platform icon indicating copy to clipboard operation
platform copied to clipboard

SDK GetTDFType should validate the TDF

Open jrschumacher opened this issue 11 months ago • 2 comments

The sdk.GetTDFType() should validate the TDF rather than just checking the nanotdf magic number and ZTDF if its a valid zip format.

The issue with IsValidTDF() is that it checks for strict manifest compliance which is not required to decrypt the data, we only need partial compliance.

jrschumacher avatar Mar 21 '25 16:03 jrschumacher

@strantalis @biscoe916 mind taking a look at this. Feedback from internal PEP development.

jrschumacher avatar Mar 21 '25 16:03 jrschumacher

Definitely agree that GetTDFType needs to do more than just check whether or not it's a ZIP. We had spoken in the past about adding a strict flag to IsValidTDF in order to allow for a lighter weight check that doesn't require strict JSON Schema validation.

Something like this:

func IsValidTdf(reader io.ReadSeeker, strict bool) (bool, error) {
	// create tdf reader
	tdfReader, err := archive.NewTDFReader(reader)
	if err != nil {
		return false, fmt.Errorf("archive.NewTDFReader failed: %w", err)
	}
	manifest, err := tdfReader.Manifest()
	if err != nil {
		return false, fmt.Errorf("tdfReader.Manifest failed: %w", err)
	}

	if strict {
		return isValidManifest(manifest, Strict)
	}

	// if not strict, assume valid
	return true, nil
}

For reference, the current IsValidTdf function:

func IsValidTdf(reader io.ReadSeeker) (bool, error) {
	// create tdf reader
	tdfReader, err := archive.NewTDFReader(reader)
	if err != nil {
		return false, fmt.Errorf("archive.NewTDFReader failed: %w", err)
	}

	manifest, err := tdfReader.Manifest()
	if err != nil {
		return false, fmt.Errorf("tdfReader.Manifest failed: %w", err)
	}

	return isValidManifest(manifest, Lax)
}

Then, in GetTDFType, instead of checking whether or not it is a zip, we should just run IsValidTdf(reader, false), to determine if it's a ZTDF type.

biscoe916 avatar Mar 25 '25 15:03 biscoe916