otdf-python 0.1.10__py3-none-any.whl → 0.3.5__py3-none-any.whl

otdf_python/nanotdf_ecdsa_struct.py

@@ -0,0 +1,132 @@
+"""
+NanoTDF ECDSA Signature Structure.
+"""
+
+from dataclasses import dataclass, field
+
+
+class IncorrectNanoTDFECDSASignatureSize(Exception):
+    """Exception raised when the signature size is incorrect."""
+
+    pass
+
+
+@dataclass
+class NanoTDFECDSAStruct:
+    """
+    Class to handle ECDSA signature structure for NanoTDF.
+
+    This structure represents an ECDSA signature as required by the NanoTDF format.
+    It consists of r and s values along with their lengths.
+    """
+
+    r_length: bytearray = field(default_factory=lambda: bytearray(1))
+    r_value: bytearray = None
+    s_length: bytearray = field(default_factory=lambda: bytearray(1))
+    s_value: bytearray = None
+
+    @classmethod
+    def from_bytes(
+        cls, ecdsa_signature_value: bytes, key_size: int
+    ) -> "NanoTDFECDSAStruct":
+        """
+        Create a NanoTDFECDSAStruct from a byte array.
+
+        Args:
+            ecdsa_signature_value: The signature value as bytes
+            key_size: The size of the key in bytes
+
+        Returns:
+            A new NanoTDFECDSAStruct
+
+        Raises:
+            IncorrectNanoTDFECDSASignatureSize: If the signature buffer size is invalid
+        """
+        if len(ecdsa_signature_value) != (2 * key_size) + 2:
+            raise IncorrectNanoTDFECDSASignatureSize(
+                f"Invalid signature buffer size. Expected {(2 * key_size) + 2}, got {len(ecdsa_signature_value)}"
+            )
+
+        struct_obj = cls()
+
+        # Copy value of r_length to signature struct
+        index = 0
+        struct_obj.r_length[0] = ecdsa_signature_value[index]
+
+        # Copy the contents of r_value to signature struct
+        index += 1
+        r_len = struct_obj.r_length[0]
+        struct_obj.r_value = bytearray(key_size)
+        struct_obj.r_value[:r_len] = ecdsa_signature_value[index : index + r_len]
+
+        # Copy value of s_length to signature struct
+        index += key_size
+        struct_obj.s_length[0] = ecdsa_signature_value[index]
+
+        # Copy value of s_value
+        index += 1
+        s_len = struct_obj.s_length[0]
+        struct_obj.s_value = bytearray(key_size)
+        struct_obj.s_value[:s_len] = ecdsa_signature_value[index : index + s_len]
+
+        return struct_obj
+
+    def as_bytes(self) -> bytes:
+        """
+        Convert the signature structure to bytes.
+        Raises ValueError if r_value or s_value is None.
+        """
+        if self.r_value is None or self.s_value is None:
+            raise ValueError("r_value and s_value must not be None")
+        total_size = 1 + len(self.r_value) + 1 + len(self.s_value)
+        signature = bytearray(total_size)
+
+        # Copy value of r_length
+        index = 0
+        signature[index] = self.r_length[0]
+
+        # Copy the contents of r_value
+        index += 1
+        signature[index : index + len(self.r_value)] = self.r_value
+
+        # Copy value of s_length
+        index += len(self.r_value)
+        signature[index] = self.s_length[0]
+
+        # Copy value of s_value
+        index += 1
+        signature[index : index + len(self.s_value)] = self.s_value
+
+        return bytes(signature)
+
+    def get_s_value(self) -> bytearray:
+        """Get the s value of the signature."""
+        return self.s_value
+
+    def set_s_value(self, s_value: bytearray) -> None:
+        """Set the s value of the signature."""
+        self.s_value = s_value
+
+    def get_s_length(self) -> int:
+        """Get the length of the s value."""
+        return self.s_length[0]
+
+    def set_s_length(self, s_length: int) -> None:
+        """Set the length of the s value."""
+        self.s_length[0] = s_length
+
+    def get_r_value(self) -> bytearray:
+        """Get the r value of the signature."""
+        return self.r_value
+
+    def set_r_value(self, r_value: bytearray) -> None:
+        """Set the r value of the signature."""
+        self.r_value = r_value
+
+    def get_r_length(self) -> int:
+        """Get the length of the r value."""
+        return self.r_length[0]
+
+    def set_r_length(self, r_length: int) -> None:
+        """Set the length of the r value."""
+        self.r_length[0] = r_length

