From 019a62eb913a06fa452061dd02db1b5e359402a3 Mon Sep 17 00:00:00 2001 From: sbiscigl Date: Wed, 8 May 2024 14:12:28 -0400 Subject: [PATCH] address PR feedback --- .../aws/cal/private/symmetric_cipher_priv.h | 10 ++- include/aws/cal/symmetric_cipher.h | 17 ++-- source/darwin/commoncrypto_aes.c | 28 +++--- source/symmetric_cipher.c | 20 +++-- source/unix/openssl_aes.c | 32 +++---- source/windows/bcrypt_aes.c | 32 +++---- tests/aes256_test.c | 88 +++++++++---------- 7 files changed, 120 insertions(+), 107 deletions(-) diff --git a/include/aws/cal/private/symmetric_cipher_priv.h b/include/aws/cal/private/symmetric_cipher_priv.h index 56bf3a64..5175afc2 100644 --- a/include/aws/cal/private/symmetric_cipher_priv.h +++ b/include/aws/cal/private/symmetric_cipher_priv.h @@ -31,8 +31,14 @@ struct aws_symmetric_cipher { struct aws_byte_buf tag; size_t block_size; size_t key_length_bits; - // deprecated for use, only for backwards compat - // use state to represent current state of cipher. + /** + deprecated for use, only for backwards compat. + Use state to represent current state of cipher. + good represented if the ciphter was initialized + without any errors, ready to process input, + and not finialized yet. This corresponds to + the state AWS_SYMMETRIC_CIPHER_READY. + */ bool good; enum aws_symmetric_cipher_state state; void *impl; diff --git a/include/aws/cal/symmetric_cipher.h b/include/aws/cal/symmetric_cipher.h index 79522cbc..ad085d99 100644 --- a/include/aws/cal/symmetric_cipher.h +++ b/include/aws/cal/symmetric_cipher.h @@ -35,7 +35,11 @@ typedef struct aws_symmetric_cipher *(aws_aes_gcm_256_new_fn)( typedef struct aws_symmetric_cipher *( aws_aes_keywrap_256_new_fn)(struct aws_allocator *allocator, const struct aws_byte_cursor *key); -enum aws_symmetric_cipher_state { AWS_CIPHER_READY, AWS_CIPHER_FINALIZED, AWS_CIPHER_ERROR }; +enum aws_symmetric_cipher_state { + AWS_SYMMETRIC_CIPHER_READY, + AWS_SYMMETRIC_CIPHER_FINALIZED, + AWS_SYMMETRIC_CIPHER_ERROR, +}; AWS_EXTERN_C_BEGIN @@ -238,13 +242,12 @@ AWS_CAL_API struct aws_byte_cursor aws_symmetric_cipher_get_key(const struct aws */ AWS_CAL_API bool aws_symmetric_cipher_is_good(const struct aws_symmetric_cipher *cipher); -/** - * Retuns the current state of the cipher. If the cipher is finished that means it must - * be re-set to be used again, but its most recent result succeeded successfully. - */ -AWS_CAL_API enum aws_symmetric_cipher_state aws_symmetric_cipher_get_state(const struct aws_symmetric_cipher *cipher); - AWS_EXTERN_C_END AWS_POP_SANE_WARNING_LEVEL +/** + * Retuns the current state of the cipher. Ther state of the cipher can be ready for use, finalized, or has encountered + * an error. if the cipher is in a finished or eror state, it must be reset before further use. + */ +AWS_CAL_API enum aws_symmetric_cipher_state aws_symmetric_cipher_get_state(const struct aws_symmetric_cipher *cipher); #endif /* AWS_CAL_SYMMETRIC_CIPHER_H */ diff --git a/source/darwin/commoncrypto_aes.c b/source/darwin/commoncrypto_aes.c index b696b15e..7449c7dc 100644 --- a/source/darwin/commoncrypto_aes.c +++ b/source/darwin/commoncrypto_aes.c @@ -46,7 +46,7 @@ static int s_encrypt(struct aws_symmetric_cipher *cipher, struct aws_byte_cursor cc_cipher->encryptor_handle, input.ptr, input.len, out->buffer + out->len, available_write_space, &len_written); if (status != kCCSuccess) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -70,7 +70,7 @@ static int s_decrypt(struct aws_symmetric_cipher *cipher, struct aws_byte_cursor cc_cipher->decryptor_handle, input.ptr, input.len, out->buffer + out->len, available_write_space, &len_written); if (status != kCCSuccess) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -95,7 +95,7 @@ static int s_finalize_encryption(struct aws_symmetric_cipher *cipher, struct aws CCCryptorFinal(cc_cipher->encryptor_handle, out->buffer + out->len, available_write_space, &len_written); if (status != kCCSuccess) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -120,7 +120,7 @@ static int s_finalize_decryption(struct aws_symmetric_cipher *cipher, struct aws CCCryptorFinal(cc_cipher->decryptor_handle, out->buffer + out->len, available_write_space, &len_written); if (status != kCCSuccess) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -254,7 +254,7 @@ struct aws_symmetric_cipher *aws_aes_cbc_256_new_impl( return NULL; } - cc_cipher->cipher_base.state = AWS_CIPHER_READY; + cc_cipher->cipher_base.state = AWS_SYMMETRIC_CIPHER_READY; cc_cipher->cipher_base.key_length_bits = AWS_AES_256_KEY_BIT_LEN; return &cc_cipher->cipher_base; @@ -354,7 +354,7 @@ struct aws_symmetric_cipher *aws_aes_ctr_256_new_impl( return NULL; } - cc_cipher->cipher_base.state = AWS_CIPHER_READY; + cc_cipher->cipher_base.state = AWS_SYMMETRIC_CIPHER_READY; cc_cipher->cipher_base.key_length_bits = AWS_AES_256_KEY_BIT_LEN; return &cc_cipher->cipher_base; @@ -414,7 +414,7 @@ static int s_finalize_gcm_encryption(struct aws_symmetric_cipher *cipher, struct size_t tag_length = AWS_AES_256_CIPHER_BLOCK_SIZE; CCStatus status = s_cc_crypto_gcm_finalize(cc_cipher->encryptor_handle, cipher->tag.buffer, tag_length); if (status != kCCSuccess) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -430,7 +430,7 @@ static int s_finalize_gcm_decryption(struct aws_symmetric_cipher *cipher, struct size_t tag_length = AWS_AES_256_CIPHER_BLOCK_SIZE; CCStatus status = s_cc_crypto_gcm_finalize(cc_cipher->encryptor_handle, cipher->tag.buffer, tag_length); if (status != kCCSuccess) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -584,7 +584,7 @@ struct aws_symmetric_cipher *aws_aes_gcm_256_new_impl( return NULL; } - cc_cipher->cipher_base.state = AWS_CIPHER_READY; + cc_cipher->cipher_base.state = AWS_SYMMETRIC_CIPHER_READY; cc_cipher->cipher_base.key_length_bits = AWS_AES_256_KEY_BIT_LEN; return &cc_cipher->cipher_base; @@ -622,7 +622,7 @@ static int s_finalize_keywrap_encryption(struct aws_symmetric_cipher *cipher, st struct cc_aes_cipher *cc_cipher = cipher->impl; if (cc_cipher->working_buffer.len == 0) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_STATE); } @@ -644,7 +644,7 @@ static int s_finalize_keywrap_encryption(struct aws_symmetric_cipher *cipher, st &output_buffer_len); if (status != kCCSuccess) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_STATE); } @@ -657,7 +657,7 @@ static int s_finalize_keywrap_decryption(struct aws_symmetric_cipher *cipher, st struct cc_aes_cipher *cc_cipher = cipher->impl; if (cc_cipher->working_buffer.len == 0) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_STATE); } @@ -679,7 +679,7 @@ static int s_finalize_keywrap_decryption(struct aws_symmetric_cipher *cipher, st &output_buffer_len); if (status != kCCSuccess) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_STATE); } @@ -716,7 +716,7 @@ struct aws_symmetric_cipher *aws_aes_keywrap_256_new_impl( } aws_byte_buf_init(&cc_cipher->working_buffer, allocator, (AWS_AES_256_CIPHER_BLOCK_SIZE * 2) + 8); - cc_cipher->cipher_base.state = AWS_CIPHER_READY; + cc_cipher->cipher_base.state = AWS_SYMMETRIC_CIPHER_READY; cc_cipher->cipher_base.key_length_bits = AWS_AES_256_KEY_BIT_LEN; return &cc_cipher->cipher_base; diff --git a/source/symmetric_cipher.c b/source/symmetric_cipher.c index 67af68f7..4e727b23 100644 --- a/source/symmetric_cipher.c +++ b/source/symmetric_cipher.c @@ -162,7 +162,7 @@ int aws_symmetric_cipher_encrypt( return AWS_OP_ERR; } - if (cipher->state == AWS_CIPHER_READY) { + if (cipher->state == AWS_SYMMETRIC_CIPHER_READY) { return cipher->vtable->encrypt(cipher, to_encrypt, out); } @@ -180,7 +180,7 @@ int aws_symmetric_cipher_decrypt( return AWS_OP_ERR; } - if (cipher->state == AWS_CIPHER_READY) { + if (cipher->state == AWS_SYMMETRIC_CIPHER_READY) { return cipher->vtable->decrypt(cipher, to_decrypt, out); } @@ -188,9 +188,11 @@ int aws_symmetric_cipher_decrypt( } int aws_symmetric_cipher_finalize_encryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out) { - if (cipher->state == AWS_CIPHER_READY) { + if (cipher->state == AWS_SYMMETRIC_CIPHER_READY) { int ret_val = cipher->vtable->finalize_encryption(cipher, out); - cipher->state = AWS_CIPHER_FINALIZED; + if (cipher->state != AWS_SYMMETRIC_CIPHER_ERROR) { + cipher->state = AWS_SYMMETRIC_CIPHER_FINALIZED; + } return ret_val; } @@ -198,9 +200,11 @@ int aws_symmetric_cipher_finalize_encryption(struct aws_symmetric_cipher *cipher } int aws_symmetric_cipher_finalize_decryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out) { - if (cipher->state == AWS_CIPHER_READY) { + if (cipher->state == AWS_SYMMETRIC_CIPHER_READY) { int ret_val = cipher->vtable->finalize_decryption(cipher, out); - cipher->state = AWS_CIPHER_FINALIZED; + if (cipher->state != AWS_SYMMETRIC_CIPHER_ERROR) { + cipher->state = AWS_SYMMETRIC_CIPHER_FINALIZED; + } return ret_val; } return aws_raise_error(AWS_ERROR_INVALID_STATE); @@ -209,7 +213,7 @@ int aws_symmetric_cipher_finalize_decryption(struct aws_symmetric_cipher *cipher int aws_symmetric_cipher_reset(struct aws_symmetric_cipher *cipher) { int ret_val = cipher->vtable->reset(cipher); if (ret_val == AWS_OP_SUCCESS) { - cipher->state = AWS_CIPHER_READY; + cipher->state = AWS_SYMMETRIC_CIPHER_READY; } return ret_val; @@ -228,7 +232,7 @@ struct aws_byte_cursor aws_symmetric_cipher_get_key(const struct aws_symmetric_c } bool aws_symmetric_cipher_is_good(const struct aws_symmetric_cipher *cipher) { - return cipher->state == AWS_CIPHER_READY; + return cipher->state == AWS_SYMMETRIC_CIPHER_READY; } enum aws_symmetric_cipher_state aws_symmetric_cipher_get_state(const struct aws_symmetric_cipher *cipher) { diff --git a/source/unix/openssl_aes.c b/source/unix/openssl_aes.c index 414d7bfc..a1469bfd 100644 --- a/source/unix/openssl_aes.c +++ b/source/unix/openssl_aes.c @@ -41,7 +41,7 @@ static int s_encrypt(struct aws_symmetric_cipher *cipher, struct aws_byte_cursor int len_written = (int)(available_write_space); if (!EVP_EncryptUpdate( openssl_cipher->encryptor_ctx, out->buffer + out->len, &len_written, input.ptr, (int)input.len)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -60,7 +60,7 @@ static int s_finalize_encryption(struct aws_symmetric_cipher *cipher, struct aws int len_written = (int)(out->capacity - out->len); if (!EVP_EncryptFinal_ex(openssl_cipher->encryptor_ctx, out->buffer + out->len, &len_written)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -82,7 +82,7 @@ static int s_decrypt(struct aws_symmetric_cipher *cipher, struct aws_byte_cursor int len_written = (int)available_write_space; if (!EVP_DecryptUpdate( openssl_cipher->decryptor_ctx, out->buffer + out->len, &len_written, input.ptr, (int)input.len)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -101,7 +101,7 @@ static int s_finalize_decryption(struct aws_symmetric_cipher *cipher, struct aws int len_written = (int)out->capacity - out->len; if (!EVP_DecryptFinal_ex(openssl_cipher->decryptor_ctx, out->buffer + out->len, &len_written)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -142,7 +142,7 @@ static int s_clear_reusable_state(struct aws_symmetric_cipher *cipher) { EVP_CIPHER_CTX_cleanup(openssl_cipher->encryptor_ctx); EVP_CIPHER_CTX_cleanup(openssl_cipher->decryptor_ctx); aws_byte_buf_secure_zero(&openssl_cipher->working_buffer); - cipher->state = AWS_CIPHER_READY; + cipher->state = AWS_SYMMETRIC_CIPHER_READY; return AWS_OP_SUCCESS; } @@ -227,7 +227,7 @@ struct aws_symmetric_cipher *aws_aes_cbc_256_new_impl( goto error; } - cipher->cipher_base.state = AWS_CIPHER_READY; + cipher->cipher_base.state = AWS_SYMMETRIC_CIPHER_READY; return &cipher->cipher_base; error: @@ -318,7 +318,7 @@ struct aws_symmetric_cipher *aws_aes_ctr_256_new_impl( goto error; } - cipher->cipher_base.state = AWS_CIPHER_READY; + cipher->cipher_base.state = AWS_SYMMETRIC_CIPHER_READY; return &cipher->cipher_base; error: @@ -338,7 +338,7 @@ static int s_finalize_gcm_encryption(struct aws_symmetric_cipher *cipher, struct EVP_CTRL_GCM_GET_TAG, (int)cipher->tag.capacity, cipher->tag.buffer)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } cipher->tag.len = AWS_AES_256_CIPHER_BLOCK_SIZE; @@ -478,7 +478,7 @@ struct aws_symmetric_cipher *aws_aes_gcm_256_new_impl( goto error; } - cipher->cipher_base.state = AWS_CIPHER_READY; + cipher->cipher_base.state = AWS_SYMMETRIC_CIPHER_READY; return &cipher->cipher_base; error: @@ -504,7 +504,7 @@ static int s_key_wrap_finalize_encryption(struct aws_symmetric_cipher *cipher, s struct openssl_aes_cipher *openssl_cipher = cipher->impl; if (openssl_cipher->working_buffer.len < MIN_CEK_LENGTH_BYTES) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_STATE); } @@ -547,7 +547,7 @@ static int s_key_wrap_finalize_encryption(struct aws_symmetric_cipher *cipher, s /* encrypt the concatenated A and R[I] and store it in B */ if (!EVP_EncryptUpdate( openssl_cipher->encryptor_ctx, b.buffer, &b_out_len, temp_input.buffer, (int)temp_input.capacity)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -572,7 +572,7 @@ static int s_key_wrap_finalize_decryption(struct aws_symmetric_cipher *cipher, s struct openssl_aes_cipher *openssl_cipher = cipher->impl; if (openssl_cipher->working_buffer.len < MIN_CEK_LENGTH_BYTES + KEYWRAP_BLOCK_SIZE) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_STATE); } @@ -619,7 +619,7 @@ static int s_key_wrap_finalize_decryption(struct aws_symmetric_cipher *cipher, s /* Decrypt the concatenated buffer */ if (!EVP_DecryptUpdate( openssl_cipher->decryptor_ctx, b.buffer, &b_out_len, temp_input.buffer, (int)temp_input.capacity)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -637,7 +637,7 @@ static int s_key_wrap_finalize_decryption(struct aws_symmetric_cipher *cipher, s /* here we perform the integrity check to make sure A == 0xA6A6A6A6A6A6A6A6 */ for (size_t i = 0; i < KEYWRAP_BLOCK_SIZE; ++i) { if (a[i] != INTEGRITY_VALUE) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED); } } @@ -653,7 +653,7 @@ static int s_init_keywrap_cipher_materials(struct aws_symmetric_cipher *cipher) EVP_CIPHER_CTX_set_padding(openssl_cipher->encryptor_ctx, 0)) || !