fix(sdk): parse the component sizes

Author: mkleene

sdk/src/main/java/io/opentdf/platform/sdk/PolicyInfo.java

@@ -3,8 +3,8 @@
 import java.nio.ByteBuffer;
 
 public class PolicyInfo {
+    private static final int DEFAULT_BINDING_SIZE = 8;
     private NanoTDFType.PolicyType type;
-    private boolean hasECDSABinding;
     private byte[] body;
     private byte[] binding;
 
@@ -13,7 +13,6 @@ public PolicyInfo() {
 
     public PolicyInfo(ByteBuffer buffer, ECCMode eccMode) {
         this.type = NanoTDFType.PolicyType.values()[buffer.get()];
-        this.hasECDSABinding = eccMode.isECDSABindingEnabled();
 
         if (this.type == NanoTDFType.PolicyType.REMOTE_POLICY) {
 
@@ -45,13 +44,39 @@ public PolicyInfo(ByteBuffer buffer, ECCMode eccMode) {
             }
         }
 
-        int bindingBytesSize = 8; // GMAC length
-        if (this.hasECDSABinding) { // ECDSA - The size of binding depends on the curve.
-            bindingBytesSize = ECCMode.getECDSASignatureStructSize(eccMode.getCurve());
+        this.binding = readBinding(buffer, eccMode);
+    }
+
+    static byte[] readBinding(ByteBuffer buffer, ECCMode eccMode) {
+        byte[] binding;
+        if (eccMode.isECDSABindingEnabled()) { // ECDSA - The size of binding depends on the curve.
+            int rSize = getSize(buffer.get(), eccMode.getCurve());
+            // don't bother to validate since we can only create an array of size 1024 bytes
+            byte[] rBytes = new byte[rSize];
+            buffer.get(rBytes);
+            int sSize = getSize(buffer.get(), eccMode.getCurve());
+            byte[] sBytes = new byte[sSize];
+            buffer.get(sBytes);
+            int bindingByteSize = eccMode.getCurve().getKeySize();
+            binding = new byte[2 * bindingByteSize];
+            System.arraycopy(rBytes, 0,  binding, bindingByteSize - rSize, rSize);
+            System.arraycopy(sBytes, 0, binding, bindingByteSize + bindingByteSize - sSize, sSize);
+        } else {
+            binding = new byte[DEFAULT_BINDING_SIZE];
+            buffer.get(binding);
         }
 
-        this.binding = new byte[bindingBytesSize];
-        buffer.get(this.binding);
+        return binding;
+    }
+
+    private static int getSize(byte size, NanoTDFType.ECCurve curve) {
+        int elementSize = Byte.toUnsignedInt(size);
+        if (elementSize > curve.getKeySize()) {
+            throw new SDK.MalformedTDFException(
+                    String.format("Invalid ECDSA binding size. Expected signature components to be at most %d bytes but got (%d) bytes for curve %s.",
+                            curve.getKeySize(), elementSize, curve.getCurveName()));
+        }
+        return elementSize;
     }
 
     public int getTotalSize() {
@@ -64,7 +89,6 @@ public int getTotalSize() {
             if (type == NanoTDFType.PolicyType.EMBEDDED_POLICY_PLAIN_TEXT ||
                     type == NanoTDFType.PolicyType.EMBEDDED_POLICY_ENCRYPTED) {
 
-                int policySize = body.length;
                 totalSize = (1 + Short.BYTES + body.length + binding.length);
             } else {
                 throw new RuntimeException("Embedded policy with key access is not supported.");

sdk/src/main/java/io/opentdf/platform/sdk/SDK.java

@@ -176,6 +176,15 @@ public String getPlatformUrl() {
         return platformUrl;
     }
 
+    /**
+     *  {@link MalformedTDFException} indicates that the TDF is malformed in some way
+     */
+    public static class MalformedTDFException extends SDKException {
+        public MalformedTDFException(String errorMessage) {
+            super(errorMessage);
+        }
+    }
+
     /**
      * {@link SplitKeyException} is thrown when the SDK encounters an error related to
      * the inability to reconstruct a split key during decryption.

sdk/src/test/java/io/opentdf/platform/sdk/PolicyInfoTest.java

@@ -1,7 +1,16 @@
 package io.opentdf.platform.sdk;
 
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.DERBitString;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 import static org.junit.jupiter.api.Assertions.*;
 
 class PolicyInfoTest {
@@ -58,4 +67,34 @@ void settingAndGettingPolicyBinding() {
         policyInfo.setPolicyBinding(binding);
         assertArrayEquals(binding, policyInfo.getPolicyBinding());
     }
+
+    @Test
+    void testReadingDEREncodedSignature() throws IOException {
+        var curve = NanoTDFType.ECCurve.SECP384R1;
+        ByteBuffer buffer = ByteBuffer.allocate(1024);
+        buffer.put((byte)2);
+        buffer.put(new BigInteger("200", 10).toByteArray());
+        buffer.put((byte)3);
+        buffer.put(new BigInteger("65536", 10).toByteArray());
+
+
+        ECCMode eccMode = new ECCMode();
+        eccMode.setECDSABinding(true);
+        eccMode.setEllipticCurve(curve);
+
+        buffer.flip();
+
+        byte[] signature = PolicyInfo.readBinding(buffer, eccMode);
+        assertThat(signature).hasSize(2 * curve.getKeySize());
+
+        var rBytes = new byte[curve.getKeySize()];
+        System.arraycopy(signature, 0, rBytes, 0, rBytes.length);
+        var r = new BigInteger(1, rBytes);
+        assertThat(r).isEqualTo(new BigInteger("200", 10));
+
+        var sBytes = new byte[curve.getKeySize()];
+        System.arraycopy(signature, curve.getKeySize(), sBytes, 0, curve.getKeySize());
+        var s = new BigInteger(1, sBytes);
+        assertThat(s).isEqualTo(new BigInteger("65536", 10));
+    }
 }