Skip to content

Make estimateCiphertextSize work with cached keys #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mattsb42-aws merged 1 commit into from
Sep 18, 2017
Merged

Make estimateCiphertextSize work with cached keys #30

mattsb42-aws merged 1 commit into from
Sep 18, 2017

Conversation

@bdonlan
Copy link
Contributor

@bdonlan bdonlan commented Sep 16, 2017

estimateCiphertextSize was not passing a plaintext size down to the CMM, so the
caching CMM assumed that a streaming encryption of unknown size was being
performed, and bypassed the cache entirely.

This change passes a plaintext size of zero instead to allow cached keys to be
used; since we don't actually encrypt any data it's safe to not consume any of
the byte limit.

Note that this may not behave quite right if the CMM does more clever things
with plaintext size. In general we should probably resolve this by moving
estimateCiphertextSize over to the Cipher*Stream objects instead, where it can
know the actual DataKeys in use instead of hoping they're reasonably
consistently sized.

Fixes: #29

Make estimateCiphertextSize work with cached keys
bc580d0 
estimateCiphertextSize was not passing a plaintext size down to the CMM, so the
caching CMM assumed that a streaming encryption of unknown size was being
performed, and bypassed the cache entirely.

This change passes a plaintext size of zero instead to allow cached keys to be
used; since we don't actually encrypt any data it's safe to not consume any of
the byte limit.

Note that this may not behave quite right if the CMM does more clever things
with plaintext size. In general we should probably resolve this by moving
estimateCiphertextSize over to the Cipher*Stream objects instead, where it can
know the actual DataKeys in use instead of hoping they're reasonably
consistently sized.

Fixes: aws#29
@mattsb42-aws
Copy link
Member

mattsb42-aws commented Sep 18, 2017

LGTM. I also checked the Python client to verify, and this issue is not present there due to the way that ciphertext size estimation is implemented.

https://github.com/awslabs/aws-encryption-sdk-python/blob/master/src/aws_encryption_sdk/streaming_client.py#L375

@mattsb42-aws mattsb42-aws merged commit 23af3d6 into aws:master Sep 18, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SalusaSecondus SalusaSecondus Awaiting requested review from SalusaSecondus

@mattsb42-aws mattsb42-aws Awaiting requested review from mattsb42-aws

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

estimateCiphertextSize is not cached

2 participants

@bdonlan @mattsb42-aws