Merge branch 'master' into fix/add-delegated-targets-to-localmeta

theupdateframework · Dec 22, 2022 · f0d983c · f0d983c
2 parents d2ad0d7 + 9cb61d6
commit f0d983c
Show file tree

Hide file tree

Showing 37 changed files with 382 additions and 301 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,6 +6,8 @@ on:
     tags:
       - "v*"
 name: CI
+permissions:
+  contents: write
 jobs:
   tests:
     uses: ./.github/workflows/tests.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -19,11 +19,11 @@ jobs:
         uses: arnested/go-version-action@b556f8d91b644164318c709d28b9083eaf0c064d
         id: go-version
       - name: Set up Go
-        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613
         with:
           go-version: ${{ steps.go-version.outputs.minimal }}
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a
+        uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757
         with:
           distribution: goreleaser
           version: "v1.7.0"

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Setup - Go ${{ matrix.go-version }}
-        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613
         with:
           go-version: ${{ matrix.go-version }}
 
@@ -59,12 +59,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     needs: get-go-versions
     steps:
-      - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
+      - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613
         with:
           go-version: ${{ matrix.go-version }}
       - uses: actions/checkout@v3
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc
+        uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376
         with:
           version: v1.49
           args: --timeout 5m --verbose
diff --git a/client/client_test.go b/client/client_test.go
@@ -2,6 +2,7 @@ package client
 
 import (
 	"bytes"
+	"crypto/ed25519"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
@@ -351,7 +352,7 @@ func (s *ClientSuite) TestInit(c *C) {
 	_, err = client.Update()
 	c.Assert(err, Equals, ErrNoRootKeys)
 
-	// check Init() returns ErrInvalid when the root's signature is
+	// check Init() returns ErrRoleThreshold when the root's signature is
 	// invalid
 	// modify root and marshal without regenerating signatures
 	root.Version = root.Version + 1
@@ -360,14 +361,38 @@ func (s *ClientSuite) TestInit(c *C) {
 	dataSigned.Signed = rootBytes
 	dataBytes, err := json.Marshal(dataSigned)
 	c.Assert(err, IsNil)
-	c.Assert(client.Init(dataBytes), Equals, verify.ErrInvalid)
+	c.Assert(client.Init(dataBytes), Equals, verify.ErrRoleThreshold{
+		Expected: 1, Actual: 0})
 
 	// check Update() does not return ErrNoRootKeys after initialization
 	c.Assert(client.Init(bytes), IsNil)
 	_, err = client.Update()
 	c.Assert(err, IsNil)
 }
 
+// This is a regression test for https://github.com/theupdateframework/go-tuf/issues/370
+// where a single invalid signature resulted in an early return.
+// Instead, the client should have continued and counted the number
+// of valid signatures, ignoring the incorrect one.
+func (s *ClientSuite) TestExtraRootSignaturesOnInit(c *C) {
+	client := NewClient(MemoryLocalStore(), s.remote)
+	bytes, err := s.readMeta("root.json")
+	c.Assert(err, IsNil)
+	dataSigned := &data.Signed{}
+	c.Assert(json.Unmarshal(bytes, dataSigned), IsNil)
+
+	// check Init() succeeds when an extra invalid signature was
+	// added to the root.
+	dataSigned.Signatures = append(dataSigned.Signatures,
+		data.Signature{
+			KeyID:     dataSigned.Signatures[0].KeyID,
+			Signature: make([]byte, ed25519.SignatureSize),
+		})
+	dataBytes, err := json.Marshal(dataSigned)
+	c.Assert(err, IsNil)
+	c.Assert(client.Init(dataBytes), IsNil)
+}
+
 func (s *ClientSuite) TestFirstUpdate(c *C) {
 	files, err := s.newClient(c).Update()
 	c.Assert(err, IsNil)
@@ -455,6 +480,44 @@ func (s *ClientSuite) TestNewRoot(c *C) {
 	}
 }
 
