fix: create AES-256 keys of the correct length with all curves

sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java

@@ -29,6 +29,8 @@
 
 public class ECKeyPair {
 
+    private static final int SHA256_BYTES = 32;
+
     static {
         Security.addProvider(new BouncyCastleProvider());
     }
@@ -233,8 +235,8 @@ public static byte[] computeECDHKey(ECPublicKey publicKey, ECPrivateKey privateK
         }
     }
 
-    public static byte[] calculateHKDF(byte[] salt, byte[] secret) {
-        byte[] key = new byte[secret.length];
+    public static byte[] calculateSHA256HKDF(byte[] salt, byte[] secret) {
+        byte[] key = new byte[SHA256_BYTES];
         HKDFParameters params = new HKDFParameters(secret, salt, null);
 
         HKDFBytesGenerator hkdf = new HKDFBytesGenerator(SHA256Digest.newInstance());

sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java

@@ -213,7 +213,7 @@ public byte[] unwrap(Manifest.KeyAccess keyAccess, String policy,  KeyType sessi
             var publicKey = ECKeyPair.publicKeyFromPem(kasEphemeralPublicKey);
             byte[] symKey = ECKeyPair.computeECDHKey(publicKey, ecKeyPair.getPrivateKey());
 
-            var sessionKey = ECKeyPair.calculateHKDF(GLOBAL_KEY_SALT, symKey);
+            var sessionKey = ECKeyPair.calculateSHA256HKDF(GLOBAL_KEY_SALT, symKey);
 
             AesGcm gcm = new AesGcm(sessionKey);
             AesGcm.Encrypted encrypted = new AesGcm.Encrypted(wrappedKey);
@@ -278,7 +278,7 @@ public byte[] unwrapNanoTDF(NanoTDFType.ECCurve curve, String header, String kas
             throw new SDKException("error creating SHA-256 message digest", e);
         }
         byte[] hashOfSalt = digest.digest(NanoTDF.MAGIC_NUMBER_AND_VERSION);
-        byte[] key = ECKeyPair.calculateHKDF(hashOfSalt, symmetricKey);
+        byte[] key = ECKeyPair.calculateSHA256HKDF(hashOfSalt, symmetricKey);
 
         AesGcm gcm = new AesGcm(key);
         AesGcm.Encrypted encrypted = new AesGcm.Encrypted(wrappedKey);

sdk/src/main/java/io/opentdf/platform/sdk/NanoTDF.java

@@ -104,7 +104,7 @@ private Config.HeaderInfo getHeaderInfo(Config.NanoTDFConfig nanoTDFConfig) thro
             throw new SDKException("error getting instance of SHA-256 digest", e);
         }
         byte[] hashOfSalt = digest.digest(MAGIC_NUMBER_AND_VERSION);
-        byte[] key = ECKeyPair.calculateHKDF(hashOfSalt, symmetricKey);
+        byte[] key = ECKeyPair.calculateSHA256HKDF(hashOfSalt, symmetricKey);
 
         // Encrypt policy
         PolicyObject policyObject = createPolicyObject(nanoTDFConfig.attributes);

sdk/src/main/java/io/opentdf/platform/sdk/TDF.java

@@ -247,7 +247,7 @@ private ECKeyWrappedKeyInfo createECWrappedKey(Config.TDFConfig tdfConfig, Confi
             ECPublicKey kasPubKey = ECKeyPair.publicKeyFromPem(kasInfo.PublicKey);
             byte[] symmetricKey = ECKeyPair.computeECDHKey(kasPubKey, keyPair.getPrivateKey());
 
-            var sessionKey = ECKeyPair.calculateHKDF(GLOBAL_KEY_SALT, symmetricKey);
+            var sessionKey = ECKeyPair.calculateSHA256HKDF(GLOBAL_KEY_SALT, symmetricKey);
 
             AesGcm gcm = new AesGcm(sessionKey);
             AesGcm.Encrypted wrappedKey = gcm.encrypt(symKey);

sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java

@@ -13,6 +13,7 @@
 import java.util.Base64;
 
 import static io.opentdf.platform.sdk.NanoTDFType.ECCurve.SECP256R1;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
@@ -114,9 +115,22 @@ void extractPemPubKeyFromX509() throws CertificateException, IOException, NoSuch
         byte[] symmetricKey = ECKeyPair.computeECDHKey(publicKey, ECKeyPair.privateKeyFromPem(keypairPrivateKey));
         System.out.println(Arrays.toString(symmetricKey));
 
