fix: regression in ranged gets when using buffered subscriber (#107)

* fix: regression in ranged gets when using buffered subscriber

Author: kessplas

src/main/java/software/amazon/encryption/s3/internal/BufferedCipherSubscriber.java

@@ -61,7 +61,16 @@ public void onNext(ByteBuffer byteBuffer) {
 
         if (amountToReadFromByteBuffer > 0) {
             byte[] buf = BinaryUtils.copyBytesFrom(byteBuffer, amountToReadFromByteBuffer);
-            outputBuffer = cipher.update(buf, 0, amountToReadFromByteBuffer);
+            try {
+                outputBuffer = cipher.update(buf, 0, amountToReadFromByteBuffer);
+            } catch (final IllegalStateException exception) {
+                // This happens when the stream is reset and the cipher is reused with the
+                // same key/IV. It's actually fine here, because the data is the same, but any
+                // sane implementation will throw an exception.
+                // TODO: Implement retries. For now, forward and rethrow.
+                this.onError(exception);
+                throw exception;
+            }
 
             if (outputBuffer == null && amountToReadFromByteBuffer < cipher.getBlockSize()) {
                 // The underlying data is too short to fill in the block cipher

src/main/java/software/amazon/encryption/s3/internal/CipherSubscriber.java

@@ -35,7 +35,16 @@ public void onNext(ByteBuffer byteBuffer) {
 
         if (amountToReadFromByteBuffer > 0) {
             byte[] buf = BinaryUtils.copyBytesFrom(byteBuffer, amountToReadFromByteBuffer);
-            outputBuffer = cipher.update(buf, 0, amountToReadFromByteBuffer);
+            try {
+                outputBuffer = cipher.update(buf, 0, amountToReadFromByteBuffer);
+            } catch (final IllegalStateException exception) {
+                // This happens when the stream is reset and the cipher is reused with the
+                // same key/IV. It's actually fine here, because the data is the same, but any
+                // sane implementation will throw an exception.
+                // TODO: Implement retries. For now, forward and rethrow.
+                this.onError(exception);
+                throw exception;
+            }
             if (outputBuffer == null && amountToReadFromByteBuffer < cipher.getBlockSize()) {
                 // The underlying data is too short to fill in the block cipher
                 // This is true at the end of the file, so complete to get the final

src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java

@@ -148,7 +148,9 @@ public void onStream(SdkPublisher<ByteBuffer> ciphertextPublisher) {
                         throw new S3EncryptionClientException("Unknown algorithm: " + algorithmSuite.cipherName());
                 }
 
-                if (algorithmSuite.equals(AlgorithmSuite.ALG_AES_256_CBC_IV16_NO_KDF) || _enableDelayedAuthentication) {
+                if (algorithmSuite.equals(AlgorithmSuite.ALG_AES_256_CBC_IV16_NO_KDF)
+                        || algorithmSuite.equals(AlgorithmSuite.ALG_AES_256_CTR_IV16_TAG16_NO_KDF)
+                        || _enableDelayedAuthentication) {
                     // CBC and GCM with delayed auth enabled use a standard publisher
                     CipherPublisher plaintextPublisher = new CipherPublisher(cipher, ciphertextPublisher,
                             getObjectResponse.contentLength(), desiredRange, contentMetadata.contentRange(), algorithmSuite.cipherTagLengthBits());