+// This is a regression test for https://github.com/theupdateframework/go-tuf/issues/370
+// where a single invalid signature resulted in an early return.
+// Instead, the client should have continued and counted the number
+// of valid signatures, ignoring the incorrect one.
+func (s *ClientSuite) TestExtraSignaturesOnRootUpdate(c *C) {
+	client := s.newClient(c)
+
+	// Add an extra root key to update the root to a new version.
+	s.genKey(c, "root")
+	// update metadata
+	c.Assert(s.repo.Sign("targets.json"), IsNil)
+	c.Assert(s.repo.Snapshot(), IsNil)
+	c.Assert(s.repo.Timestamp(), IsNil)
+	c.Assert(s.repo.Commit(), IsNil)
+	s.syncRemote(c)
+
+	// Add an extra signature to the new remote root.
+	bytes, err := s.readMeta("root.json")
+	c.Assert(err, IsNil)
+	dataSigned := &data.Signed{}
+	c.Assert(json.Unmarshal(bytes, dataSigned), IsNil)
+	dataSigned.Signatures = append(dataSigned.Signatures,
+		data.Signature{
+			KeyID:     dataSigned.Signatures[0].KeyID,
+			Signature: make([]byte, ed25519.SignatureSize),
+		})
+	dataBytes, err := json.Marshal(dataSigned)
+	c.Assert(err, IsNil)
+	s.setRemoteMeta("root.json", dataBytes)
+	s.setRemoteMeta("2.root.json", dataBytes)
+
+	// check Update() succeeds when an extra invalid signature was
+	// added to the root.
+	_, err = client.Update()
+	c.Assert(err, IsNil)
+	c.Assert(client.rootVer, Equals, int64(2))
+}
+
 // startTUFRepoServer starts a HTTP server to serve a TUF Repo.
 func startTUFRepoServer(baseDir string, relPath string) (net.Listener, error) {
 	serverDir := filepath.Join(baseDir, relPath)
@@ -517,9 +580,11 @@ func (s *ClientSuite) TestUpdateRoots(c *C) {
 		// Fails updating root from version 1 to version 3 when versions 1 and 3 are expired but version 2 is not expired.
 		{"testdata/Published3Times_keyrotated_latestrootexpired", ErrDecodeFailed{File: "root.json", Err: verify.ErrExpired{}}, map[string]int64{"root": 2, "timestamp": 1, "snapshot": 1, "targets": 1}},
 		// Fails updating root from version 1 to version 2 when old root 1 did not sign off on it (nth root didn't sign off n+1).
-		{"testdata/Published2Times_keyrotated_invalidOldRootSignature", errors.New("tuf: signature verification failed"), map[string]int64{}},
+		// TODO(asraa): This testcase should have revoked the old key!
+		// https://github.com/theupdateframework/go-tuf/issues/417
+		{"testdata/Published2Times_keyrotated_invalidOldRootSignature", nil, map[string]int64{}},
 		// Fails updating root from version 1 to version 2 when the new root 2 did not sign itself (n+1th root didn't sign off n+1)
-		{"testdata/Published2Times_keyrotated_invalidNewRootSignature", errors.New("tuf: signature verification failed"), map[string]int64{}},
+		{"testdata/Published2Times_keyrotated_invalidNewRootSignature", verify.ErrRoleThreshold{Expected: 1, Actual: 0}, map[string]int64{}},
 		// Fails updating root to 2.root.json when the value of the version field inside it is 1 (rollback attack prevention).
 		{"testdata/Published1Time_backwardRootVersion", verify.ErrWrongVersion(verify.ErrWrongVersion{Given: 1, Expected: 2}), map[string]int64{}},
 		// Fails updating root to 2.root.json when the value of the version field inside it is 3 (rollforward attack prevention).

diff --git a/client/python_interop/python_interop_test.go b/client/python_interop/python_interop_test.go
@@ -43,7 +43,7 @@ func (InteropSuite) TestGoClientPythonGenerated(c *C) {
 	// start file server
 	cwd, err := os.Getwd()
 	c.Assert(err, IsNil)
-	testDataDir := filepath.Join(cwd, "testdata", "python-tuf-v1.0.0")
+	testDataDir := filepath.Join(cwd, "testdata", "python-tuf-v2.0.0")
 	addr, cleanup := startFileServer(c, testDataDir)
 	defer cleanup()
 
@@ -145,7 +145,7 @@ func (InteropSuite) TestPythonClientGoGenerated(c *C) {
 		c.Assert(os.WriteFile(filepath.Join(currDir, "root.json"), rootJSON, 0644), IsNil)
 
 		args := []string{
-			filepath.Join(cwd, "testdata", "python-tuf-v1.0.0", "client.py"),
+			filepath.Join(cwd, "testdata", "python-tuf-v2.0.0", "client.py"),
 			"--repo=http://" + addr + "/" + name,
 		}
 		for path := range files {
@@ -204,7 +204,7 @@ func (InteropSuite) TestPythonClientGoGeneratedNullDelegations(c *C) {
 		c.Assert(os.WriteFile(filepath.Join(currDir, "root.json"), rootJSON, 0644), IsNil)
 
 		args := []string{
-			filepath.Join(cwd, "testdata", "python-tuf-v1.0.0", "client.py"),
+			filepath.Join(cwd, "testdata", "python-tuf-v2.0.0", "client.py"),
 			"--repo=http://" + addr + "/" + name,
 		}
 		for path := range files {

diff --git a/client/python_interop/testdata/Makefile b/client/python_interop/testdata/Makefile
@@ -1,4 +1,4 @@
-PYTHON_TUF=python-tuf-v1.0.0
+PYTHON_TUF=python-tuf-v2.0.0
 
 all:
 	docker build -t tuf-gen ./$(PYTHON_TUF)

diff --git a/...terop/testdata/python-tuf-v1.0.0/with-consistent-snapshot/repository/metadata/1.root.json b/...terop/testdata/python-tuf-v1.0.0/with-consistent-snapshot/repository/metadata/1.root.json
diff --git a/...p/testdata/python-tuf-v1.0.0/with-consistent-snapshot/repository/metadata/1.snapshot.json b/...p/testdata/python-tuf-v1.0.0/with-consistent-snapshot/repository/metadata/1.snapshot.json
diff --git a/...op/testdata/python-tuf-v1.0.0/with-consistent-snapshot/repository/metadata/timestamp.json b/...op/testdata/python-tuf-v1.0.0/with-consistent-snapshot/repository/metadata/timestamp.json
diff --git a/...op/testdata/python-tuf-v1.0.0/without-consistent-snapshot/repository/metadata/1.root.json b/...op/testdata/python-tuf-v1.0.0/without-consistent-snapshot/repository/metadata/1.root.json