(EVP_DecryptInit_ex(openssl_cipher->decryptor_ctx, EVP_aes_256_ecb(), NULL, cipher->key.buffer, NULL) && EVP_CIPHER_CTX_set_padding(openssl_cipher->decryptor_ctx, 0))) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -713,7 +713,7 @@ struct aws_symmetric_cipher *aws_aes_keywrap_256_new_impl( goto error; } - cipher->cipher_base.state = AWS_CIPHER_READY; + cipher->cipher_base.state = AWS_SYMMETRIC_CIPHER_READY; return &cipher->cipher_base; error: diff --git a/source/windows/bcrypt_aes.c b/source/windows/bcrypt_aes.c index 61514338..0d1e4e71 100644 --- a/source/windows/bcrypt_aes.c +++ b/source/windows/bcrypt_aes.c @@ -210,7 +210,7 @@ static int s_initialize_cipher_materials( cipher->key_handle = s_import_key_blob(cipher->alg_handle, cipher->cipher.allocator, &cipher->cipher.key); if (!cipher->key_handle) { - cipher->cipher.state = AWS_CIPHER_ERROR; + cipher->cipher.state = AWS_SYMMETRIC_CIPHER_ERROR; return AWS_OP_ERR; } @@ -228,7 +228,7 @@ static int s_initialize_cipher_materials( 0); if (!NT_SUCCESS(status)) { - cipher->cipher.state = AWS_CIPHER_ERROR; + cipher->cipher.state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } } else if (is_gcm) { @@ -358,7 +358,7 @@ static int s_aes_default_encrypt( cipher_impl->cipher_flags); if (!NT_SUCCESS(status)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -421,7 +421,7 @@ static int s_aes_cbc_encrypt( static int s_aes_cbc_finalize_encryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out) { struct aes_bcrypt_cipher *cipher_impl = cipher->impl; - if (cipher->state == AWS_CIPHER_READY && cipher_impl->overflow.len > 0) { + if (cipher->state == AWS_SYMMETRIC_CIPHER_READY && cipher_impl->overflow.len > 0) { cipher_impl->cipher_flags = BCRYPT_BLOCK_PADDING; /* take the rest of the overflow and turn padding on so the remainder is properly padded without timing attack vulnerabilities. */ @@ -475,7 +475,7 @@ static int s_default_aes_decrypt( cipher_impl->cipher_flags); if (!NT_SUCCESS(status)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } @@ -498,7 +498,7 @@ static int s_aes_cbc_decrypt( static int s_aes_cbc_finalize_decryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out) { struct aes_bcrypt_cipher *cipher_impl = cipher->impl; - if (cipher->state == AWS_CIPHER_READY && cipher_impl->overflow.len > 0) { + if (cipher->state == AWS_SYMMETRIC_CIPHER_READY && cipher_impl->overflow.len > 0) { cipher_impl->cipher_flags = BCRYPT_BLOCK_PADDING; /* take the rest of the overflow and turn padding on so the remainder is properly padded without timing attack vulnerabilities. */ @@ -547,7 +547,7 @@ struct aws_symmetric_cipher *aws_aes_cbc_256_new_impl( /* make sure the cleanup doesn't do anything. */ cipher->working_iv.allocator = NULL; cipher->cipher.impl = cipher; - cipher->cipher.state = AWS_CIPHER_READY; + cipher->cipher.state = AWS_SYMMETRIC_CIPHER_READY; return &cipher->cipher; @@ -715,7 +715,7 @@ struct aws_symmetric_cipher *aws_aes_gcm_256_new_impl( aws_byte_buf_secure_zero(&cipher->working_iv); cipher->cipher.impl = cipher; - cipher->cipher.state = AWS_CIPHER_READY; + cipher->cipher.state = AWS_SYMMETRIC_CIPHER_READY; return &cipher->cipher; @@ -831,7 +831,7 @@ static int s_aes_ctr_encrypt( cipher_impl->cipher_flags); if (!NT_SUCCESS(status)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; ret_val = aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); goto clean_up; } @@ -856,7 +856,7 @@ static int s_aes_ctr_encrypt( /* check