Add verify function for PRs, doesn't handle Lox proof verification

2024-02-20 17:12:34 -05:00 · 2024-02-20 17:12:34 -05:00 · d971e420a2
parent e4ee46866a
commit d971e420a2
2 changed files with 47 additions and 3 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -23,7 +23,7 @@ lox-library = { git = "https://gitlab.torproject.org/vecna/lox.git", version = "
 select = "0.6.0"
 serde = "1.0.195"
 serde_json = "1.0"
-serde_with = {version = "3.4.0", features = ["json"]}
+serde_with = {version = "3.5.0", features = ["json"]}
 sha1 = "0.10"
 sha3 = "0.10"
 sled = "0.34.7"
--- a/src/positive_report.rs
+++ b/src/positive_report.rs
@ -1,6 +1,13 @@
-use crate::{CONFIG, get_date, COUNTRY_CODES};
+// For Lox-related code where points are uppercase and scalars are lowercase
+#![allow(non_snake_case)]

-use ed25519_dalek::{Signature, Signer, SigningKey};
+// TODO: Make SerializableBridgeToken, check its fields while deserializing,
+// check that its fields match the report's fields while deserializing a report
+
+use crate::{get_date, CONFIG, COUNTRY_CODES};
+
+use curve25519_dalek::Scalar;
+use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
 use lox_library::{cred::Lox, proto::positive_report as lox_pr, IssuerPubKey};
 use serde::{Deserialize, Serialize};
 use sha1::{Digest, Sha1};
@ -86,6 +93,43 @@ impl PositiveReport {
            Err(_) => Err(PositiveReportError::FailedToDeserialize),
        }
    }
+
+    /// Verify everything except the Lox proof.
+    /// Parameters:
+    ///   - The bucket ID for the bucket containing this bridge
+    ///   - The bridge verifying key for this bridge
+    /// These parameters are assumed to be correct and are NOT checked against
+    /// the fingerprint listed in the report.
+    pub fn verify_excluding_lox_proof(
+        self,
+        bucket: Scalar,
+        bridge_key: Option<VerifyingKey>,
+    ) -> bool {
+        // Verify bridge token
+        if CONFIG.require_bridge_token {
+            let bridge_token = self.bridge_token.unwrap();
+            if bridge_key.is_none() {
+                return false;
+            }
+            if bridge_key
+                .unwrap()
+                .verify(
+                    &bincode::serialize(&bridge_token.unsigned_bridge_token).unwrap(),
+                    &bridge_token.sig,
+                )
+                .is_err()
+            {
+                return false;
+            }
+        }
+        // Verify knowledge of bucket ID
+        let H = self.lox_proof.H;
+        let BP = self.lox_proof.BP;
+        if bucket * H != BP {
+            return false;
+        }
+        true
+    }
 }

 /// (De)serializable positive report object which must be consumed by the