feat(sdk): Expose policy binding hash from Nano. (#2857)

opentdf-automation[bot] · web-flow · commit 6ff741402121 · 2025-11-03T18:48:23.000Z
### Proposed Changes 1.) Expose `PolicyBinding` method that returns a implementation of the new `PolicyBind` interface. 2.) Create new `PolicyBind` interface with methods `String()` and `Verify()`. DSPX-1875 ### Checklist - [ ] I have added or updated unit tests - [ ] I have added or updated integration tests (if appropriate) - [ ] I have added or updated documentation ### Testing Instructions (cherry picked from commit 5221cf4)
diff --git a/sdk/nanotdf.go b/sdk/nanotdf.go
@@ -6,6 +6,7 @@ import (
 	"crypto/elliptic"
 	"crypto/sha256"
 	"encoding/binary"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -72,6 +73,24 @@ type NanoTDFHeader struct {
 	ecdsaPolicyBindingS []byte
 }
 
+type ecdsaPolicyBinding struct {
+	r               []byte
+	s               []byte
+	ephemeralPubKey []byte
+	digest          []byte
+	curve           elliptic.Curve
+}
+
+type gmacPolicyBinding struct {
+	binding []byte
+	digest  []byte
+}
+
+type PolicyBind interface {
+	Verify() (bool, error)
+	fmt.Stringer
+}
+
 func NewNanoTDFHeaderFromReader(reader io.Reader) (NanoTDFHeader, uint32, error) {
 	header := NanoTDFHeader{}
 	var size uint32
@@ -230,25 +249,59 @@ func (header *NanoTDFHeader) ECCurve() (elliptic.Curve, error) {
 }
 
 func (header *NanoTDFHeader) VerifyPolicyBinding() (bool, error) {
-	curve, err := ocrypto.GetECCurveFromECCMode(header.bindCfg.eccMode)
+	policyBind, err := header.PolicyBinding()
+	if err != nil {
+		return false, err
+	}
+	return policyBind.Verify()
+}
+
+func (b *ecdsaPolicyBinding) Verify() (bool, error) {
+	ephemeralECDSAPublicKey, err := ocrypto.UncompressECPubKey(b.curve, b.ephemeralPubKey)
 	if err != nil {
 		return false, err
 	}
 
+	return ocrypto.VerifyECDSASig(b.digest,
+		b.r,
+		b.s,
+		ephemeralECDSAPublicKey), nil
+}
+
+func (b *ecdsaPolicyBinding) String() string {
+	return string(ocrypto.SHA256AsHex(append(b.r, b.s...)))
+}
+
+func (b *gmacPolicyBinding) Verify() (bool, error) {
+	bindingToCheck := b.digest[len(b.digest)-kNanoTDFGMACLength:]
+	return bytes.Equal(bindingToCheck, b.binding), nil
+}
+
+func (b *gmacPolicyBinding) String() string {
+	return hex.EncodeToString(b.binding)
+}
+
+func (header *NanoTDFHeader) PolicyBinding() (PolicyBind, error) {
 	digest := ocrypto.CalculateSHA256(header.PolicyBody)
+
 	if header.IsEcdsaBindingEnabled() {
-		ephemeralECDSAPublicKey, err := ocrypto.UncompressECPubKey(curve, header.EphemeralKey)
+		curve, err := ocrypto.GetECCurveFromECCMode(header.bindCfg.eccMode)
 		if err != nil {
-			return false, err
+			return nil, err
 		}
-
-		return ocrypto.VerifyECDSASig(digest,
-			header.ecdsaPolicyBindingR,
-			header.ecdsaPolicyBindingS,
-			ephemeralECDSAPublicKey), nil
-	}
-	binding := digest[len(digest)-kNanoTDFGMACLength:]
-	return bytes.Equal(binding, header.gmacPolicyBinding), nil
+		return &ecdsaPolicyBinding{
+			r:               header.ecdsaPolicyBindingR,
+			s:               header.ecdsaPolicyBindingS,
+			ephemeralPubKey: header.EphemeralKey,
+			curve:           curve,
+			digest:          digest,
+		}, nil
+	}
+
+	return &gmacPolicyBinding{
+		binding: header.gmacPolicyBinding,
+		digest:  digest,
+	}, nil
 }
 