otdf_python/nanotdf_type.py

@@ -0,0 +1,43 @@
+from enum import Enum
+
+
+class ECCurve(Enum):
+    SECP256R1 = "secp256r1"
+    SECP384R1 = "secp384r1"
+    SECP521R1 = "secp384r1"
+    SECP256K1 = "secp256k1"
+
+    def __str__(self):
+        return self.value
+
+
+class Protocol(Enum):
+    HTTP = "HTTP"
+    HTTPS = "HTTPS"
+
+
+class IdentifierType(Enum):
+    NONE = 0
+    TWO_BYTES = 2
+    EIGHT_BYTES = 8
+    THIRTY_TWO_BYTES = 32
+
+    def get_length(self):
+        return self.value
+
+
+class PolicyType(Enum):
+    REMOTE_POLICY = 0
+    EMBEDDED_POLICY_PLAIN_TEXT = 1
+    EMBEDDED_POLICY_ENCRYPTED = 2
+    EMBEDDED_POLICY_ENCRYPTED_POLICY_KEY_ACCESS = 3
+
+
+class Cipher(Enum):
+    AES_256_GCM_64_TAG = 0
+    AES_256_GCM_96_TAG = 1
+    AES_256_GCM_104_TAG = 2
+    AES_256_GCM_112_TAG = 3
+    AES_256_GCM_120_TAG = 4
+    AES_256_GCM_128_TAG = 5
+    EAD_AES_256_HMAC_SHA_256 = 6

otdf_python/policy_binding_serializer.py

@@ -0,0 +1,39 @@
+from typing import Any
+
+
+class PolicyBinding:
+    """
+    Represents a policy binding in the TDF manifest.
+    This is a placeholder implementation as the complete details of
+    the PolicyBinding class aren't provided in the code snippets.
+    """
+
+    def __init__(self, **kwargs):
+        for key, value in kwargs.items():
+            setattr(self, key, value)
+
+
+class PolicyBindingSerializer:
+    """
+    Handles serialization and deserialization of policy bindings.
+    This class provides static methods to convert between JSON representations
+    and PolicyBinding objects.
+    """
+
+    @staticmethod
+    def deserialize(
+        json_data: Any, typeofT: type | None = None, context: Any = None
+    ) -> Any:
+        if isinstance(json_data, dict):
+            return PolicyBinding(**json_data)
+        if isinstance(json_data, str):
+            return json_data
+        raise ValueError("Invalid type for PolicyBinding deserialization")
+
+    @staticmethod
+    def serialize(
+        src: Any, typeofSrc: type | None = None, context: Any = None
+    ) -> dict | str:
+        if isinstance(src, PolicyBinding):
+            return vars(src)
+        return str(src)

otdf_python/policy_info.py

@@ -0,0 +1,55 @@
+class PolicyInfo:
+    def __init__(
+        self,
+        policy_type: int = 0,
+        body: bytes | None = None,
+    ):
+        self.policy_type = policy_type
+        self.body = body
+
+    def set_embedded_plain_text_policy(self, body: bytes):
+        self.body = body
+        self.policy_type = 1  # Placeholder for EMBEDDED_POLICY_PLAIN_TEXT
+
+    def set_embedded_encrypted_text_policy(self, body: bytes):
+        self.body = body
+        self.policy_type = 2  # Placeholder for EMBEDDED_POLICY_ENCRYPTED
+
+    def get_body(self) -> bytes | None:
+        return self.body
+
+    def get_total_size(self) -> int:
+        size = 1  # policy_type
+        size += 2  # body_len
+        size += len(self.body) if self.body else 0
+        return size
+
+    def write_into_buffer(self, buffer: bytearray, offset: int = 0) -> int:
+        start = offset
+        buffer[offset] = self.policy_type
+        offset += 1
+        body_len = len(self.body) if self.body else 0
+        buffer[offset : offset + 2] = body_len.to_bytes(2, "big")
+        offset += 2
+        if self.body:
+            buffer[offset : offset + body_len] = self.body
+            offset += body_len
+        return offset - start
+
+    @staticmethod
+    def from_bytes_with_size(buffer: bytes, ecc_mode):
+        # Parse policy_type (1 byte), body_len (2 bytes), body
+        # Note: binding is NOT part of PolicyInfo - it's read separately in Header
+        offset = 0
+        if len(buffer) < 3:
+            raise ValueError("Buffer too short for PolicyInfo header")
+        policy_type = buffer[offset]
+        offset += 1
+        body_len = int.from_bytes(buffer[offset : offset + 2], "big")
+        offset += 2
+        if len(buffer) < offset + body_len:
+            raise ValueError("Buffer too short for PolicyInfo body")
+        body = buffer[offset : offset + body_len]
+        offset += body_len
+        pi = PolicyInfo(policy_type=policy_type, body=body)
+        return pi, offset

