diff --git a/tough/tests/data/tuf-sha512/metadata/1.root.json b/tough/tests/data/tuf-sha512/metadata/1.root.json new file mode 100644 index 00000000..a83f91f6 --- /dev/null +++ b/tough/tests/data/tuf-sha512/metadata/1.root.json @@ -0,0 +1,50 @@ +{ + "signed": { + "_type": "root", + "spec_version": "1.0.0", + "consistent_snapshot": true, + "version": 1, + "expires": "2024-11-11T15:14:16Z", + "keys": { + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459": { + "keytype": "rsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpBrEkaxNQpCgo9of79S\n10doLLE30pjGd9fdthiA/dJBba1F8FfjfYRph3duysmy6oyv+A+hTLuSP1ody5Ny\nMP/ZBdRezHHJNaWNFS4Bpt4SiqdQRquOnUvDqb7AEZxMj4bcIKlDbJ71jZXzw2uv\nVbyxWjAII9qzLt7RMHFMoanTQPYcb4mysdfgDY6gOohoJDgA0qFgEoLfnAWQk4XA\naVcSCtVV+WE7nDNhLwGy57tVdwfizdOjcMRJMsXtfYQrmG5uHfvTbaGiqeSVdAjP\nkri/wWPSnOYIEjsf31UffO5mDeLZ6EBgQgmCu04omtfznSFSOL4WfeXX1EkNIn1K\n5QIDAQAB\n-----END PUBLIC KEY-----" + }, + "scheme": "rsassa-pss-sha256" + } + }, + "roles": { + "root": { + "keyids": [ + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459" + ], + "threshold": 1 + } + } + }, + "signatures": [ + { + "keyid": "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459", + "sig": "020a0ee00433e601ed81206d791c7bbfb06ebeaf26e251759d351561a4d04adb6bba528dd5e3b421fb87d0f1c3acdaddfbc7a3699007c82ece89edf8ae888a708552327578bffdc3ff2fc864d7b9cf7679510eab6869803f5c4804c76c24108ca3f8584397c58b65e54e1e7926cc43419d9aca6c51a2677e7c6d48129f3a128153a561ff065c3a4f104e80fd607a6b45ee159f776d1fb67ebb8b9066a64cc19b16fc539143d3121085e518e64ab70784e41a6553dd76103cfcb106f812edfcd2aa207141bb9a79cb5f61f97d4e6ef2785af2306e62f577f2558bd75051dbd3b329cb7b6f6dd4dda00fd87b3ac9ca26d1081c8ac5bb603d47afde7a9621ba6484" + } + ] +} diff --git a/tough/tests/data/tuf-sha512/metadata/1.snapshot.json b/tough/tests/data/tuf-sha512/metadata/1.snapshot.json new file mode 100644 index 00000000..97a14b79 --- /dev/null +++ b/tough/tests/data/tuf-sha512/metadata/1.snapshot.json @@ -0,0 +1,23 @@ +{ + "signed": { + "_type": "snapshot", + "spec_version": "1.0.0", + "version": 1, + "expires": "2024-10-21T15:14:25.953538655Z", + "meta": { + "targets.json": { + "length": 1102, + "hashes": { + "sha512": "20fb1acad69496189d065dbdd10a78f4c71c7e3898c94959ba494173340cfe08be47f6713ed67d158ea6bacf817abfb3b6a3bf293218ff93a96b0218f0c69492" + }, + "version": 1 + } + } + }, + "signatures": [ + { + "keyid": "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459", + "sig": "30fb3f6a961361c0c6103ef7eb51daa29edbf88e35a406ba6e8aa512d20fc1fc467d55ec03f692f677f1a215df982c82bf1f2efe030eb83a1c25fa26b3fa024d3a5aebc8f010c3b50433303f55afd945f5e6d366f4535fabf42156f3f9d3b492ad3b4a95e25b59fb641e742fa1cdbecdc06c5c8ec90d16d80679cc3ff19ca4c9b4efe895076743f6ea3c1cc08015939a48e821999b39de8e504297dede111c03d95be70615759156439d8762eed32a7fd19762f4897ddba194bee972a9458bec88df4c0eb18d42846c5ec0fbb9e585de507bc8c67ea697afc6d0d59fe2e36c7f189eebfe4cb9e9d23ac7652d48236ac40f62e617d8b476590ce8733f220fe391" + } + ] +} diff --git a/tough/tests/data/tuf-sha512/metadata/1.targets.json b/tough/tests/data/tuf-sha512/metadata/1.targets.json new file mode 100644 index 00000000..535aacd3 --- /dev/null +++ b/tough/tests/data/tuf-sha512/metadata/1.targets.json @@ -0,0 +1,26 @@ +{ + "signed": { + "_type": "targets", + "spec_version": "1.0.0", + "version": 1, + "expires": "2024-10-21T15:14:25.953463186Z", + "targets": { + "1.txt": { + "length": 