opentdf
SDK GetTDFType should validate the TDF
The sdk.GetTDFType() should validate the TDF rather than just checking the nanotdf magic number and ZTDF if its a valid zip format.
The issue with IsValidTDF() is that it checks for strict manifest compliance which is not required to decrypt the data, we only need partial compliance.
@strantalis @biscoe916 mind taking a look at this. Feedback from internal PEP development.
Definitely agree that GetTDFType needs to do more than just check whether or not it's a ZIP. We had spoken in the past about adding a strict flag to IsValidTDF in order to allow for a lighter weight check that doesn't require strict JSON Schema validation.
Something like this:
func IsValidTdf(reader io.ReadSeeker, strict bool) (bool, error) {
// create tdf reader
tdfReader, err := archive.NewTDFReader(reader)
if err != nil {
return false, fmt.Errorf("archive.NewTDFReader failed: %w", err)
}
manifest, err := tdfReader.Manifest()
if err != nil {
return false, fmt.Errorf("tdfReader.Manifest failed: %w", err)
}
if strict {
return isValidManifest(manifest, Strict)
}
// if not strict, assume valid
return true, nil
}
For reference, the current IsValidTdf function:
func IsValidTdf(reader io.ReadSeeker) (bool, error) {
// create tdf reader
tdfReader, err := archive.NewTDFReader(reader)
if err != nil {
return false, fmt.Errorf("archive.NewTDFReader failed: %w", err)
}
manifest, err := tdfReader.Manifest()
if err != nil {
return false, fmt.Errorf("tdfReader.Manifest failed: %w", err)
}
return isValidManifest(manifest, Lax)
}
Then, in GetTDFType, instead of checking whether or not it is a zip, we should just run IsValidTdf(reader, false), to determine if it's a ZTDF type.
