fix(sdk): parse the component sizes

[mkleene]

we serialize the components r and s of an ECDSA signature as:

| length of r in bytes (1 byte) | r | length of s in bytes (1 byte) | s |

The change to the spec is implemented here and hasn't been merged yet

[gemini-code-assist]

Summary of Changes

Hello @mkleene, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a parsing issue within the SDK's PolicyInfo class, specifically concerning the handling of ECDSA signature component sizes. The changes ensure that the SDK correctly interprets variable-length signature components, improving the robustness of TDF (Trusted Data Format) processing. It introduces a new exception for malformed data and includes new test coverage to validate the updated parsing logic.

Highlights

• Improved ECDSA Signature Parsing: The core change involves refactoring how ECDSA signature components (r and s) are parsed from the ByteBuffer within the PolicyInfo class. Previously, it assumed a fixed size based on the curve, but now it correctly reads the size of each component before reading its bytes, ensuring accurate parsing of variable-length DER-encoded signatures.
• Enhanced Error Handling: A new exception type, MalformedTDFException, has been introduced in the SDK class. This exception is now thrown when an invalid ECDSA binding size is encountered during parsing, providing clearer error handling for malformed TDF data.
• New Test Coverage: A dedicated test case has been added to PolicyInfoTest to specifically validate the new logic for reading DER-encoded ECDSA signatures, ensuring the fix works as expected and preventing regressions.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request refactors the parsing of policy bindings to correctly handle ECDSA signature component sizes, and introduces a new MalformedTDFException for improved error handling. The changes are solid. I've provided a few suggestions to improve code clarity and maintainability, including removing a misleading comment, refining Javadoc, and correcting a test method's name and signature.

[mkleene]

/gemini review

[gemini-code-assist]

Code Review

This pull request correctly implements parsing for variable-sized ECDSA signature components, which is a good improvement. The introduction of MalformedTDFException for more specific error handling and the accompanying tests are also valuable additions. I have a couple of suggestions to enhance code readability and maintainability.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud