tough: detect rollback in snapshot metadata

For each role in a previous snapshot, the role must be present in the
new snapshot and must have a version greater than or equal to the
version in the previous snapshot. TUF specification v1.0.33 section
5.5.5.

Author: larvacea

tough/src/error.rs

@@ -284,6 +284,40 @@ pub enum Error {
         timestamp_old: u64,
     },
 
+    /// The snapshot meta must contain targets.json
+    #[snafu(display("Snapshot version {} does not contain targets.json", version))]
+    SnapshotTargetsMetaMissing { version: u64 },
+
+    /// Any role in the trusted snapshot meta must also appear in the new snapshot meta
+    #[snafu(display(
+        "Role {} appears in snapshot version {} but not version {}",
+        role,
+        old_version,
+        new_version
+    ))]
+    SnapshotRoleMissing {
+        role: String,
+        old_version: u64,
+        new_version: u64,
+    },
+
+    /// Role version in trusted snapshot must be less than or equal to version in new snapshot
+    #[snafu(display(
+        "Role {} version {} in snapshot {} is greater than version {} in snapshot {}",
+        role,
+        old_role_version,
+        old_snapshot_version,
+        new_role_version,
+        new_snapshot_version
+    ))]
+    SnapshotRoleRollback {
+        role: String,
+        old_role_version: u64,
+        old_snapshot_version: u64,
+        new_role_version: u64,
+        new_snapshot_version: u64,
+    },
+
     /// The library failed to parse a metadata file, either because it was not valid JSON or it did
     /// not conform to the expected schema.
     ///

tough/src/lib.rs

@@ -65,6 +65,7 @@ use async_recursion::async_recursion;
 pub use async_trait::async_trait;
 pub use bytes::Bytes;
 use chrono::{DateTime, Utc};
+use error::SnapshotTargetsMetaMissingSnafu;
 use futures::StreamExt;
 use futures_core::Stream;
 use log::warn;
@@ -1060,6 +1061,13 @@ async fn load_snapshot(
             role: RoleType::Snapshot,
         })?;
 
+    // 4.4 Check that snapshot.meta contains at least targets.json
+    ensure!(
+        snapshot.signed.meta.contains_key("targets.json"),
+        SnapshotTargetsMetaMissingSnafu {
+            version: snapshot.signed.version,
+        }
+    );
     // 3.3. Check for a rollback attack.
     //
     // 3.3.1. Note that the trusted snapshot metadata file may be checked for authenticity, but its
@@ -1090,6 +1098,35 @@ async fn load_snapshot(
             //   metadata file, if any, MUST continue to be listed in the new snapshot metadata
             //   file. If any of these conditions are not met, discard the new snapshot metadata
             //   file, abort the update cycle, and report the failure.
+
+            // Ensure that the trusted snapshot has at least targets.json
+            ensure!(
+                old_snapshot.signed.meta.contains_key("targets.json"),
+                error::SnapshotTargetsMetaMissingSnafu {
+                    version: old_snapshot.signed.version,
+                }
+            );
+            for (name, meta) in &old_snapshot.signed.meta {
+                ensure!(
+                    snapshot.signed.meta.contains_key(name),
+                    error::SnapshotRoleMissingSnafu {
+                        role: name,
+                        old_version: old_snapshot.signed.version,
+                        new_version: snapshot.signed.version,
+                    }
+                );
+                let new_meta = snapshot.signed.meta.get(name).unwrap();
+                ensure!(
+                    meta.version <= new_meta.version,
+                    error::SnapshotRoleRollbackSnafu {
+                        role: name,
+                        old_role_version: meta.version,
+                        old_snapshot_version: old_snapshot.signed.version,
+                        new_role_version: new_meta.version,
+                        new_snapshot_version: snapshot.signed.version,
+                    }
+                );
+            }
             if let Some(old_targets_meta) = old_snapshot.signed.meta.get("targets.json") {
                 let targets_meta =
                     snapshot