def test_generate_initial(self):
trc, primary_ases, _ = self.gen_trc_v1()
# initial version, is signed by _all_ keys (as proof of possession)
votes = []
pops = [(as_id, usage, key) for as_id, keys in primary_ases.items()
for usage, key in keys._asdict().items()]
self.assertTrue(trcs.test_verify(trc, votes, pops))
# sanity check: if we mess with one of the signatures, it will not verify:
trc_bad = copy.deepcopy(trc)
trc_bad['signatures'][0]['signature'] = 'forged'
self.assertFalse(trcs.test_verify(trc_bad, votes, pops))
def test_remove_as(self):
trc_v1, primary_ases_v1, voting_offline_v1 = self.gen_trc_v1()
primary_ases_v2 = copy.deepcopy(primary_ases_v1)
del primary_ases_v2[_ASID_2]
trc_v2 = self.gen_trc_update(primary_ases_v2, trc_v1,
voting_offline_v1)
# Modifying the set of primary ASese is a sensitive update and must be signed with
# previous offline keys.
# Note: because we use quorum == len(ases), the removed AS must cast a vote.
votes = [(as_id, 'voting_offline', k.voting_offline)
for as_id, k in primary_ases_v1.items()]
pops = []
self.assertTrue(trcs.test_verify(trc_v2, votes, pops))
def test_update_issuing(self):
trc_v1, primary_ases_v1, voting_offline_v1 = self.gen_trc_v1()
primary_ases_v2 = copy.deepcopy(primary_ases_v1)
primary_ases_v2[_ASID_1] = primary_ases_v1[_ASID_1]._replace(
issuing_grant=_gen_key(2))
trc_v2 = self.gen_trc_update(primary_ases_v2, trc_v1,
voting_offline_v1)
# Updating issuing grant keys is a regular update and is signed with online keys and all
# updated keys (proof of possession).
k_asid1_v2 = primary_ases_v2[_ASID_1]
votes = [(as_id, 'voting_online', k.voting_online)
for as_id, k in primary_ases_v1.items()]
pops = [
(_ASID_1, 'issuing_grant', k_asid1_v2.issuing_grant),
]
self.assertTrue(trcs.test_verify(trc_v2, votes, pops))
def test_update_offline(self):
trc_v1, primary_ases_v1, voting_offline_v1 = self.gen_trc_v1()
primary_ases_v2 = copy.deepcopy(primary_ases_v1)
primary_ases_v2[_ASID_1] = primary_ases_v1[_ASID_1]._replace(
voting_offline=_gen_key(2))
trc_v2 = self.gen_trc_update(primary_ases_v2, trc_v1,
voting_offline_v1)
# Updating offline keys is a sensitive update and must be signed with previous offline keys
# and all updated keys (proof of possession).
k_asid1_v2 = primary_ases_v2[_ASID_1]
votes = [(as_id, 'voting_offline', k.voting_offline)
for as_id, k in primary_ases_v1.items()]
pops = [
(_ASID_1, 'voting_offline', k_asid1_v2.voting_offline),
]
self.assertTrue(trcs.test_verify(trc_v2, votes, pops))
def test_add_as(self):
trc_v1, primary_ases_v1, voting_offline_v1 = self.gen_trc_v1()
primary_ases_v2 = copy.deepcopy(primary_ases_v1)
primary_ases_v2[_ASID_3] = trcs.CoreKeys(
issuing_grant=_gen_key(1),
voting_online=_gen_key(1),
voting_offline=_gen_key(1),
)
trc_v2 = self.gen_trc_update(primary_ases_v2, trc_v1,
voting_offline_v1)
# Modifying the set of primary ASese is a sensitive update and must be signed with
# previous offline keys and all keys for the added AS (proof of possession).
votes = [(as_id, 'voting_offline', k.voting_offline)
for as_id, k in primary_ases_v1.items()]
pops = [(_ASID_3, usage, key)
for usage, key in primary_ases_v2[_ASID_3]._asdict().items()]
self.assertTrue(trcs.test_verify(trc_v2, votes, pops))
def test_update_online(self):
trc_v1, primary_ases_v1, voting_offline_v1 = self.gen_trc_v1()
primary_ases_v2 = copy.deepcopy(primary_ases_v1)
primary_ases_v2[_ASID_1] = primary_ases_v1[_ASID_1]._replace(
voting_online=_gen_key(2))
trc_v2 = self.gen_trc_update(primary_ases_v2, trc_v1,
voting_offline_v1)
# Updating online keys is a regular update
# Votes are cast with offline keys for ASes with changed online key, and online key for
# all others.
k_asid1_v2 = primary_ases_v2[_ASID_1]
k_asid2_v2 = primary_ases_v2[_ASID_2]
votes = [
(_ASID_1, 'voting_offline', k_asid1_v2.voting_offline),
(_ASID_2, 'voting_online', k_asid2_v2.voting_online),
]
pops = [
(_ASID_1, 'voting_online', k_asid1_v2.voting_online),
]
self.assertTrue(trcs.test_verify(trc_v2, votes, pops))