otdf_python/policy_object.py

@@ -0,0 +1,22 @@
+from dataclasses import dataclass
+
+
+@dataclass
+class AttributeObject:
+    attribute: str
+    display_name: str | None = None
+    is_default: bool = False
+    pub_key: str | None = None
+    kas_url: str | None = None
+
+
+@dataclass
+class PolicyBody:
+    data_attributes: list[AttributeObject]
+    dissem: list[str]
+
+
+@dataclass
+class PolicyObject:
+    uuid: str
+    body: PolicyBody

otdf_python/policy_stub.py

@@ -0,0 +1,2 @@
+# TODO: Replace this with a proper Policy UUID values
+NULL_POLICY_UUID: str = "00000000-0000-0000-0000-000000000000"

otdf_python/resource_locator.py

@@ -0,0 +1,172 @@
+class ResourceLocator:
+    """
+    NanoTDF Resource Locator per the spec:
+    https://github.com/opentdf/spec/blob/main/schema/nanotdf/README.md
+
+    Format:
+    - Byte 0: Protocol Enum (bits 0-3) + Identifier Length (bits 4-7)
+      - Protocol: 0x0=HTTP, 0x1=HTTPS, 0xF=Shared Resource Directory
+      - Identifier: 0x0=None, 0x1=2 bytes, 0x2=8 bytes, 0x3=32 bytes
+    - Byte 1: Body Length (1-255 bytes)
+    - Bytes 2-N: Body (URL path)
+    - Bytes N+1-M: Identifier (optional, 0/2/8/32 bytes)
+    """
+
+    # Protocol enum values
+    PROTOCOL_HTTP = 0x0
+    PROTOCOL_HTTPS = 0x1
+    PROTOCOL_SHARED_RESOURCE_DIR = 0xF
+
+    # Identifier length enum values (in bits 4-7)
+    IDENTIFIER_NONE = 0x0
+    IDENTIFIER_2_BYTES = 0x1
+    IDENTIFIER_8_BYTES = 0x2
+    IDENTIFIER_32_BYTES = 0x3
+
+    def __init__(self, resource_url: str | None = None, identifier: str | None = None):
+        self.resource_url = resource_url or ""
+        self.identifier = identifier or ""
+
+    def get_resource_url(self):
+        return self.resource_url
+
+    def get_identifier(self):
+        return self.identifier
+
+    def _parse_url(self):
+        """Parse URL to extract protocol and body (path)."""
+        url = self.resource_url
+        if url.startswith("https://"):
+            protocol = self.PROTOCOL_HTTPS
+            body = url[8:]  # Remove "https://"
+        elif url.startswith("http://"):
+            protocol = self.PROTOCOL_HTTP
+            body = url[7:]  # Remove "http://"
+        else:
+            # Default to HTTP
+            protocol = self.PROTOCOL_HTTP
+            body = url
+        return protocol, body.encode()
+
+    def _get_identifier_bytes(self):
+        """Get identifier bytes and determine identifier length enum."""
+        if not self.identifier:
+            return self.IDENTIFIER_NONE, b""
+
+        id_bytes = self.identifier.encode()
+        id_len = len(id_bytes)
+
+        if id_len == 0:
+            return self.IDENTIFIER_NONE, b""
+        elif id_len <= 2:
+            # Pad to 2 bytes
+            return self.IDENTIFIER_2_BYTES, id_bytes.ljust(2, b"\x00")
+        elif id_len <= 8:
+            # Pad to 8 bytes
+            return self.IDENTIFIER_8_BYTES, id_bytes.ljust(8, b"\x00")
+        elif id_len <= 32:
+            # Pad to 32 bytes
+            return self.IDENTIFIER_32_BYTES, id_bytes.ljust(32, b"\x00")
+        else:
+            raise ValueError(f"Identifier too long: {id_len} bytes (max 32)")
+
+    def to_bytes(self):
+        """
+        Convert to NanoTDF Resource Locator format per spec.
+
+        Format:
+        - Byte 0: Protocol Enum (bits 0-3) + Identifier Length (bits 4-7)
+        - Byte 1: Body Length
+        - Bytes 2-N: Body (URL path)