for overflow here. */ if (aws_add_u32_checked(counter, 1, &counter) != AWS_OP_SUCCESS) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; ret_val = AWS_OP_ERR; goto clean_up; } @@ -922,7 +922,7 @@ struct aws_symmetric_cipher *aws_aes_ctr_256_new_impl( aws_byte_buf_init_copy(&cipher->working_iv, allocator, &cipher->cipher.iv); cipher->cipher.impl = cipher; - cipher->cipher.state = AWS_CIPHER_READY; + cipher->cipher.state = AWS_SYMMETRIC_CIPHER_READY; return &cipher->cipher; @@ -964,7 +964,7 @@ static int s_keywrap_finalize_encryption(struct aws_symmetric_cipher *cipher, st key_handle_to_encrypt, cipher_impl->key_handle, BCRYPT_AES_WRAP_KEY_BLOB, NULL, 0, &output_size, 0); if (!NT_SUCCESS(status)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; return aws_raise_error(AWS_ERROR_INVALID_STATE); } @@ -986,7 +986,7 @@ static int s_keywrap_finalize_encryption(struct aws_symmetric_cipher *cipher, st 0); if (!NT_SUCCESS(status)) { - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; goto clean_up; } @@ -1057,7 +1057,7 @@ static int s_keywrap_finalize_decryption(struct aws_symmetric_cipher *cipher, st } else { aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; } clean_up: @@ -1066,7 +1066,7 @@ static int s_keywrap_finalize_decryption(struct aws_symmetric_cipher *cipher, st } else { aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); - cipher->state = AWS_CIPHER_ERROR; + cipher->state = AWS_SYMMETRIC_CIPHER_ERROR; } return ret_val; @@ -1111,7 +1111,7 @@ struct aws_symmetric_cipher *aws_aes_keywrap_256_new_impl( aws_byte_buf_init(&cipher->overflow, allocator, (AWS_AES_256_CIPHER_BLOCK_SIZE * 2) + 8); cipher->cipher.impl = cipher; - cipher->cipher.state = AWS_CIPHER_READY; + cipher->cipher.state = AWS_SYMMETRIC_CIPHER_READY; return &cipher->cipher; diff --git a/tests/aes256_test.c b/tests/aes256_test.c index c61a6cb2..0b8a0dff 100644 --- a/tests/aes256_test.c +++ b/tests/aes256_test.c @@ -28,14 +28,14 @@ static int s_check_single_block_cbc( encrypted_buf.len += AWS_AES_256_CIPHER_BLOCK_SIZE; aws_symmetric_cipher_reset(cipher); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); struct aws_byte_cursor encrypted_cur = aws_byte_cursor_from_buf(&encrypted_buf); struct aws_byte_buf decrypted_buf; aws_byte_buf_init(&decrypted_buf, allocator, AWS_AES_256_CIPHER_BLOCK_SIZE); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encrypted_cur, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); /* finalizing decryption on exactly one block (that was full), should have the padding stripped away. * check that the length didn't increase on that last call. */ @@ -149,11 +149,11 @@ static int s_check_multiple_block_cbc( while (encrypted_cur.len) { struct aws_byte_cursor to_decrypt = aws_byte_cursor_advance(&encrypted_cur, (size_t)aws_min_i64(24, encrypted_cur.len)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, to_decrypt, &decrypted_buf)); } ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_BIN_ARRAYS_EQUALS(data.ptr, data.len, decrypted_buf.buffer, decrypted_buf.len); aws_byte_buf_clean_up(&decrypted_buf); @@ -244,21 +244,21 @@ static int s_aes_cbc_test_with_generated_key_iv_fn(struct aws_allocator *allocat aws_byte_buf_init(&encrypted_buf, allocator, AWS_AES_256_CIPHER_BLOCK_SIZE); struct aws_byte_cursor input = aws_byte_cursor_from_c_str(TEST_ENCRYPTION_STRING); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_encrypt(cipher, input, &encrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_finalize_encryption(cipher, &encrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_reset(cipher)); struct