From 068e977ce2e41e5ae578408688f68a81af6d2656 Mon Sep 17 00:00:00 2001 From: Mike Jensen Date: Mon, 4 Nov 2024 14:52:39 -0700 Subject: [PATCH] fix: NanoTDF secure key from debug logging and iv conflict risk This change is motivated from the CodeQL result: https://github.com/opentdf/java-sdk/security/code-scanning/1 Although that use of a static IV is deliberate, it helped highlight that we should ensure that there is no reuse of the IV when encrypting the data. In addition it was found that there were two places the key was logged, due to the sensitivity of the key this has been removed. --- sdk/src/main/java/io/opentdf/platform/sdk/NanoTDF.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/NanoTDF.java b/sdk/src/main/java/io/opentdf/platform/sdk/NanoTDF.java index 75d0e734..39170b97 100644 --- a/sdk/src/main/java/io/opentdf/platform/sdk/NanoTDF.java +++ b/sdk/src/main/java/io/opentdf/platform/sdk/NanoTDF.java @@ -88,7 +88,6 @@ public int createNanoTDF(ByteBuffer data, OutputStream outputStream, MessageDigest digest = MessageDigest.getInstance("SHA-256"); byte[] hashOfSalt = digest.digest(MAGIC_NUMBER_AND_VERSION); byte[] key = ECKeyPair.calculateHKDF(hashOfSalt, symmetricKey); - logger.debug("createNanoTDF key is - {}", Base64.getEncoder().encodeToString(key)); // Encrypt policy PolicyObject policyObject = createPolicyObject(nanoTDFConfig.attributes); @@ -135,9 +134,11 @@ public int createNanoTDF(ByteBuffer data, OutputStream outputStream, // Encrypt the data byte[] actualIV = new byte[kIvPadding + kNanoTDFIvSize]; - byte[] iv = new byte[kNanoTDFIvSize]; - SecureRandom.getInstanceStrong().nextBytes(iv); - System.arraycopy(iv, 0, actualIV, kIvPadding, iv.length); + do { + byte[] iv = new byte[kNanoTDFIvSize]; + SecureRandom.getInstanceStrong().nextBytes(iv); + System.arraycopy(iv, 0, actualIV, kIvPadding, iv.length); + } while (Arrays.equals(actualIV, kEmptyIV)); // if match, we need to retry to prevent key + iv reuse with the policy byte[] cipherData = gcm.encrypt(actualIV, authTagSize, data.array(), 0, dataSize); @@ -173,7 +174,6 @@ public void readNanoTDF(ByteBuffer nanoTDF, OutputStream outputStream, byte[] key = kas.unwrapNanoTDF(header.getECCMode().getEllipticCurveType(), base64HeaderData, kasUrl); - logger.debug("readNanoTDF key is {}", Base64.getEncoder().encodeToString(key)); byte[] payloadLengthBuf = new byte[4]; nanoTDF.get(payloadLengthBuf, 1, 3);