sys   Decrypt(hKey KEY_HANDLE, pbInput []byte, pPaddingInfo *AUTHENTICATED_CIPHER_MODE_INFO, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (s error) = bcrypt.BCryptDecrypt
diff --git a/internal/bcrypt/zsyscall_windows.go b/internal/bcrypt/zsyscall_windows.go
index 63f3911..e8a0655 100644
--- a/internal/bcrypt/zsyscall_windows.go
+++ b/internal/bcrypt/zsyscall_windows.go
@@ -79,8 +79,20 @@ func CreateHash(hAlgorithm ALG_HANDLE, phHash *HASH_HANDLE, pbHashObject []byte,
 	return
 }
 
-func Decrypt(hKey KEY_HANDLE, pbInput *byte, cbInput uint32, pPaddingInfo *AUTHENTICATED_CIPHER_MODE_INFO, pbIV *byte, cbIV uint32, pbOutput *byte, cbOutput uint32, pcbResult *uint32, dwFlags uint32) (s error) {
-	r0, _, _ := syscall.Syscall12(procBCryptDecrypt.Addr(), 10, uintptr(hKey), uintptr(unsafe.Pointer(pbInput)), uintptr(cbInput), uintptr(unsafe.Pointer(pPaddingInfo)), uintptr(unsafe.Pointer(pbIV)), uintptr(cbIV), uintptr(unsafe.Pointer(pbOutput)), uintptr(cbOutput), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags), 0, 0)
+func Decrypt(hKey KEY_HANDLE, pbInput []byte, pPaddingInfo *AUTHENTICATED_CIPHER_MODE_INFO, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (s error) {
+	var _p0 *byte
+	if len(pbInput) > 0 {
+		_p0 = &pbInput[0]
+	}
+	var _p1 *byte
+	if len(pbIV) > 0 {
+		_p1 = &pbIV[0]
+	}
+	var _p2 *byte
+	if len(pbOutput) > 0 {
+		_p2 = &pbOutput[0]
+	}
+	r0, _, _ := syscall.Syscall12(procBCryptDecrypt.Addr(), 10, uintptr(hKey), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbInput)), uintptr(unsafe.Pointer(pPaddingInfo)), uintptr(unsafe.Pointer(_p1)), uintptr(len(pbIV)), uintptr(unsafe.Pointer(_p2)), uintptr(len(pbOutput)), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags), 0, 0)
 	if r0 != 0 {
 		s = syscall.Errno(r0)
 	}
@@ -115,8 +127,20 @@ func DuplicateHash(hHash HASH_HANDLE, phNewHash *HASH_HANDLE, pbHashObject []byt
 	return
 }
 
-func Encrypt(hKey KEY_HANDLE, pbInput *byte, cbInput uint32, pPaddingInfo *AUTHENTICATED_CIPHER_MODE_INFO, pbIV *byte, cbIV uint32, pbOutput *byte, cbOutput uint32, pcbResult *uint32, dwFlags uint32) (s error) {
-	r0, _, _ := syscall.Syscall12(procBCryptEncrypt.Addr(), 10, uintptr(hKey), uintptr(unsafe.Pointer(pbInput)), uintptr(cbInput), uintptr(unsafe.Pointer(pPaddingInfo)), uintptr(unsafe.Pointer(pbIV)), uintptr(cbIV), uintptr(unsafe.Pointer(pbOutput)), uintptr(cbOutput), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags), 0, 0)
+func Encrypt(hKey KEY_HANDLE, pbInput []byte, pPaddingInfo *AUTHENTICATED_CIPHER_MODE_INFO, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (s error) {
+	var _p0 *byte
+	if len(pbInput) > 0 {
+		_p0 = &pbInput[0]
+	}
+	var _p1 *byte
+	if len(pbIV) > 0 {
+		_p1 = &pbIV[0]
+	}
+	var _p2 *byte
+	if len(pbOutput) > 0 {
+		_p2 = &pbOutput[0]
+	}
+	r0, _, _ := syscall.Syscall12(procBCryptEncrypt.Addr(), 10, uintptr(hKey), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbInput)), uintptr(unsafe.Pointer(pPaddingInfo)), uintptr(unsafe.Pointer(_p1)), uintptr(len(pbIV)), uintptr(unsafe.Pointer(_p2)), uintptr(len(pbOutput)), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags), 0, 0)
 	if r0 != 0 {
 		s = syscall.Errno(r0)
 	}
@@ -147,8 +171,16 @@ func GenRandom(hAlgorithm ALG_HANDLE, pbBuffer []byte, dwFlags uint32) (s error)
 	return
 }
 
-func GenerateSymmetricKey(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, pbKeyObject *byte, cbKeyObject uint32, pbSecret *byte, cbSecret uint32, dwFlags uint32) (s error) {
-	r0, _, _ := syscall.Syscall9(procBCryptGenerateSymmetricKey.Addr(), 7, uintptr(hAlgorithm), uintptr(unsafe.Pointer(phKey)), uintptr(unsafe.Pointer(pbKeyObject)), uintptr(cbKeyObject), uintptr(unsafe.Pointer(pbSecret)), uintptr(cbSecret), uintptr(dwFlags), 0, 0)
+func GenerateSymmetricKey(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, pbKeyObject []byte, pbSecret []byte, dwFlags uint32) (s error) {
+	var _p0 *byte
+	if len(pbKeyObject) > 0 {
+		_p0 = &pbKeyObject[0]
+	}
+	var _p1 *byte
+	if len(pbSecret) > 0 {
+		_p1 = &pbSecret[0]
+	}
+	r0, _, _ := syscall.Syscall9(procBCryptGenerateSymmetricKey.Addr(), 7, uintptr(hAlgorithm), uintptr(unsafe.Pointer(phKey)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbKeyObject)), uintptr(unsafe.Pointer(_p1)), uintptr(len(pbSecret)), uintptr(dwFlags), 0, 0)
 	if r0 != 0 {
 		s = syscall.Errno(r0)
 	}