aws_byte_buf decrypted_buf; aws_byte_buf_init(&decrypted_buf, allocator, AWS_AES_256_CIPHER_BLOCK_SIZE); struct aws_byte_cursor encryted_cur = aws_byte_cursor_from_buf(&encrypted_buf); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encryted_cur, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_BIN_ARRAYS_EQUALS(input.ptr, input.len, decrypted_buf.buffer, decrypted_buf.len); @@ -325,11 +325,11 @@ static int s_check_single_block_ctr( struct aws_byte_cursor encrypted_cur = aws_byte_cursor_from_buf(&encrypted_buf); struct aws_byte_buf decrypted_buf; aws_byte_buf_init(&decrypted_buf, allocator, AWS_AES_256_CIPHER_BLOCK_SIZE); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encrypted_cur, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_BIN_ARRAYS_EQUALS(data.ptr, data.len, decrypted_buf.buffer, decrypted_buf.len); @@ -369,11 +369,11 @@ static int s_check_multi_block_ctr( while (encrypted_cur.len) { struct aws_byte_cursor to_decrypt = aws_byte_cursor_advance(&encrypted_cur, (size_t)aws_min_i64(24, encrypted_cur.len)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, to_decrypt, &decrypted_buf)); } ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_BIN_ARRAYS_EQUALS(data.ptr, data.len, decrypted_buf.buffer, decrypted_buf.len); aws_byte_buf_clean_up(&decrypted_buf); @@ -501,11 +501,11 @@ static int s_aes_ctr_test_with_generated_key_iv_fn(struct aws_allocator *allocat struct aws_byte_cursor encryted_cur = aws_byte_cursor_from_buf(&encrypted_buf); ASSERT_SUCCESS(aws_symmetric_cipher_reset(cipher)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encryted_cur, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_BIN_ARRAYS_EQUALS(input.ptr, input.len, decrypted_buf.buffer, decrypted_buf.len); @@ -589,10 +589,10 @@ static int s_check_multi_block_gcm( struct aws_byte_cursor to_decrypt = aws_byte_cursor_advance(&encrypted_cur, (size_t)aws_min_i64(24, encrypted_cur.len)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, to_decrypt, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); } ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_BIN_ARRAYS_EQUALS(data.ptr, data.len, decrypted_buf.buffer, decrypted_buf.len); aws_byte_buf_clean_up(&decrypted_buf); @@ -1092,11 +1092,11 @@ static int s_aes_gcm_test_with_generated_key_iv_fn(struct aws_allocator *allocat struct aws_byte_buf decrypted_buf; aws_byte_buf_init(&decrypted_buf, allocator, AWS_AES_256_CIPHER_BLOCK_SIZE); struct aws_byte_cursor encryted_cur = aws_byte_cursor_from_buf(&encrypted_buf); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encryted_cur, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_BIN_ARRAYS_EQUALS(input.ptr, input.len, decrypted_buf.buffer, decrypted_buf.len); @@ -1179,11 +1179,11 @@ static int s_test_aes_keywrap_RFC3394_256BitKey256CekTestVector(struct aws_alloc ASSERT_SUCCESS(aws_byte_buf_init(&decrypted_buf, allocator, input_length)); struct aws_byte_cursor encrypted_data = aws_byte_cursor_from_buf(&output_buf); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encrypted_data, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_BIN_ARRAYS_EQUALS(input, input_length, decrypted_buf.buffer, decrypted_buf.len); aws_symmetric_cipher_destroy(cipher); @@ -1232,11 +1232,11 @@ static int s_test_Rfc3394_256BitKey_TestIntegrityCheckFailed(struct aws_allocato ASSERT_SUCCESS(aws_byte_buf_init(&decrypted_buf, allocator, input_length)); struct