update call pattern for CRT AES

sbiscigl · sbiscigl · commit aa1bc9552783 · 2024-06-26T13:59:09.000-04:00
diff --git a/src/aws-cpp-sdk-core/source/utils/crypto/crt/CRTSymmetricCipher.cpp b/src/aws-cpp-sdk-core/source/utils/crypto/crt/CRTSymmetricCipher.cpp
@@ -85,7 +85,9 @@ namespace Aws
 
             void CRTSymmetricCipher::Reset()
             {
+                m_lastFetchedTag = GetTag();
                 m_cipher.Reset();
+                m_cipher.SetTag(Crt::ByteCursorFromArray(m_lastFetchedTag.GetUnderlyingData(), m_lastFetchedTag.GetLength()));
             }
 
             bool CRTSymmetricCipher::Good() const
diff --git a/src/aws-cpp-sdk-core/source/utils/crypto/factory/Factories.cpp b/src/aws-cpp-sdk-core/source/utils/crypto/factory/Factories.cpp
@@ -376,7 +376,11 @@ class DefaultAES_GCMFactory : public SymmetricCipherFactory
         if (aad)
         {
             auto aadCur = Aws::Crt::ByteCursorFromArray(aad->GetUnderlyingData(), aad->GetLength());
-            return Aws::MakeShared<CRTSymmetricCipher>(s_allocationTag, Aws::Crt::Crypto::SymmetricCipher::CreateAES_256_GCM_Cipher(keyCur, Aws::Crt::Optional<Aws::Crt::ByteCursor>(), Aws::Crt::Optional<Aws::Crt::ByteCursor>(), aadCur));
+            const auto cipher = Aws::MakeShared<CRTSymmetricCipher>(s_allocationTag,
+                Aws::Crt::Crypto::SymmetricCipher::CreateAES_256_GCM_Cipher(keyCur,
+                    Aws::Crt::Optional<Aws::Crt::ByteCursor>(),
+                    aadCur));
+            return cipher;
         }
 
         return Aws::MakeShared<CRTSymmetricCipher>(s_allocationTag, Aws::Crt::Crypto::SymmetricCipher::CreateAES_256_GCM_Cipher(keyCur));
@@ -398,7 +402,12 @@ class DefaultAES_GCMFactory : public SymmetricCipherFactory
         Aws::Crt::Optional<Aws::Crt::ByteCursor> tagCur = tag.GetLength() > 0 ? Aws::Crt::ByteCursorFromArray(tag.GetUnderlyingData(), tag.GetLength()) : Aws::Crt::Optional<Aws::Crt::ByteCursor>();
         Aws::Crt::Optional<Aws::Crt::ByteCursor> aadCur = aad.GetLength() > 0 ? Aws::Crt::ByteCursorFromArray(aad.GetUnderlyingData(), aad.GetLength()) : Aws::Crt::Optional<Aws::Crt::ByteCursor>();
 
-        return Aws::MakeShared<CRTSymmetricCipher>(s_allocationTag, Aws::Crt::Crypto::SymmetricCipher::CreateAES_256_GCM_Cipher(keyCur, ivCur, tagCur, aadCur));
+        auto cipher = Aws::Crt::Crypto::SymmetricCipher::CreateAES_256_GCM_Cipher(keyCur, ivCur, aadCur);
+        if (cipher && tagCur.has_value())
+        {
+            cipher.SetTag(tagCur.value());
+        }
+        return Aws::MakeShared<CRTSymmetricCipher>(s_allocationTag, std::move(cipher));
 #else
         AWS_UNREFERENCED_PARAM(key);
         AWS_UNREFERENCED_PARAM(iv);
diff --git a/tests/aws-cpp-sdk-core-tests/utils/crypto/SymmetricCiphersTest.cpp b/tests/aws-cpp-sdk-core-tests/utils/crypto/SymmetricCiphersTest.cpp
@@ -270,10 +270,10 @@ TEST_F(AES_GCM_TEST, TestBadTagCausesFailure)
     ASSERT_TRUE(*cipher);
 
     const_cast<CryptoBuffer&>(cipher->GetTag())[8] = 0;
-
     cipher->Reset();
     auto decryptResult = cipher->DecryptBuffer(encryptedResult);
     auto finalDecryptBuffer = cipher->FinalizeDecryption();
+    ASSERT_FALSE(*cipher);
     ASSERT_EQ(0u, finalDecryptBuffer.GetLength());
 }
 

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,9 @@ namespace Aws`
`85`	`85`
`86`	`86`	`void CRTSymmetricCipher::Reset()`
`87`	`87`	`{`
	`88`	`+ m_lastFetchedTag = GetTag();`
`88`	`89`	`m_cipher.Reset();`
	`90`	`+ m_cipher.SetTag(Crt::ByteCursorFromArray(m_lastFetchedTag.GetUnderlyingData(), m_lastFetchedTag.GetLength()));`
`89`	`91`	`}`
`90`	`92`
`91`	`93`	`bool CRTSymmetricCipher::Good() const`