From 54d09ebb7a3a29be7da51121a246ba7e38d3fefa Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Thu, 11 Jul 2024 19:52:00 +0100
Subject: [PATCH] refactor rollback tests (#58)

Signed-off-by: Adam Korczynski <adam@adalogics.com>
---
 self_tests/test_repository_simulator.py | 14 +++++
 tuf_conformance/test_rollback.py        | 83 ++++++++++---------------
 2 files changed, 48 insertions(+), 49 deletions(-)

diff --git a/self_tests/test_repository_simulator.py b/self_tests/test_repository_simulator.py
index be53f25..f60e692 100644
--- a/self_tests/test_repository_simulator.py
+++ b/self_tests/test_repository_simulator.py
@@ -131,5 +131,19 @@ def test_add_key_implementation(self):
         expected_bytes = meta_dict_to_bytes(json.loads(repo.md_root.to_bytes())["signed"])
         self.assertEqual(our_own_bytes, expected_bytes)
 
+    def test_downgrade_snapshot(self):
+        repo = RepositorySimulator()
+        repo.update_snapshot() # v2
+        self.assertTrue(repo._version_equals(Snapshot.type, 2))
+        repo.downgrade_snapshot() # v1
+        self.assertTrue(repo._version_equals(Snapshot.type, 1))
+
+    def test_downgrade_timestamp(self):
+        repo = RepositorySimulator()
+        repo.update_timestamp() # v2
+        self.assertTrue(repo._version_equals(Timestamp.type, 2))
+        repo.downgrade_timestamp() # v1
+        self.assertTrue(repo._version_equals(Timestamp.type, 1))
+
 if __name__ == '__main__':
     unittest.main()
\ No newline at end of file
diff --git a/tuf_conformance/test_rollback.py b/tuf_conformance/test_rollback.py
index dfa0dcd..fcf7184 100644
--- a/tuf_conformance/test_rollback.py
+++ b/tuf_conformance/test_rollback.py
@@ -8,8 +8,6 @@
 
 def test_new_snapshot_version_rollback(client: ClientRunner,
                                        server: SimulatorServer) -> None:
-    """This is an example of a test method:
-    it should likely be a e.g. a unittest.TestCase"""
 
     name = "test_new_snapshot_version_rollback"
 
@@ -21,15 +19,11 @@ def test_new_snapshot_version_rollback(client: ClientRunner,
     assert client.init_client(init_data) == 0
 
     # Repository performs legitimate update to snapshot
-    repo.update_snapshot()
+    repo.update_snapshot() # v2
     assert client.refresh(init_data) == 0
 
-    # Sanity check that client saw the snapshot update:
-    assert client._version_equals(Snapshot.type, 2)
-
     # Repository attempts rollback attack:
-    repo.downgrade_snapshot()
-    assert repo._version_equals(Snapshot.type, 1)
+    repo.downgrade_snapshot() # v1
     client.refresh(init_data)
 
     # Check that client resisted rollback attack
@@ -37,8 +31,6 @@ def test_new_snapshot_version_rollback(client: ClientRunner,
 
 def test_new_timestamp_version_rollback(client: ClientRunner,
                                         server: SimulatorServer) -> None:
-    """This is an example of a test method:
-    it should likely be a e.g. a unittest.TestCase"""
 
     name = "test_new_timestamp_version_rollback"
 
@@ -49,30 +41,22 @@ def test_new_timestamp_version_rollback(client: ClientRunner,
     assert client.init_client(init_data) == 0
 
     # Repository performs legitimate update to snapshot
-    repo.update_timestamp()
-    assert repo._version_equals(Timestamp.type, 2)
+    repo.update_timestamp() # v2
     assert client.refresh(init_data) == 0
 
     # Sanity check that client saw the snapshot update:
     assert client._version_equals(Timestamp.type, 2)
 
     # Repository attempts rollback attack:
-    repo.downgrade_timestamp()
-
-    # Sanitty check that the repository is attempting a
-    # rollback attack
-    assert repo._version_equals(Timestamp.type, 1)
+    repo.downgrade_timestamp() # v1
 
-    client.refresh(init_data)
+    assert client.refresh(init_data) == 1
 
     # Check that client resisted rollback attack
     assert client._version_equals(Timestamp.type, 2)
 
 def test_new_timestamp_snapshot_rollback(client: ClientRunner, 
                                          server: SimulatorServer) -> None:
-    """This is an example of a test method:
-    it should likely be a e.g. a unittest.TestCase"""
-
     name = "test_new_timestamp_snapshot_rollback"
 
     # initialize a simulator with repository content we need
@@ -83,30 +67,28 @@ def test_new_timestamp_snapshot_rollback(client: ClientRunner,
     assert client.init_client(init_data) == 0
 
     # Start snapshot version at 2
-    #repo.snapshot.version = 2
-    new_snapshot = repo.load_metadata(Snapshot.type)
-    new_snapshot.signed.version = 2
-    repo.save_metadata(Snapshot.type, new_snapshot)
+    repo.update_snapshot() # v2, timestamp = v3
 