aws_byte_cursor encrypted_data = aws_byte_cursor_from_buf(&output_buf); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encrypted_data, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_FAILS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_ERROR, aws_symmetric_cipher_get_state(cipher)); ASSERT_FALSE(aws_symmetric_cipher_is_good(cipher)); aws_symmetric_cipher_destroy(cipher); @@ -1284,11 +1284,11 @@ static int s_test_RFC3394_256BitKeyTestBadPayload(struct aws_allocator *allocato ASSERT_SUCCESS(aws_byte_buf_init(&decrypted_buf, allocator, input_length)); struct aws_byte_cursor encrypted_data = aws_byte_cursor_from_buf(&output_buf); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encrypted_data, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); ASSERT_BIN_ARRAYS_EQUALS(input, input_length, decrypted_buf.buffer, decrypted_buf.len); aws_symmetric_cipher_destroy(cipher); @@ -1333,11 +1333,11 @@ static int s_test_RFC3394_256BitKey128BitCekTestVector(struct aws_allocator *all ASSERT_SUCCESS(aws_byte_buf_init(&decrypted_buf, allocator, input_length)); struct aws_byte_cursor encrypted_data = aws_byte_cursor_from_buf(&output_buf); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encrypted_data, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); aws_symmetric_cipher_destroy(cipher); aws_byte_buf_clean_up(&output_buf); aws_byte_buf_clean_up(&decrypted_buf); @@ -1380,11 +1380,11 @@ static int s_test_RFC3394_256BitKey128BitCekIntegrityCheckFailedTestVector(struc struct aws_byte_cursor encrypted_data = aws_byte_cursor_from_buf(&output_buf); encrypted_data.ptr[1] = encrypted_data.ptr[1] + encrypted_data.ptr[2]; - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encrypted_data, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_FAILS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_ERROR, aws_symmetric_cipher_get_state(cipher)); ASSERT_FALSE(aws_symmetric_cipher_is_good(cipher)); aws_symmetric_cipher_destroy(cipher); @@ -1431,11 +1431,11 @@ static int s_test_RFC3394_256BitKey128BitCekPayloadCheckFailedTestVector(struct struct aws_byte_cursor encrypted_data = aws_byte_cursor_from_buf(&output_buf); encrypted_data.ptr[14] = encrypted_data.ptr[13] + encrypted_data.ptr[14]; - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_SUCCESS(aws_symmetric_cipher_decrypt(cipher, encrypted_data, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_FAILS(aws_symmetric_cipher_finalize_decryption(cipher, &decrypted_buf)); - ASSERT_INT_EQUALS(AWS_CIPHER_FINALIZED, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_ERROR, aws_symmetric_cipher_get_state(cipher)); ASSERT_FALSE(aws_symmetric_cipher_is_good(cipher)); aws_symmetric_cipher_destroy(cipher); @@ -1487,10 +1487,10 @@ static int s_test_input_too_large_fn(struct aws_allocator *allocator, void *ctx) ASSERT_ERROR(AWS_ERROR_CAL_BUFFER_TOO_LARGE_FOR_ALGORITHM, aws_symmetric_cipher_encrypt(cipher, invalid_cur, NULL)); /* should still be good from an invalid input. */ ASSERT_TRUE(aws_symmetric_cipher_is_good(cipher)); - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_ERROR(AWS_ERROR_CAL_BUFFER_TOO_LARGE_FOR_ALGORITHM, aws_symmetric_cipher_decrypt(cipher, invalid_cur, NULL)); /* should still be good from an invalid input. */ - ASSERT_INT_EQUALS(AWS_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); + ASSERT_INT_EQUALS(AWS_SYMMETRIC_CIPHER_READY, aws_symmetric_cipher_get_state(cipher)); ASSERT_TRUE(aws_symmetric_cipher_is_good(cipher)); aws_symmetric_cipher_destroy(cipher);