int aws_kms_generate_data_key

int aws_kms_generate_data_key_blocking()

in source/kms.c [2842:2912]
61 lines of code
7 McCabe index (conditional complexity)

int aws_kms_generate_data_key_blocking(
    struct aws_nitro_enclaves_kms_client *client,
    const struct aws_string *key_id,
    enum aws_key_spec key_spec,
    struct aws_byte_buf *plaintext,
    struct aws_byte_buf *ciphertext_blob
    /* TODO: err_reason */) {
    AWS_PRECONDITION(client != NULL);
    AWS_PRECONDITION(key_id != NULL);
    AWS_PRECONDITION(plaintext != NULL);
    AWS_PRECONDITION(ciphertext_blob != NULL);

    struct aws_string *response = NULL;
    struct aws_string *request = NULL;
    struct aws_kms_generate_data_key_response *response_structure = NULL;
    struct aws_kms_generate_data_key_request *request_structure = NULL;
    int rc = 0;

    request_structure = aws_kms_generate_data_key_request_new(client->allocator);
    if (request_structure == NULL) {
        return AWS_OP_ERR;
    }

    request_structure->key_id = aws_string_clone_or_reuse(client->allocator, key_id);
    request_structure->key_spec = key_spec;

    request_structure->recipient = aws_recipient_new(client->allocator);
    if (request_structure->recipient == NULL) {
        goto err_clean;
    }
    rc = aws_attestation_request(
        client->allocator, client->keypair, &request_structure->recipient->attestation_document);
    if (rc != AWS_OP_SUCCESS) {
        goto err_clean;
    }
    request_structure->recipient->key_encryption_algorithm = AWS_KEA_RSAES_OAEP_SHA_256;

    request = aws_kms_generate_data_key_request_to_json(request_structure);
    if (request == NULL) {
        goto err_clean;
    }

    rc = s_aws_nitro_enclaves_kms_client_call_blocking(client, kms_target_generate_data_key, request, &response);
    if (rc != 200) {
        fprintf(stderr, "Got non-200 answer from KMS: %d\n", rc);
        goto err_clean;
    }

    response_structure = aws_kms_generate_data_key_response_from_json(client->allocator, response);
    if (response_structure == NULL) {
        fprintf(stderr, "Could not read response from KMS: %d\n", rc);
        goto err_clean;
    }

    rc = s_decrypt_ciphertext_for_recipient(
        client->allocator, &response_structure->ciphertext_for_recipient, client->keypair, plaintext);

    aws_byte_buf_init_copy(ciphertext_blob, client->allocator, &response_structure->ciphertext_blob);
    aws_kms_generate_data_key_request_destroy(request_structure);
    aws_kms_generate_data_key_response_destroy(response_structure);
    aws_string_destroy(request);
    aws_string_destroy(response);

    return rc;
err_clean:
    aws_kms_generate_data_key_request_destroy(request_structure);
    aws_kms_generate_data_key_response_destroy(response_structure);
    aws_string_destroy(request);
    aws_string_destroy(response);
    return AWS_OP_ERR;
}