fix: frame length can not be 0

modules/encrypt-browser/src/encrypt.ts

@@ -21,6 +21,7 @@ import {
   AlgorithmSuiteIdentifier,
   getEncryptHelper,
   KeyringWebCrypto,
+  needs,
   WebCryptoMaterialsManager // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management-browser'
 import {
@@ -35,7 +36,8 @@ import {
   serializeSignatureInfo,
   FRAME_LENGTH,
   MESSAGE_ID_LENGTH,
-  raw2der
+  raw2der,
+  Maximum
 } from '@aws-crypto/serialize'
 import { fromUtf8 } from '@aws-sdk/util-utf8-browser'
 import { getWebCryptoBackend } from '@aws-crypto/web-crypto-backend'
@@ -60,6 +62,9 @@ export async function encrypt (
   plaintext: Uint8Array,
   { suiteId, encryptionContext, frameLength = FRAME_LENGTH }: EncryptInput = {}
 ): Promise<EncryptResult> {
+  /* Precondition: The frameLength must be less than the maximum frame size for browser encryption. */
+  needs(frameLength > 0 && Maximum.FRAME_SIZE >= frameLength, `frameLength out of bounds: 0 > frameLength >= ${Maximum.FRAME_SIZE}`)
+
   const backend = await getWebCryptoBackend()
   if (!backend) throw new Error('No supported crypto backend')
 

modules/encrypt-browser/test/encrypt.test.ts

@@ -85,4 +85,9 @@ describe('encrypt structural testing', () => {
 
     expect(messageHeader).to.deep.equal(messageInfo.messageHeader)
   })
+
+  it('Precondition: The frameLength must be less than the maximum frame size for browser encryption.', async () => {
+    const frameLength = 0
+    expect(encrypt(keyRing, 'asdf', { frameLength })).to.rejectedWith(Error)
+  })
 })

modules/encrypt-node/src/encrypt_stream.ts

@@ -16,7 +16,8 @@
 import {
   NodeDefaultCryptographicMaterialsManager, NodeAlgorithmSuite, AlgorithmSuiteIdentifier, // eslint-disable-line no-unused-vars
   KeyringNode, NodeEncryptionMaterial, getEncryptHelper, EncryptionContext, // eslint-disable-line no-unused-vars
-  NodeMaterialsManager // eslint-disable-line no-unused-vars
+  NodeMaterialsManager, // eslint-disable-line no-unused-vars
+  needs
 } from '@aws-crypto/material-management-node'
 import { getFramedEncryptStream } from './framed_encrypt_stream'
 import { SignatureStream } from './signature_stream'
@@ -26,7 +27,8 @@ import {
   MessageHeader, // eslint-disable-line no-unused-vars
   serializeFactory, kdfInfo, ContentType, SerializationVersion, ObjectType,
   FRAME_LENGTH,
-  MESSAGE_ID_LENGTH
+  MESSAGE_ID_LENGTH,
+  Maximum
 } from '@aws-crypto/serialize'
 
 // @ts-ignore
@@ -56,6 +58,9 @@ export function encryptStream (
 ): Duplex {
   const { suiteId, context, frameLength = FRAME_LENGTH } = op
 
+  /* Precondition: The frameLength must be less than the maximum frame size Node.js stream. */
+  needs(frameLength > 0 && Maximum.FRAME_SIZE >= frameLength, `frameLength out of bounds: 0 > frameLength >= ${Maximum.FRAME_SIZE}`)
+
   /* If the cmm is a Keyring, wrap it with NodeDefaultCryptographicMaterialsManager. */
   cmm = cmm instanceof KeyringNode
     ? new NodeDefaultCryptographicMaterialsManager(cmm)

modules/encrypt-node/test/encrypt.test.ts

@@ -184,6 +184,11 @@ describe('encrypt structural testing', () => {
 
     expect(messageHeader).to.deep.equal(messageInfo.messageHeader)
   })
+
+  it('Precondition: The frameLength must be less than the maximum frame size Node.js stream.', async () => {
+    const frameLength = 0
+    expect(encrypt(keyRing, 'asdf', { frameLength })).to.rejectedWith(Error)
+  })
 })
 
 function finishedAsync (stream: any) {