fix: create AES-256 keys of the correct length with all curves (#282)

mkleene · gemini-code-assist[bot] · web-flow · commit 95c20b3af31b · 2025-07-28T21:44:51.000+02:00
We previously output a key that was the same length as the shared
secret. This isn't what we want since AES-256 always uses keys of the
same length

---------

Co-authored-by: gemini-code-assist[bot] &lt;176961590+gemini-code-assist[bot]@users.noreply.github.com&gt;
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java b/sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java
@@ -29,6 +29,8 @@
 
 public class ECKeyPair {
 
+    private static final int SHA256_BYTES = 32;
+
     static {
         Security.addProvider(new BouncyCastleProvider());
     }
@@ -233,8 +235,12 @@ public static byte[] computeECDHKey(ECPublicKey publicKey, ECPrivateKey privateK
         }
     }
 
+    /**
+     * Returns a HKDF key derived from the provided salt and secret
+     * that is 32 bytes (256 bits) long.
+     */
     public static byte[] calculateHKDF(byte[] salt, byte[] secret) {
-        byte[] key = new byte[secret.length];
+        byte[] key = new byte[SHA256_BYTES];
         HKDFParameters params = new HKDFParameters(secret, salt, null);
 
         HKDFBytesGenerator hkdf = new HKDFBytesGenerator(SHA256Digest.newInstance());
diff --git a/sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java b/sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java
@@ -13,6 +13,7 @@
 import java.util.Base64;
 
 import static io.opentdf.platform.sdk.NanoTDFType.ECCurve.SECP256R1;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
@@ -117,6 +118,19 @@ void extractPemPubKeyFromX509() throws CertificateException, IOException, NoSuch
         byte[] key = ECKeyPair.calculateHKDF(ECKeys.salt.getBytes(StandardCharsets.UTF_8), symmetricKey);
         System.out.println(Arrays.toString(key));
         System.out.println(key.length);
+
+        assertThat(key.length).isEqualTo(32); // SHA-256 produces a 32-byte key
+    }
+
+    @Test
+    void createSymmetricKeysWithOtherCurves() {
+        ECKeyPair pubPair = new ECKeyPair(NanoTDFType.ECCurve.SECP384R1, ECKeyPair.ECAlgorithm.ECDH);
+        ECKeyPair keyPair = new ECKeyPair(NanoTDFType.ECCurve.SECP384R1, ECKeyPair.ECAlgorithm.ECDH);
+
+        byte[] sharedSecret = ECKeyPair.computeECDHKey(pubPair.getPublicKey(), keyPair.getPrivateKey());
+        byte[] encryptionKey = ECKeyPair.calculateHKDF(ECKeys.salt.getBytes(StandardCharsets.UTF_8), sharedSecret);
+
+        assertThat(encryptionKey).hasSize(32); // SHA-256 produces a 32-byte key
     }
 
     @Test

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,8 @@`
`29`	`29`
`30`	`30`	`public class ECKeyPair {`
`31`	`31`
	`32`	`+ private static final int SHA256_BYTES = 32;`
	`33`	`+`
`32`	`34`	`static {`
`33`	`35`	`Security.addProvider(new BouncyCastleProvider());`
`34`	`36`	`}`
`@@ -233,8 +235,12 @@ public static byte[] computeECDHKey(ECPublicKey publicKey, ECPrivateKey privateK`
`233`	`235`	`}`
`234`	`236`	`}`
`235`	`237`
	`238`	`+ /**`
	`239`	`+ * Returns a HKDF key derived from the provided salt and secret`
	`240`	`+ * that is 32 bytes (256 bits) long.`
	`241`	`+ */`
`236`	`242`	`public static byte[] calculateHKDF(byte[] salt, byte[] secret) {`
`237`		`- byte[] key = new byte[secret.length];`
	`243`	`+ byte[] key = new byte[SHA256_BYTES];`
`238`	`244`	`HKDFParameters params = new HKDFParameters(secret, salt, null);`
`239`	`245`
`240`	`246`	`HKDFBytesGenerator hkdf = new HKDFBytesGenerator(SHA256Digest.newInstance());`