-        byte[] key = ECKeyPair.calculateHKDF(ECKeys.salt.getBytes(StandardCharsets.UTF_8), symmetricKey);
+        byte[] key = ECKeyPair.calculateSHA256HKDF(ECKeys.salt.getBytes(StandardCharsets.UTF_8), symmetricKey);
         System.out.println(Arrays.toString(key));
         System.out.println(key.length);
+
+        assertThat(key.length).isEqualTo(32); // SHA-256 produces a 32-byte key
+    }
+
+    @Test
+    void createSymmetricKeysWithOtherC() {
+        ECKeyPair pubPair = new ECKeyPair(NanoTDFType.ECCurve.SECP384R1, ECKeyPair.ECAlgorithm.ECDH);
+        ECKeyPair keyPair = new ECKeyPair(NanoTDFType.ECCurve.SECP384R1, ECKeyPair.ECAlgorithm.ECDH);
+
+        byte[] sharedSecret = ECKeyPair.computeECDHKey(pubPair.getPublicKey(), keyPair.getPrivateKey());
+        byte[] encryptionKey = ECKeyPair.calculateSHA256HKDF(ECKeys.salt.getBytes(StandardCharsets.UTF_8), sharedSecret);
+
+        assertThat(encryptionKey).hasSize(32); // SHA-256 produces a 32-byte key
     }
 
     @Test
@@ -131,13 +145,13 @@ void testECDH()  {
         ECPrivateKey sdkPriKey = ECKeyPair.privateKeyFromPem(ECKeys.sdkPrivateKey);
 
         byte[] symmetricKey = ECKeyPair.computeECDHKey(kasPubKey, sdkPriKey);
-        byte[] key = ECKeyPair.calculateHKDF(ECKeys.salt.getBytes(StandardCharsets.UTF_8), symmetricKey);
+        byte[] key = ECKeyPair.calculateSHA256HKDF(ECKeys.salt.getBytes(StandardCharsets.UTF_8), symmetricKey);
         String encodedKey = Base64.getEncoder().encodeToString(key);
         assertEquals(encodedKey, expectedKey);
 
         // KAS side
         symmetricKey = ECKeyPair.computeECDHKey(sdkPubKey, kasPriKey);
-        key = ECKeyPair.calculateHKDF(ECKeys.salt.getBytes(StandardCharsets.UTF_8), symmetricKey);
+        key = ECKeyPair.calculateSHA256HKDF(ECKeys.salt.getBytes(StandardCharsets.UTF_8), symmetricKey);
         encodedKey = Base64.getEncoder().encodeToString(key);
         assertEquals(encodedKey, expectedKey);
 

sdk/src/test/java/io/opentdf/platform/sdk/NanoTDFHeaderTest.java

@@ -219,7 +219,7 @@ public void testNanoTDFEncryption()
                 byte[] secret = ECKeyPair.computeECDHKey(ECKeyPair.publicKeyFromPem(kasPublicKey),
                                 ECKeyPair.privateKeyFromPem(sdkPrivateKeyForEncrypt));
                 byte[] saltValue = { 'V', 'I', 'R', 'T', 'R', 'U' };
-                encryptKey = ECKeyPair.calculateHKDF(saltValue, secret);
+                encryptKey = ECKeyPair.calculateSHA256HKDF(saltValue, secret);
 
                 // Encrypt the policy with key from KDF
                 int encryptedPayLoadSize = policy.length() + nanoTDFIvSize + tagSize;

sdk/src/test/java/io/opentdf/platform/sdk/NanoTDFTest.java

@@ -113,7 +113,7 @@ public byte[] unwrapNanoTDF(NanoTDFType.ECCurve curve, String header, String kas
                 throw new SDKException("error creating SHA-256 message digest", e);
             }
             byte[] hashOfSalt = digest.digest(NanoTDF.MAGIC_NUMBER_AND_VERSION);
-            byte[] key = ECKeyPair.calculateHKDF(hashOfSalt, symmetricKey);
+            byte[] key = ECKeyPair.calculateSHA256HKDF(hashOfSalt, symmetricKey);
             return key;
         }
 

sdk/src/test/java/io/opentdf/platform/sdk/TDFTest.java

@@ -92,7 +92,7 @@ public byte[] unwrap(Manifest.KeyAccess keyAccess, String policy, KeyType sessio
                                         var publicKey = ECKeyPair.publicKeyFromPem(clientEphemeralPublicKey);
                                         byte[] symKey = ECKeyPair.computeECDHKey(publicKey, privateKey);
 
-                                        var sessionKey = ECKeyPair.calculateHKDF(GLOBAL_KEY_SALT, symKey);
+                                        var sessionKey = ECKeyPair.calculateSHA256HKDF(GLOBAL_KEY_SALT, symKey);
 
                                         AesGcm gcm = new AesGcm(sessionKey);
                                         AesGcm.Encrypted encrypted = new AesGcm.Encrypted(bytes);