Add (failing) trust-promo tests

Cargo.lock

@@ -125,9 +125,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "cc"
-version = "1.2.29"
+version = "1.2.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c1599538de2394445747c8cf7935946e3cc27e9625f889d979bfb2aaf569362"
+checksum = "deec109607ca693028562ed836a5f1c4b8bd77755c4e132fc5ce11b0b6211ae7"
 dependencies = [
  "shlex",
 ]
@@ -226,9 +226,9 @@ dependencies = [
 
 [[package]]
 name = "curve25519-dalek"
-version = "4.2.0"
+version = "4.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "373b7c5dbd637569a2cca66e8d66b8c446a1e7bf064ea321d265d7b3dfe7c97e"
+checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
 dependencies = [
  "cfg-if",
  "cpufeatures",
@@ -310,9 +310,9 @@ dependencies = [
 
 [[package]]
 name = "dyn-clone"
-version = "1.0.19"
+version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c7a8fb8a9fbf66c1f703fe16184d10ca0ee9d23be5b4436400408ba54a95005"
+checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555"
 
 [[package]]
 name = "ed25519"
@@ -374,9 +374,9 @@ dependencies = [
 
 [[package]]
 name = "fiat-crypto"
-version = "0.3.0"
+version = "0.2.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64cd1e32ddd350061ae6edb1b082d7c54915b5c672c389143b9a63403a109f24"
+checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
 
 [[package]]
 name = "fnv"
@@ -837,9 +837,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.140"
+version = "1.0.141"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
+checksum = "30b9eff21ebe718216c6ec64e1d9ac57087aad11efc64e32002bce4a0d4c03d3"
 dependencies = [
  "itoa",
  "memchr",
@@ -928,6 +928,7 @@ dependencies = [
  "num-traits",
  "rand",
  "sha3",
+ "subtle",
  "thiserror 1.0.69",
  "zerocopy",
  "zeroize",

src/mock_auth.rs

@@ -47,9 +47,11 @@ impl TestHarness {
         Self { bdb, ba }
     }
 
-    // pub fn advance_days(&mut self, days: u16) {
-    //     self.ba.advance_days(days);
-    // }
+    pub fn advance_days(&mut self, days: u32) {
+        if days > 0 {
+            self.ba.time_offset += time::Duration::days(days.into());
+        }
+    }
 
     /// Verify the two MACs on a Lox credential
     pub fn verify_lox(&self, cred: &lox_creds::Lox) {

src/proto/trust_promotion.rs

@@ -67,7 +67,7 @@ muCMZProtocol! { trust_promotion<credential_expiry, eligibility_max_age>,
 pub fn request(
     rng: &mut (impl CryptoRng + RngCore),
     L: Lox,
-    mig_pubkeys: CMZPubkey<G>,
+    migkey_pubkeys: CMZPubkey<G>,
     today: u32,
 ) -> Result<(trust_promotion::Request, trust_promotion::ClientState), CredentialError> {
     cmz_group_init(G::hash_from_bytes::<Sha512>(b"CMZ Generator A"));
@@ -107,14 +107,10 @@ pub fn request(
         credential_expiry: (eligibility_max_age - 511).into(),
         eligibility_max_age: eligibility_max_age.into(),
     };
-
-    match trust_promotion::prepare(
-        rng,
-        SESSION_ID,
-        &L,
-        MigrationKey::using_pubkey(&mig_pubkeys),
-        &params,
-    ) {
+    let mut M = MigrationKey::using_pubkey(&migkey_pubkeys);
+    M.lox_id = L.id;
+    M.from_bucket = L.bucket;
+    match trust_promotion::prepare(rng, SESSION_ID, &L, M, &params) {
         Ok(req_state) => Ok(req_state),
         Err(e) => Err(CredentialError::CMZError(e)),
     }
@@ -196,3 +192,54 @@ pub fn handle_response(
         None => Err(CMZError::Unknown),
     }
 }
+
+#[cfg(all(test, feature = "bridgeauth"))]
+mod tests {
+    use super::*;
+    use crate::mock_auth::TestHarness;
+    use crate::proto::{open_invite, trust_promotion};
+
+    #[test]
+    fn test_trust_promotion() {
+        let mut th = TestHarness::new();
+        let rng = &mut rand::thread_rng();
+        let open_invitation_request = open_invite::request(rng, th.ba.lox_pub.clone());
+        assert!(
+            open_invitation_request.is_ok(),
+            "Open invitation request should succeed"
+        );
+        let (request, client_state) = open_invitation_request.unwrap();
+        let invite = th.bdb.invite();
+        let open_invitation_response = th.ba.open_invitation(request, &invite.unwrap());
+        assert!(
+            open_invitation_response.is_ok(),
+            "Open invitation response from server should succeed"
+        );
+        let (response, _) = open_invitation_response.unwrap();
+        let creds = open_invite::handle_response(client_state, response);
+        println!("{}", th.ba.today());
+        assert!(creds.is_ok(), "Handle response should succeed");
+        th.advance_days((UNTRUSTED_INTERVAL + 1).try_into().unwrap());
+        println!("{}", th.ba.today());
+        let trust_promo_request = trust_promotion::request(
+            rng,
+            creds.unwrap(),
+            th.ba.migrationkey_pub.clone(),
+            th.ba.today(),
+        );
+        assert!(
+            trust_promo_request.is_ok(),
+            "Trust Promotion request should succeed"
+        );
+        let (tp_request, tp_client_state) = trust_promo_request.unwrap();
+        let trust_promo_response = th.ba.handle_trust_promotion(tp_request);
+        assert!(
+            trust_promo_response.is_ok(),
+            "Trust promotion response from server should succeed"
+        );
+        let (response, enc) = trust_promo_response.unwrap();
+        let creds =
+            trust_promotion::handle_response(th.ba.migration_pub, tp_client_state, response, enc);
+        assert!(creds.is_ok(), "Handle response should succeed");
+    }
+}