     # Repository performs legitimate update to snapshot
-    repo.update_timestamp()
-    # Sanity check
-    assert repo._version_equals(Timestamp.type, 2)
+    repo.update_timestamp() # v3
     assert client.refresh(init_data) == 0
 
     # Repo attempts rollback attack
     new_timestamp = repo.load_metadata(Timestamp.type)
     new_timestamp.signed.snapshot_meta.version = 1
-    new_timestamp.signed.version += 1
     repo.save_metadata(Timestamp.type, new_timestamp)
-    # Sanity check
-    assert repo._version_equals(Timestamp.type, 3)
-    assert client._version_equals(Timestamp.type, 2)
+    new_snapshot = repo.load_metadata(Snapshot.type)
+    new_snapshot.signed.version = 1
+    repo.save_metadata(Snapshot.type, new_snapshot)
+    repo.update_timestamp() # v4
+    assert repo._version_equals(Timestamp.type, 4)
+    assert client._version_equals(Timestamp.type, 3)
 
     client.refresh(init_data)
 
     # Check that client resisted rollback attack
-    assert client._version_equals(Timestamp.type, 2)
+    assert client._version_equals(Timestamp.type, 3)
+    assert client._version_equals(Snapshot.type, 2)
 
 def test_new_targets_fast_forward_recovery(client: ClientRunner,
                                            server: SimulatorServer) -> None:
@@ -131,9 +113,9 @@ def test_new_targets_fast_forward_recovery(client: ClientRunner,
     new_targets = repo.load_metadata(Targets.type)
     new_targets.signed.version = 99999
     repo.save_metadata(Targets.type, new_targets)
-    repo.update_snapshot()
+    repo.update_snapshot() # v2
 
-    client.refresh(init_data)
+    assert client.refresh(init_data) == 0
     assert client._version_equals(Targets.type, 99999)
 
     repo.rotate_keys(Snapshot.type)
@@ -141,11 +123,13 @@ def test_new_targets_fast_forward_recovery(client: ClientRunner,
     new_targets = repo.load_metadata(Targets.type)
     new_targets.signed.version = 1
     repo.save_metadata(Targets.type, new_targets)
-    repo.update_snapshot()
+    repo.update_snapshot() # v3
 
-    client.refresh(init_data)
-    # TODO: Is it really true that the targets version is 1?
+    assert repo._version_equals(Snapshot.type, 3)
+
+    assert client.refresh(init_data) == 1
     assert client._version_equals(Targets.type, 99999)
+    assert client._version_equals(Snapshot.type, 2)
 
 def test_new_snapshot_fast_forward_recovery(client: ClientRunner,
                                             server: SimulatorServer) -> None:
@@ -179,14 +163,12 @@ def test_new_snapshot_fast_forward_recovery(client: ClientRunner,
     repo.rotate_keys(Timestamp.type)
     repo.bump_root_by_one()
 
-    #repo.snapshot.version = 1
     new_snapshot = repo.load_metadata(Snapshot.type)
     new_snapshot.signed.version = 1
     repo.save_metadata(Snapshot.type, new_snapshot)
     repo.update_timestamp()
 
-    client.refresh(init_data)
-    # TODO: Can this really be true?
+    assert client.refresh(init_data) == 1
     assert client._version_equals(Snapshot.type, 99999)
 
 def test_new_snapshot_version_mismatch(client: ClientRunner,
@@ -240,17 +222,19 @@ def test_new_timestamp_fast_forward_recovery(client: ClientRunner,
     client.refresh(init_data)
     assert client._version_equals(Timestamp.type, 99999)
 
-    # repository rotates timestamp keys, rolls back timestamp version
+    # repository rotates timestamp keys,
+    # rolls back timestamp version
     repo.rotate_keys(Timestamp.type)
     repo.bump_root_by_one()
-    #repo.timestamp.version = 1
 
     new_timestamp = repo.load_metadata(Timestamp.type)
     new_timestamp.signed.version = 1
     repo.save_metadata(Timestamp.type, new_timestamp)
 
-    # client refresh the metadata and see the initial timestamp version
-    client.refresh(init_data)
+    # repo timestamp version is now 1 which is less
+    # than the version in the clients metadata.
+    # The client should not be version 1 after refreshing.
+    assert client.refresh(init_data) == 1
     assert client._version_equals(Timestamp.type, 99999)
 
 def test_snapshot_rollback_with_local_snapshot_hash_mismatch(client: ClientRunner,
@@ -267,11 +251,12 @@ def test_snapshot_rollback_with_local_snapshot_hash_mismatch(client: ClientRunne
     assert client.init_client(init_data) == 0
     client.refresh(init_data)
     assert client._files_exist([Root.type,
-                                       Timestamp.type,
-                                       Snapshot.type,
-                                       Targets.type])
+                                Timestamp.type,
+                                Snapshot.type,
+                                Targets.type])
 
-    # Initialize all metadata and assign targets version higher than 1.
+    # Initialize all metadata and assign targets
+    # version higher than 1.
     new_targets = repo.load_metadata(Targets.type)
     new_targets.signed.version = 2
     repo.save_metadata(Targets.type, new_targets)