Use more privileged memory allocation for the plaintext Buffer in Decrypt

[SimonLau413]

Problem:

https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/decrypt-node/src/decrypt.ts

const plaintext: Buffer[] = []
  let messageHeader: MessageHeader | false = false
  stream
    .once('MessageHeader', (header: MessageHeader) => {
      messageHeader = header
    })
    .on('data', (chunk: Buffer) => plaintext.push(chunk))

  // This will check both Uint8Array|Buffer
  if (ciphertext instanceof Uint8Array) {
    stream.end(ciphertext)
  } else if (typeof ciphertext === 'string') {
    stream.end(Buffer.from(ciphertext, encoding))
  } else if (ciphertext.readable) {
    ciphertext.pipe(stream)
  } else {
    throw new Error('Unsupported ciphertext format')
  }

  await finishedAsync(stream)
  if (!messageHeader) throw new Error('Unknown format')

  return {
    plaintext: Buffer.concat(plaintext),
    messageHeader,
  }

The Buffer.concat(plaintext) will result in a new Buffer. However, the const plaintext: Buffer[] = [] seem not zero-out where sensitive data might remain in memory until gc.

[texastony]

@SimonLau413

Thank you for cutting this issue. We have looked at this matter closely.

An attacker would need access to the Node Process's memory to exploit this.
Such privileged access grants an adversary a number of other exploits.

We believe that any Threat Model that considers the Node Process’ memory access vulnerable needs a more holistic solution than just zeroing out the buffer.
However, what you have written is accurate,
therefore we are going to leave this open as the following Feature Request:

The AWS Encryption SDK for JavaScript SHOULD use a more privileged memory allocation for the plaintext Buffer in Decrypt.ts.

Much Obliged,
AWS Crypto Tools