+        - Bytes N+1-M: Identifier (0/2/8/32 bytes)
+        """
+        protocol, body_bytes = self._parse_url()
+        identifier_enum, identifier_bytes = self._get_identifier_bytes()
+
+        if len(body_bytes) > 255:
+            raise ValueError(
+                f"Resource Locator body too long: {len(body_bytes)} bytes (max 255)"
+            )
+
+        # Byte 0: protocol in bits 0-3, identifier length in bits 4-7
+        protocol_and_id = (identifier_enum << 4) | protocol
+
+        # Byte 1: body length
+        body_len = len(body_bytes)
+
+        return bytes([protocol_and_id, body_len]) + body_bytes + identifier_bytes
+
+    def get_total_size(self) -> int:
+        return len(self.to_bytes())
+
+    def write_into_buffer(self, buffer: bytearray, offset: int = 0) -> int:
+        data = self.to_bytes()
+        buffer[offset : offset + len(data)] = data
+        return len(data)
+
+    @staticmethod
+    def from_bytes_with_size(buffer: bytes):  # noqa: C901
+        """
+        Parse NanoTDF Resource Locator from bytes per spec.
+
+        Format:
+        - Byte 0: Protocol Enum (bits 0-3) + Identifier Length (bits 4-7)
+        - Byte 1: Body Length
+        - Bytes 2-N: Body (URL path)
+        - Bytes N+1-M: Identifier (0/2/8/32 bytes)
+        """
+        if len(buffer) < 2:
+            raise ValueError("Buffer too short for ResourceLocator")
+
+        # Parse byte 0: protocol and identifier length
+        protocol_and_id = buffer[0]
+        protocol = protocol_and_id & 0x0F  # Bits 0-3
+        identifier_enum = (protocol_and_id >> 4) & 0x0F  # Bits 4-7
+
+        # Parse byte 1: body length
+        body_len = buffer[1]
+
+        if len(buffer) < 2 + body_len:
+            raise ValueError(
+                f"Buffer too short for ResourceLocator body (need {2 + body_len}, have {len(buffer)})"
+            )
+
+        # Parse body (URL path)
+        body_bytes = buffer[2 : 2 + body_len]
+        body = body_bytes.decode()
+
+        # Reconstruct full URL with protocol
+        if protocol == ResourceLocator.PROTOCOL_HTTPS:
+            resource_url = f"https://{body}"
+        elif protocol == ResourceLocator.PROTOCOL_HTTP:
+            resource_url = f"http://{body}"
+        else:
+            resource_url = body
+
+        # Parse identifier based on identifier_enum
+        offset = 2 + body_len
+        if identifier_enum == ResourceLocator.IDENTIFIER_NONE:
+            identifier_len = 0
+        elif identifier_enum == ResourceLocator.IDENTIFIER_2_BYTES:
+            identifier_len = 2
+        elif identifier_enum == ResourceLocator.IDENTIFIER_8_BYTES:
+            identifier_len = 8
+        elif identifier_enum == ResourceLocator.IDENTIFIER_32_BYTES:
+            identifier_len = 32
+        else:
+            raise ValueError(f"Invalid identifier length enum: {identifier_enum}")
+
+        if len(buffer) < offset + identifier_len:
+            raise ValueError(
+                f"Buffer too short for ResourceLocator identifier (need {offset + identifier_len}, have {len(buffer)})"
+            )
+
+        if identifier_len > 0:
+            identifier_bytes = buffer[offset : offset + identifier_len]
+            # Remove padding
+            identifier = identifier_bytes.rstrip(b"\x00").decode()
+        else:
+            identifier = ""
+
+        size = 2 + body_len + identifier_len
+        return ResourceLocator(resource_url, identifier), size