 // ============================================================================================================
diff --git a/sdk/nanotdf_test.go b/sdk/nanotdf_test.go
@@ -7,6 +7,7 @@ import (
 	"crypto/rand"
 	"crypto/x509"
 	"encoding/gob"
+	"encoding/hex"
 	"encoding/json"
 	"encoding/pem"
 	"errors"
@@ -934,6 +935,182 @@ func (s *NanoSuite) Test_NanoTDF_Obligations() {
 	}
 }
 
+func (s *NanoSuite) Test_PolicyBinding_GMAC() {
+	// Create test policy data
+	policyData := []byte(`{"body":{"dataAttributes":["https://example.com/attr/classification/value/secret"]}}`)
+
+	// Create GMAC binding - need to simulate having GMAC at end of the digest
+	gmacBytes := []byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}
+	// Append GMAC to the digest to simulate real scenario
+	policyData = append(policyData, gmacBytes...)
+
+	digest := ocrypto.CalculateSHA256(policyData)
+
+	// For testing, we will use the last bytes as the GMAC binding
+	gmacBytes = digest[len(digest)-len(gmacBytes):]
+
+	binding := &gmacPolicyBinding{
+		binding: gmacBytes,
+		digest:  digest,
+	}
+
+	// Test String function
+	s.Require().Equal(hex.EncodeToString(gmacBytes), binding.String(), "GMAC hash should return binding data directly")
+
+	// Test Verify function - should pass with correct binding
+	valid, err := binding.Verify()
+	s.Require().NoError(err)
+	s.Require().True(valid, "GMAC binding should be valid when binding matches digest suffix")
+
+	// Test Verify function with wrong binding - should fail
+	wrongBinding := &gmacPolicyBinding{
+		binding: []byte{0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01},
+		digest:  digest,
+	}
+	valid, err = wrongBinding.Verify()
+	s.Require().NoError(err)
+	s.Require().False(valid, "GMAC binding should be invalid when binding doesn't match digest suffix")
+}
+
+func (s *NanoSuite) Test_PolicyBinding_ECDSA() {
+	// Create a test ECDSA key pair
+	keyPair, err := ocrypto.NewECKeyPair(ocrypto.ECCModeSecp256r1)
+	s.Require().NoError(err)
+
+	// Create test policy data
+	policyData := []byte(`{"body":{"dataAttributes":["https://example.com/attr/classification/value/secret"]}}`)
+	digest := ocrypto.CalculateSHA256(policyData)
+
+	// Sign the digest
+	r, sBytes, err := ocrypto.ComputeECDSASig(digest, keyPair.PrivateKey)
+	s.Require().NoError(err)
+
+	// Get the public key in compressed format
+	compressedPubKey, err := ocrypto.CompressedECPublicKey(ocrypto.ECCModeSecp256r1, keyPair.PrivateKey.PublicKey)
+	s.Require().NoError(err)
+
+	binding := &ecdsaPolicyBinding{
+		r:               r,
+		s:               sBytes,
+		ephemeralPubKey: compressedPubKey,
+		digest:          digest,
+		curve:           keyPair.PrivateKey.Curve,
+	}
+
+	// Test String function
+	expectedHash := string(ocrypto.SHA256AsHex(append(r, sBytes...)))
+	s.Require().NotEmpty(binding.String(), "Hash should not be empty")
+	s.Require().Equal(expectedHash, binding.String(), "ECDSA hash should be SHA256 of r||s")
+
+	// Test Verify function - should pass with correct signature
+	valid, err := binding.Verify()
+	s.Require().NoError(err)
+	s.Require().True(valid, "ECDSA binding should be valid with correct signature")
+
+	// Test Verify function with wrong signature - should fail
+	invalidR := make([]byte, 32)
+	invalidS := make([]byte, 32)
+	for i := range invalidR {
+		invalidR[i] = byte(i)
+		invalidS[i] = byte(i + 10)
+	}
+
