fix: NanoTDF secure key from debug logging and iv conflict risk

This change is motivated from the CodeQL result: https://github.com/opentdf/java-sdk/security/code-scanning/1 Although that use of a static IV is deliberate, it helped highlight that we should ensure that there is no reuse of the IV when encrypting the data. In addition it was found that there were two places the key was logged, due to the sensitivity of the key this has been removed.
opentdf · Nov 4, 2024 · 068e977 · 068e977
1 parent b4f95e6
commit 068e977
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/NanoTDF.java b/sdk/src/main/java/io/opentdf/platform/sdk/NanoTDF.java
@@ -88,7 +88,6 @@ public int createNanoTDF(ByteBuffer data, OutputStream outputStream,
         MessageDigest digest = MessageDigest.getInstance("SHA-256");
         byte[] hashOfSalt = digest.digest(MAGIC_NUMBER_AND_VERSION);
         byte[] key = ECKeyPair.calculateHKDF(hashOfSalt, symmetricKey);
-        logger.debug("createNanoTDF key is - {}", Base64.getEncoder().encodeToString(key));
 
         // Encrypt policy
         PolicyObject policyObject = createPolicyObject(nanoTDFConfig.attributes);
@@ -135,9 +134,11 @@ public int createNanoTDF(ByteBuffer data, OutputStream outputStream,
 
         // Encrypt the data
         byte[] actualIV = new byte[kIvPadding + kNanoTDFIvSize];
-        byte[] iv = new byte[kNanoTDFIvSize];
-        SecureRandom.getInstanceStrong().nextBytes(iv);
-        System.arraycopy(iv, 0, actualIV, kIvPadding, iv.length);
+        do {
+            byte[] iv = new byte[kNanoTDFIvSize];
+            SecureRandom.getInstanceStrong().nextBytes(iv);
+            System.arraycopy(iv, 0, actualIV, kIvPadding, iv.length);
+        } while (Arrays.equals(actualIV, kEmptyIV));	// if match, we need to retry to prevent key + iv reuse with the policy
 
         byte[] cipherData = gcm.encrypt(actualIV, authTagSize, data.array(), 0, dataSize);
 
@@ -173,7 +174,6 @@ public void readNanoTDF(ByteBuffer nanoTDF, OutputStream outputStream,
         byte[] key = kas.unwrapNanoTDF(header.getECCMode().getEllipticCurveType(),
                 base64HeaderData,
                 kasUrl);
-        logger.debug("readNanoTDF key is {}", Base64.getEncoder().encodeToString(key));
 
         byte[] payloadLengthBuf = new byte[4];
         nanoTDF.get(payloadLengthBuf, 1, 3);