From 27fce0804a60c291e7f5706c9388c37af1f69ec8 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Fri, 1 Nov 2024 10:29:29 -0400 Subject: [PATCH 1/4] assert tamper in output --- xtest/test_tdfs.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xtest/test_tdfs.py b/xtest/test_tdfs.py index 33f3420e..f67cc3ef 100644 --- a/xtest/test_tdfs.py +++ b/xtest/test_tdfs.py @@ -122,6 +122,7 @@ def test_tdf_with_unbound_policy(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): assert False, "decrypt succeeded unexpectedly" except subprocess.CalledProcessError as exc: assert b"wrap" in exc.output + # assert b"tamper" in exc.output def test_tdf_with_altered_root_sig(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): @@ -135,6 +136,7 @@ def test_tdf_with_altered_root_sig(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): assert False, "decrypt succeeded unexpectedly" except subprocess.CalledProcessError as exc: assert b"root" in exc.output + assert (b"tamper" in exc.output or b"IntegrityError" in exc.output) def test_tdf_with_altered_seg_sig(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): @@ -148,6 +150,7 @@ def test_tdf_with_altered_seg_sig(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): assert False, "decrypt succeeded unexpectedly" except subprocess.CalledProcessError as exc: assert b"signature" in exc.output + assert (b"tamper" in exc.output or b"IntegrityError" in exc.output) def test_tdf_assertions(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): From 1036728d182df4c5ca2a6f5be5052d2ae06735c9 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Fri, 1 Nov 2024 10:31:31 -0400 Subject: [PATCH 2/4] check for rewrap --- xtest/test_tdfs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xtest/test_tdfs.py b/xtest/test_tdfs.py index f67cc3ef..791e76a7 100644 --- a/xtest/test_tdfs.py +++ b/xtest/test_tdfs.py @@ -122,7 +122,7 @@ def test_tdf_with_unbound_policy(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): assert False, "decrypt succeeded unexpectedly" except subprocess.CalledProcessError as exc: assert b"wrap" in exc.output - # assert b"tamper" in exc.output + assert (b"tamper" in exc.output or b"InvalidFileError" in exc.output) def test_tdf_with_altered_root_sig(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): From 5b749e8eb62dc14d5c7b4bcd01cd7a9b47d64b6d Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Fri, 1 Nov 2024 16:25:40 -0400 Subject: [PATCH 3/4] check with fix branches --- .github/workflows/xtest.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 8024f6cd..9a816f36 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -29,8 +29,8 @@ jobs: contents: read packages: read env: - PLATFORM_REF: "${{ inputs.platform-ref || 'main' }}" - JS_REF: "${{ inputs.js-ref || 'main' }}" + PLATFORM_REF: "${{ inputs.platform-ref || 'fix-kas-rewrap-error-handling' }}" + JS_REF: "${{ inputs.js-ref || 'fix-rewrap-response-typo' }}" OTDFCTL_REF: "${{ inputs.otdfctl-ref || 'main' }}" JAVA_REF: "${{ inputs.java-ref || 'main' }}" steps: From fb16af700ea541b127ae0522a5f178f398a87a17 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 4 Nov 2024 16:47:51 -0500 Subject: [PATCH 4/4] use main, black formatting --- .github/workflows/xtest.yml | 4 ++-- xtest/test_tdfs.py | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 9a816f36..8024f6cd 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -29,8 +29,8 @@ jobs: contents: read packages: read env: - PLATFORM_REF: "${{ inputs.platform-ref || 'fix-kas-rewrap-error-handling' }}" - JS_REF: "${{ inputs.js-ref || 'fix-rewrap-response-typo' }}" + PLATFORM_REF: "${{ inputs.platform-ref || 'main' }}" + JS_REF: "${{ inputs.js-ref || 'main' }}" OTDFCTL_REF: "${{ inputs.otdfctl-ref || 'main' }}" JAVA_REF: "${{ inputs.java-ref || 'main' }}" steps: diff --git a/xtest/test_tdfs.py b/xtest/test_tdfs.py index 791e76a7..d1ae1ae9 100644 --- a/xtest/test_tdfs.py +++ b/xtest/test_tdfs.py @@ -122,7 +122,7 @@ def test_tdf_with_unbound_policy(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): assert False, "decrypt succeeded unexpectedly" except subprocess.CalledProcessError as exc: assert b"wrap" in exc.output - assert (b"tamper" in exc.output or b"InvalidFileError" in exc.output) + assert b"tamper" in exc.output or b"InvalidFileError" in exc.output def test_tdf_with_altered_root_sig(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): @@ -136,7 +136,7 @@ def test_tdf_with_altered_root_sig(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): assert False, "decrypt succeeded unexpectedly" except subprocess.CalledProcessError as exc: assert b"root" in exc.output - assert (b"tamper" in exc.output or b"IntegrityError" in exc.output) + assert b"tamper" in exc.output or b"IntegrityError" in exc.output def test_tdf_with_altered_seg_sig(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): @@ -150,7 +150,7 @@ def test_tdf_with_altered_seg_sig(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir): assert False, "decrypt succeeded unexpectedly" except subprocess.CalledProcessError as exc: assert b"signature" in exc.output - assert (b"tamper" in exc.output or b"IntegrityError" in exc.output) + assert b"tamper" in exc.output or b"IntegrityError" in exc.output def test_tdf_assertions(encrypt_sdk, decrypt_sdk, pt_file, tmp_dir):