Use the same type for finalize input & output

Sources/CryptoSwift/BlockEncryptor.swift

@@ -45,7 +45,7 @@ final class BlockEncryptor: Cryptor, Updatable {
         accumulated.removeFirst(encrypted.count)
 
         if var finalizingWorker = worker as? FinalizingEncryptModeWorker, isLast == true {
-            encrypted = try finalizingWorker.finalize(encrypt: encrypted.slice)
+            encrypted = Array(try finalizingWorker.finalize(encrypt: encrypted.slice))
         }
 
         return encrypted

Sources/CryptoSwift/BlockMode/CCM.swift

@@ -154,16 +154,16 @@ class CCMModeWorker: StreamModeWorker, SeekableModeWorker, CounterModeWorker, Fi
         return result
     }
 
-    func finalize(encrypt ciphertext: ArraySlice<UInt8>) throws -> Array<UInt8> {
+    func finalize(encrypt ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {
         // concatenate T at the end
-        guard let S0 = try? S(i: 0) else { return Array(ciphertext) }
+        guard let S0 = try? S(i: 0) else { return ciphertext }
 
         let tag = last_y.prefix(tagLength)
-        return Array(ciphertext) + (xor(tag, S0) as Array<UInt8>)
+        return ciphertext + (xor(tag, S0) as ArraySlice<UInt8>)
     }
 
-    func finalize(decrypt ciphertext: ArraySlice<UInt8>) throws -> Array<UInt8> {
-        return []
+    func finalize(decrypt ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {
+        return ciphertext
     }
 
     func willDecryptLast(bytes ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {

Sources/CryptoSwift/BlockMode/CipherModeWorker.swift

@@ -45,13 +45,13 @@ public protocol StreamModeWorker: CipherModeWorker {
 public protocol FinalizingEncryptModeWorker: CipherModeWorker {
     // Any final calculations, eg. calculate tag
     // Called after the last block is encrypted
-    mutating func finalize(encrypt ciphertext: ArraySlice<UInt8>) throws -> Array<UInt8>
+    mutating func finalize(encrypt ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8>
 }
 
 public protocol FinalizingDecryptModeWorker: CipherModeWorker {
     // Any final calculations, eg. calculate tag
     // Called after the last block is encrypted
-    mutating func finalize(decrypt plaintext: ArraySlice<UInt8>) throws -> Array<UInt8>
+    mutating func finalize(decrypt plaintext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8>
     // Called before decryption, hence input is ciphertext.
     // ciphertext is either a last block, or a tag (for stream workers)
     mutating func willDecryptLast(bytes ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8>

Sources/CryptoSwift/BlockMode/GCM.swift

@@ -167,7 +167,7 @@ final class GCMModeWorker: BlockModeWorker, FinalizingEncryptModeWorker, Finaliz
         return plaintext
     }
 
-    func finalize(encrypt ciphertext: ArraySlice<UInt8>) throws -> Array<UInt8> {
+    func finalize(encrypt ciphertext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {
         // Calculate MAC tag.
         let ghash = gf.ghashFinish()
         let tag = Array((ghash ^ eky0).bytes.prefix(GCMModeWorker.tagLength))
@@ -177,14 +177,15 @@ final class GCMModeWorker: BlockModeWorker, FinalizingEncryptModeWorker, Finaliz
 
         switch mode {
         case .combined:
-            return ciphertext + tag
+            return (ciphertext + tag).slice
         case .detached:
-            return Array(ciphertext)
+            return ciphertext
         }
     }
 
-    func finalize(decrypt plaintext: ArraySlice<UInt8>) throws -> Array<UInt8> {
-        return Array(plaintext)
+    func finalize(decrypt plaintext: ArraySlice<UInt8>) throws -> ArraySlice<UInt8> {
+        // do nothing
+        return plaintext
     }
 
     // The authenticated decryption operation has five inputs: K, IV , C, A, and T. It has only a single
@@ -196,8 +197,6 @@ final class GCMModeWorker: BlockModeWorker, FinalizingEncryptModeWorker, Finaliz
         case .combined:
             // overwrite expectedTag property used later for verification
             self.expectedTag = Array(ciphertext.suffix(GCMModeWorker.tagLength))
-            // gf.ciphertextLength = gf.ciphertextLength - GCMModeWorker.tagLength
-            // strip tag from the plaintext.
             return ciphertext[ciphertext.startIndex..<ciphertext.endIndex.advanced(by: -Swift.min(GCMModeWorker.tagLength,ciphertext.count))]
         case .detached:
             return ciphertext

Sources/CryptoSwift/StreamDecryptor.swift

@@ -43,7 +43,7 @@ final class StreamDecryptor: Cryptor, Updatable {
         }
 
         if var finalizingWorker = worker as? FinalizingDecryptModeWorker, isLast == true {
-            plaintext = try finalizingWorker.finalize(decrypt: plaintext.slice)
+            plaintext = Array(try finalizingWorker.finalize(decrypt: plaintext.slice))
         }
 
         return plaintext

Sources/CryptoSwift/StreamEncryptor.swift

@@ -44,7 +44,7 @@ final class StreamEncryptor: Cryptor, Updatable {
         }
 
         if var finalizingWorker = worker as? FinalizingEncryptModeWorker, isLast == true {
-            encrypted = try finalizingWorker.finalize(encrypt: encrypted.slice)
+            encrypted = Array(try finalizingWorker.finalize(encrypt: encrypted.slice))
         }
 
         return encrypted