+	wrongBinding := &ecdsaPolicyBinding{
+		r:               invalidR,
+		s:               invalidS,
+		ephemeralPubKey: compressedPubKey,
+		digest:          digest,
+		curve:           keyPair.PrivateKey.Curve,
+	}
+
+	valid, err = wrongBinding.Verify()
+	s.Require().NoError(err)
+	s.Require().False(valid, "ECDSA binding should be invalid with wrong signature")
+}
+
+func (s *NanoSuite) Test_NanoTDFHeader_VerifyPolicyBinding() {
+	s.Run("ECDSA Policy Binding Verification", func() {
+		// Create a test ECDSA key pair
+		keyPair, err := ocrypto.NewECKeyPair(ocrypto.ECCModeSecp256r1)
+		s.Require().NoError(err)
+
+		// Create test policy data
+		policyData := []byte(`{"body":{"dataAttributes":["https://example.com/attr/classification/value/secret"]}}`)
+		digest := ocrypto.CalculateSHA256(policyData)
+
+		// Sign the digest
+		r, sBytes, err := ocrypto.ComputeECDSASig(digest, keyPair.PrivateKey)
+		s.Require().NoError(err)
+
+		// Get compressed public key
+		compressedPubKey, err := ocrypto.CompressedECPublicKey(ocrypto.ECCModeSecp256r1, keyPair.PrivateKey.PublicKey)
+		s.Require().NoError(err)
+
+		// Create header with ECDSA binding
+		header := &NanoTDFHeader{
+			bindCfg: bindingConfig{
+				useEcdsaBinding: true,
+				eccMode:         ocrypto.ECCModeSecp256r1,
+			},
+			PolicyBody:          policyData,
+			EphemeralKey:        compressedPubKey,
+			ecdsaPolicyBindingR: r,
+			ecdsaPolicyBindingS: sBytes,
+		}
+
+		// Test VerifyPolicyBinding method
+		valid, err := header.VerifyPolicyBinding()
+		s.Require().NoError(err)
+		s.Require().True(valid, "ECDSA policy binding should be valid")
+	})
+
+	s.Run("GMAC Policy Binding Verification", func() {
+		// Create test policy data
+		policyData := []byte(`{"body":{"dataAttributes":["https://example.com/attr/classification/value/secret"]}}`)
+
+		// Create GMAC binding - need to simulate having GMAC at end of the digest
+		gmacBytes := []byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}
+		// Append GMAC to the digest to simulate real scenario
+		policyData = append(policyData, gmacBytes...)
+
+		digest := ocrypto.CalculateSHA256(policyData)
+
+		// For testing, we will use the last bytes as the GMAC binding
+		gmacBytes = digest[len(digest)-len(gmacBytes):]
+
+		// Create header with GMAC binding
+		header := &NanoTDFHeader{
+			bindCfg: bindingConfig{
+				useEcdsaBinding: false,
+			},
+			PolicyBody:        policyData,
+			gmacPolicyBinding: gmacBytes,
+		}
+
+		// Test VerifyPolicyBinding method
+		valid, err := header.VerifyPolicyBinding()
+		s.Require().NoError(err)
+		s.Require().True(valid, "GMAC hash should match")
+	})
+
+	s.Run("Policy Binding Creation Error", func() {
+		// Create header with invalid ECC mode to trigger error in PolicyBinding()
+		header := &NanoTDFHeader{
+			bindCfg: bindingConfig{
+				useEcdsaBinding: true,
+				eccMode:         255, // Invalid ECC mode
+			},
+			PolicyBody: []byte("test"),
+		}
+
+		// Test VerifyPolicyBinding method with error case
+		valid, err := header.VerifyPolicyBinding()
+		s.Require().Error(err)
+		s.Require().False(valid)
+		s.Require().Contains(err.Error(), "unsupported nanoTDF ecc mode", "Error should be related to curve/ECC mode")
+	})
+}
+
 // Helper function to create real NanoTDF data for testing
 func (s *NanoSuite) createRealNanoTDF(sdk *SDK) ([]byte, error) {
 	// Read the test file content