2, + "hashes": { + "sha512": "3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686" + } + } + }, + "delegations": { + "keys": {}, + "roles": [] + } + }, + "signatures": [ + { + "keyid": "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459", + "sig": "a5b7573af2082dd144cebf4bde60ea5b8335ce1b7d50f86a5e1fdf5e4399216835bcbeef2ff785cb27a979a32a0b23919ed0a27fb107af206b2c102866e4ca33916f1cf10460dae76c7b5f9874bf10caed66969d37f13b69860d0e60dfa39d87a07759d541028e8e828b18ae34a0de457e246dc98ab023783c433a9fa8fa149f3d7a1751217b3b73c372373b45215ee873edbfd08337d6e3d11618afe977b782cfb636f10d1b83dc6f6e0e5aaa79dce900705255d345602134fc894bd7ac685345890020f7e74af3c9200363c0de01cc3f4df5b8dae7d4dac59c3fce03895b86bbc39b8b84eff92d1a49f30d09ff4cbfcf88cd6d8b366aef6e644b1e6730866f" + } + ] +} diff --git a/tough/tests/data/tuf-sha512/metadata/root.json b/tough/tests/data/tuf-sha512/metadata/root.json new file mode 100644 index 00000000..a83f91f6 --- /dev/null +++ b/tough/tests/data/tuf-sha512/metadata/root.json @@ -0,0 +1,50 @@ +{ + "signed": { + "_type": "root", + "spec_version": "1.0.0", + "consistent_snapshot": true, + "version": 1, + "expires": "2024-11-11T15:14:16Z", + "keys": { + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459": { + "keytype": "rsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpBrEkaxNQpCgo9of79S\n10doLLE30pjGd9fdthiA/dJBba1F8FfjfYRph3duysmy6oyv+A+hTLuSP1ody5Ny\nMP/ZBdRezHHJNaWNFS4Bpt4SiqdQRquOnUvDqb7AEZxMj4bcIKlDbJ71jZXzw2uv\nVbyxWjAII9qzLt7RMHFMoanTQPYcb4mysdfgDY6gOohoJDgA0qFgEoLfnAWQk4XA\naVcSCtVV+WE7nDNhLwGy57tVdwfizdOjcMRJMsXtfYQrmG5uHfvTbaGiqeSVdAjP\nkri/wWPSnOYIEjsf31UffO5mDeLZ6EBgQgmCu04omtfznSFSOL4WfeXX1EkNIn1K\n5QIDAQAB\n-----END PUBLIC KEY-----" + }, + "scheme": "rsassa-pss-sha256" + } + }, + "roles": { + "root": { + "keyids": [ + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459" + ], + "threshold": 1 + } + } + }, + "signatures": [ + { + "keyid": "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459", + "sig": "020a0ee00433e601ed81206d791c7bbfb06ebeaf26e251759d351561a4d04adb6bba528dd5e3b421fb87d0f1c3acdaddfbc7a3699007c82ece89edf8ae888a708552327578bffdc3ff2fc864d7b9cf7679510eab6869803f5c4804c76c24108ca3f8584397c58b65e54e1e7926cc43419d9aca6c51a2677e7c6d48129f3a128153a561ff065c3a4f104e80fd607a6b45ee159f776d1fb67ebb8b9066a64cc19b16fc539143d3121085e518e64ab70784e41a6553dd76103cfcb106f812edfcd2aa207141bb9a79cb5f61f97d4e6ef2785af2306e62f577f2558bd75051dbd3b329cb7b6f6dd4dda00fd87b3ac9ca26d1081c8ac5bb603d47afde7a9621ba6484" + } + ] +} diff --git a/tough/tests/data/tuf-sha512/metadata/timestamp.json b/tough/tests/data/tuf-sha512/metadata/timestamp.json new file mode 100644 index 00000000..e134751c --- /dev/null +++ b/tough/tests/data/tuf-sha512/metadata/timestamp.json @@ -0,0 +1,23 @@ +{ + "signed": { + "_type": "timestamp", + "spec_version": "1.0.0", + "version": 1, + "expires": "2024-10-07T15:14:25.953595765Z", + "meta": { + "snapshot.json": { + "length": 1068, + "hashes": { + "sha512": "727d30a42ef344f57acae3713c5bbc17167c7b1e41bfc2fc9249f1136104d60ac287aa0a2ebcd2c23a240bc0761da85e72f9c7e00c61a480858392dbaa1f7061" + }, + "version": 1 + } + } + }, + "signatures": [ + { + "keyid": "c3682160d162fe32e66d4b60ce3689499ec440d6296dda935ddbe147be7a9459", + "sig": "84dccabb684785d73d33ca19b0fb57c8eb71cdb0db8041b4acdfa6aca572ddb2258ee0ee1e5ff940a6f99584038d8523c5a3ce5f8a4bb87dc40626b25c881ef8d94b1001112fd79f2a1ffaa723f9536a29cfff70d08954e903ab92755961cadf114a81f1aa64fb230a379649e629a159e43c103d88b9be2da223067b7b9594a531c989db8476b929fb16aa600446239303147650bc1cfb958f65d606de830ac15e05404a8b0e5653cd507a7b89b6c6a9b0c335f4d29956a758fa6de937ebfc0cc0cd3921bd6f9b092768d73746a8385fcee97023296ad3496bbc30ce4f4e3ee0535808f5c2e92b31e98960b35e05b13f49595f6eba17275927aa09bfda3a0e58" + } + ] +} diff --git a/tough/tests/data/tuf-sha512/targets/3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686.1.txt b/tough/tests/data/tuf-sha512/targets/3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686.1.txt new file mode 120000 index 00000000..ab868caa --- /dev/null +++ b/tough/tests/data/tuf-sha512/targets/3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686.1.txt @@ -0,0 +1 @@ +/home/fghanmi/git-clones/tough/target/tuftool-hash/input/1.txt \ No newline at end of file diff --git a/tuftool/tests/create_command.rs b/tuftool/tests/create_command.rs index 153b74b9..ac24ca03 100644 --- a/tuftool/tests/create_command.rs +++ b/tuftool/tests/create_command.rs @@ -67,10 +67,29 @@ async fn create_command() { // Ensure we can read the targets let file1 = TargetName::new("file1.txt").unwrap(); + let file1_target_metadata = &repo.targets().signed.targets[&file1]; assert_eq!( test_utils::read_to_end(repo.read_target(&file1).await.unwrap().unwrap()).await, &b"This is an example target file."[..] ); + + // Check the sha256 and sha512 hashes for file1 from target.json + assert_eq!( + hex::encode( + file1_target_metadata + .hashes + .sha256 + .as_ref() + .unwrap() + .as_ref() + ), + "65b8c67f51c993d898250f40aa57a317d854900b3a04895464313e48785440da" + ); + assert_eq!( + hex::encode(file1_target_metadata.hashes.sha512.as_ref().unwrap().as_ref()), + "467430a68afae8e9f9c0771ea5d78bf0b3a0d79a2d3d3b40c69fde4dd42c461448aef76fcef4f5284931a1ffd0ac096d138ba3a0d6ca83fa8d7285a47a296f77" + ); + let file2 = TargetName::new("file2.txt").unwrap(); assert_eq!( test_utils::read_to_end(repo.read_target(&file2).await.unwrap().unwrap()).await, diff --git a/tuftool/tests/download_command.rs b/tuftool/tests/download_command.rs index 0ffdfcd4..66fa167f 100644 --- a/tuftool/tests/download_command.rs +++ b/tuftool/tests/download_command.rs @@ -190,3 +190,46 @@ fn download_safe_target_paths() { assert!(outdir.join("data1.txt").is_file()); assert!(outdir.join("foo/bar/data2.txt").is_file()) } + +#[test] +// Ensure that the download command works with a repo that only uses sha512. +fn download_file_transport_sha512() { + let repo_dir = test_utils::test_data().join("tuf-sha512"); + let metadata_base_url = test_utils::dir_url(repo_dir.join("metadata").to_str().unwrap()); + let targets_base_url = test_utils::dir_url(repo_dir.join("targets").to_str().unwrap()); + + let tempdir = TempDir::new().unwrap(); + let outdir = tempdir.path().join("outdir"); + let root_json = test_utils::test_data() + .join("tuf-sha512") + .join("metadata") + .join("root.json"); + + // Download a test repo. + Command::cargo_bin("tuftool") + .unwrap() + .args([ + "download", + "-r", + root_json.to_str().unwrap(), + "--metadata-url", + metadata_base_url.as_str(), + "--targets-url", + targets_base_url.as_str(), + outdir.to_str().unwrap(), + ]) + .assert() + .success(); + + // Assert the files are exactly correct + let filename = "1.txt"; + let got = read_to_string(outdir.join(filename)).unwrap(); + let want = read_to_string( + test_utils::test_data() + .join("tuf-sha512") + .join("targets") + .join(format!("3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686.{}", filename)), + ) + .unwrap(); + assert_eq!(got, want, "{} contents do not match.", filename); +}