The Caching CMM should never cache materials if the plaintext length is not know

[seebees]

https://github.com/awslabs/aws-encryption-sdk-specification/blob/master/framework/caching-cmm.md#get-encryption-materials

Since there is a maximum amount of data that can be safely encrypted under a single data key, if we do not know the amount of data, we can not safely encrypt under a cached data key.

An Example:
If I only want to encrypt 5K under a single data key,
and I have a cached key that has 4.999K already used,
a 10B message will exhaust my margin.
Therefore if I do not know how large a given message is,
I can not safely encrypt it under this key.

[mattsb42-aws]

if we do not know the amount of data, we can not safely encrypt under a cached data key

Specifically: If we do not know the amount of data, we MUST assume that it is the maximum safe amount and therefore we MUST NOT reuse materials.

[RustanLeino]

Can the cache be used if the bytes encrypted equals the limit (or only when the bytes encrypted is strictly less than the limit)? For example, if the limit is 100 and there's a request to encrypt 100 bytes, can the cache be used?

[seebees]

Yes. 0 bytes is a fine amount to encrypt.

[seebees]

In fact having a byte limit of 0 bytes is also ok.

[RustanLeino]

Okay. Note, this is not what the ESDK for Java does (https://github.com/aws/aws-encryption-sdk-java/blob/master/src/main/java/com/amazonaws/encryptionsdk/caching/CachingCryptoMaterialsManager.java#L303).

[seebees]

Good note. Java is the outlier here. This would make it impossible to use a cache key for only "signing" (i.e. 0 byte message, where all the data in is the encryption context).

Other implementations

• https://github.com/aws/aws-encryption-sdk-javascript/blob/201c1022257a08c82035e5cde5097fad8321f64d/modules/cache-material/src/caching_cryptographic_materials_decorators.ts#L166
• https://github.com/aws/aws-encryption-sdk-c/blob/master/source/caching_cmm.c#L509
• https://github.com/aws/aws-encryption-sdk-python/blob/master/src/aws_encryption_sdk/materials_managers/caching.py#L129