From acf57028f1481f432b6b0c3c7a3e2c2261ac739f Mon Sep 17 00:00:00 2001 From: Elizabeth Healy <35498075+elizabethhealy@users.noreply.github.com> Date: Wed, 6 Nov 2024 14:51:03 -0500 Subject: [PATCH] feat: assertion verification disable (#419) --- .github/spellcheck.ignore | 1 + cmd/tdf-decrypt.go | 9 ++++++++- docs/man/decrypt/_index.md | 3 +++ go.mod | 4 ++-- go.sum | 4 ++-- pkg/handlers/tdf.go | 6 ++++-- 6 files changed, 20 insertions(+), 7 deletions(-) diff --git a/.github/spellcheck.ignore b/.github/spellcheck.ignore index 1a6ff401..95aaf8bc 100644 --- a/.github/spellcheck.ignore +++ b/.github/spellcheck.ignore @@ -77,6 +77,7 @@ localhost namespace namespaces nano +no-verify-assertions ns otdfctl performant diff --git a/cmd/tdf-decrypt.go b/cmd/tdf-decrypt.go index 54a972e4..e940471d 100644 --- a/cmd/tdf-decrypt.go +++ b/cmd/tdf-decrypt.go @@ -20,6 +20,7 @@ func dev_tdfDecryptCmd(cmd *cobra.Command, args []string) { output := c.Flags.GetOptionalString("out") tdfType := c.Flags.GetOptionalString("tdf-type") + disableAssertionVerification := c.Flags.GetOptionalBool("no-verify-assertions") if tdfType == "" { tdfType = TDF3 } @@ -43,7 +44,7 @@ func dev_tdfDecryptCmd(cmd *cobra.Command, args []string) { var err error switch tdfType { case TDF3: - decrypted, err = h.DecryptTDF(bytesToDecrypt) + decrypted, err = h.DecryptTDF(bytesToDecrypt, disableAssertionVerification) case NANO: decrypted, err = h.DecryptNanoTDF(bytesToDecrypt) default: @@ -86,6 +87,12 @@ func init() { decryptCmd.GetDocFlag("tdf-type").Default, decryptCmd.GetDocFlag("tdf-type").Description, ) + decryptCmd.Flags().Bool( + decryptCmd.GetDocFlag("no-verify-assertions").Name, + decryptCmd.GetDocFlag("no-verify-assertions").DefaultAsBool(), + decryptCmd.GetDocFlag("no-verify-assertions").Description, + ) + decryptCmd.Command.GroupID = TDF RootCmd.AddCommand(&decryptCmd.Command) diff --git a/docs/man/decrypt/_index.md b/docs/man/decrypt/_index.md index d378846a..02efd114 100644 --- a/docs/man/decrypt/_index.md +++ b/docs/man/decrypt/_index.md @@ -14,6 +14,9 @@ command: - tdf3 - nano default: tdf3 + - name: no-verify-assertions + description: disable verification of assertions + default: false --- Decrypt a Trusted Data Format (TDF) file and output the contents to stdout or a file in the current working directory. diff --git a/go.mod b/go.mod index 00a1647a..936c0b12 100644 --- a/go.mod +++ b/go.mod @@ -12,11 +12,12 @@ require ( github.com/creasty/defaults v1.8.0 github.com/evertras/bubble-table v0.16.1 github.com/gabriel-vasile/mimetype v1.4.5 + github.com/go-jose/go-jose/v3 v3.0.3 github.com/golang-jwt/jwt v3.2.2+incompatible github.com/google/uuid v1.6.0 github.com/opentdf/platform/lib/flattening v0.1.1 github.com/opentdf/platform/protocol/go v0.2.18 - github.com/opentdf/platform/sdk v0.3.15 + github.com/opentdf/platform/sdk v0.3.17 github.com/spf13/cobra v1.8.1 github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.9.0 @@ -49,7 +50,6 @@ require ( github.com/dustin/go-humanize v1.0.1 // indirect github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect diff --git a/go.sum b/go.sum index 1ffd87ba..3676750a 100644 --- a/go.sum +++ b/go.sum @@ -223,8 +223,8 @@ github.com/opentdf/platform/lib/ocrypto v0.1.6 h1:rd4ctCZOE/c3qDJORtkSK9tw6dEXb+ github.com/opentdf/platform/lib/ocrypto v0.1.6/go.mod h1:ne+l8Q922OdzA0xesK3XJmfECBnn5vLSGYU3/3OhiHM= github.com/opentdf/platform/protocol/go v0.2.18 h1:s+TVZkOPGCzy7WyObtJWJNaFeOGDUTuSmAsq3omvugY= github.com/opentdf/platform/protocol/go v0.2.18/go.mod h1:WqDcnFQJb0v8ivRQPidbehcL8ils5ZSZYXkuv0nyvsI= -github.com/opentdf/platform/sdk v0.3.15 h1:RFSZ93SlBiZfFY6JAFLWbv4JC/H/KwC1acxyxCjPNnM= -github.com/opentdf/platform/sdk v0.3.15/go.mod h1:c2+nrsRLvLf2OOryXnNy0iGZN/TScc21Pul7uqKVXIs= +github.com/opentdf/platform/sdk v0.3.17 h1:Uo/kTMneB18i0gZNfTRtvw34bGLFUc8BEnA/BMK0VVs= +github.com/opentdf/platform/sdk v0.3.17/go.mod h1:c2+nrsRLvLf2OOryXnNy0iGZN/TScc21Pul7uqKVXIs= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= diff --git a/pkg/handlers/tdf.go b/pkg/handlers/tdf.go index f2f07987..e533d4bd 100644 --- a/pkg/handlers/tdf.go +++ b/pkg/handlers/tdf.go @@ -47,8 +47,10 @@ func (h Handler) EncryptBytes(b []byte, values []string, mimeType string, kasUrl return enc, nil } -func (h Handler) DecryptTDF(toDecrypt []byte) (*bytes.Buffer, error) { - tdfreader, err := h.sdk.LoadTDF(bytes.NewReader(toDecrypt)) +func (h Handler) DecryptTDF(toDecrypt []byte, disableAssertionVerification bool) (*bytes.Buffer, error) { + tdfreader, err := h.sdk.LoadTDF(bytes.NewReader(toDecrypt), + sdk.WithDisableAssertionVerification(disableAssertionVerification), + ) if err != nil { return nil, err }