Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change default keytype to RSA #154

Merged
merged 5 commits into from
Aug 20, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
rollback tests: Parametrize
We can parametrize these tests so that they work both with and without
hashes:
* Replace two targets rollback tests with a parametrized test
* Replace on snapshot rollback test with a parametrized test
  (the "with hashes" case was not tested before)

Signed-off-by: Jussi Kukkonen <[email protected]>
jku committed Aug 19, 2024
commit f1f8f311e3298a9bde9bc7ced73bb65bbb510498
59 changes: 19 additions & 40 deletions tuf_conformance/test_rollback.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
import pytest
from tuf.api.metadata import Root, Snapshot, Targets, Timestamp

from tuf_conformance.client_runner import ClientRunner
from tuf_conformance.simulator_server import SimulatorServer


def test_new_snapshot_version_rollback(
def test_simple_snapshot_rollback(
client: ClientRunner, server: SimulatorServer
) -> None:
"""Test a simple snapshot version rollback attack.
@@ -62,8 +63,9 @@ def test_new_timestamp_version_rollback(
assert repo.metadata_statistics[-1] == (Timestamp.type, None)


def test_new_timestamp_snapshot_rollback(
client: ClientRunner, server: SimulatorServer
@pytest.mark.parametrize("use_hashes", [False, True], ids=["basic", "with hashes"])
def test_snapshot_rollback(
client: ClientRunner, server: SimulatorServer, use_hashes: bool
) -> None:
"""Test a complete snapshot version rollback attack.

@@ -72,6 +74,11 @@ def test_new_timestamp_snapshot_rollback(
Expect client to refuse the update.
"""
init_data, repo = server.new_test(client.test_name)
# When hashes are used and timestamp update happens:
# 1) snapshot hash is is computed
# 2) hash is stored in timestamp.snapshot_meta
# The local snapshot must be used in rollback check even when hashes are used
repo.compute_metafile_hashes_length = use_hashes

assert client.init_client(init_data) == 0

@@ -211,49 +218,21 @@ def test_new_timestamp_fast_forward_recovery(
assert client.version(Timestamp.type) == 1


def test_targets_rollback(client: ClientRunner, server: SimulatorServer) -> None:
@pytest.mark.parametrize("use_hashes", [False, True], ids=["basic", "with hashes"])
def test_targets_rollback(
client: ClientRunner, server: SimulatorServer, use_hashes: bool
) -> None:
"""Test targets rollback

the targets version info in local snapshot.meta should get used in a rollback check.
"""
init_data, repo = server.new_test(client.test_name)

assert client.init_client(init_data) == 0

# Initialize all metadata and assign targets
# version higher than 1.
repo.targets.version = 2
repo.update_snapshot() # v2
assert client.refresh(init_data) == 0

# The new targets must have a lower version than the local trusted one.
repo.targets.version = 1
repo.update_snapshot() # v3

# Client refresh should fail because of targets rollback
assert client.refresh(init_data) == 1
assert client.version(Snapshot.type) == 2
assert client.version(Targets.type) == 2


def test_targets_rollback_with_local_snapshot_hash_mismatch(
client: ClientRunner, server: SimulatorServer
) -> None:
"""Test targets rollback attack check when metafile hashes are used.

the targets version info in local (old) snapshot.meta should get used in a rollback
check even though the local (old) snapshot hash does not match the info in new
timestamp.snapshot_meta.
"""
init_data, repo = server.new_test(client.test_name)

# By raising this flag on timestamp update the simulator would:
# 1) compute the hash of new snapshots
# 2) assign the hash to timestamp.snapshot_meta
# The purpose is to create a hash mismatch between timestamp.meta and
# the local snapshot, but to have hash match between timestamp.meta and
# a future snapshot version.
repo.compute_metafile_hashes_length = True
# When hashes are used and timestamp update happens:
# 1) snapshot hash is is computed
# 2) hash is stored in timestamp.snapshot_meta
# The local snapshot must be used in rollback check even when hashes are used
repo.compute_metafile_hashes_length = use_hashes

assert client.init_client(init_data) == 0