KMS - Validate plaintext-parameter for length (#4441)

moto/kms/utils.py

@@ -11,6 +11,7 @@ from .exceptions import (
     InvalidCiphertextException,
     AccessDeniedException,
     NotFoundException,
+    ValidationException,
 )
 
 
@@ -102,6 +103,11 @@ def encrypt(master_keys, key_id, plaintext, encryption_context):
             )
         )
 
+    if plaintext == b"":
+        raise ValidationException(
+            "1 validation error detected: Value at 'plaintext' failed to satisfy constraint: Member must have length greater than or equal to 1"
+        )
+
     iv = os.urandom(IV_LEN)
     aad = _serialize_encryption_context(encryption_context=encryption_context)
 

tests/test_kms/test_kms_boto3.py

@@ -40,6 +40,19 @@ def test_create_key_without_description():
     metadata.should.have.key("Description").equal("")
 
 
+@mock_kms
+def test_create_key_with_empty_content():
+    client_kms = boto3.client("kms", region_name="ap-northeast-1")
+    metadata = client_kms.create_key(Policy="my policy")["KeyMetadata"]
+    with pytest.raises(ClientError) as exc:
+        client_kms.encrypt(KeyId=metadata["KeyId"], Plaintext="")
+    err = exc.value.response["Error"]
+    err["Code"].should.equal("ValidationException")
+    err["Message"].should.equal(
+        "1 validation error detected: Value at 'plaintext' failed to satisfy constraint: Member must have length greater than or equal to 1"
+    )
+
+
 @mock_kms
 def test_create_key():
     conn = boto3.client("kms", region_name="us-east-1")