From d971e420a2f5c495158520af1d68488910162b68 Mon Sep 17 00:00:00 2001
From: Vecna <vvecna@uwaterloo.ca>
Date: Tue, 20 Feb 2024 17:12:34 -0500
Subject: [PATCH] Add verify function for PRs, doesn't handle Lox proof
 verification

---
 Cargo.toml             |  2 +-
 src/positive_report.rs | 48 ++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index fa24354..f5f32e3 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,7 +23,7 @@ lox-library = { git = "https://gitlab.torproject.org/vecna/lox.git", version = "
 select = "0.6.0"
 serde = "1.0.195"
 serde_json = "1.0"
-serde_with = {version = "3.4.0", features = ["json"]}
+serde_with = {version = "3.5.0", features = ["json"]}
 sha1 = "0.10"
 sha3 = "0.10"
 sled = "0.34.7"
diff --git a/src/positive_report.rs b/src/positive_report.rs
index b9244ce..6134036 100644
--- a/src/positive_report.rs
+++ b/src/positive_report.rs
@@ -1,6 +1,13 @@
-use crate::{CONFIG, get_date, COUNTRY_CODES};
+// For Lox-related code where points are uppercase and scalars are lowercase
+#![allow(non_snake_case)]
 
-use ed25519_dalek::{Signature, Signer, SigningKey};
+// TODO: Make SerializableBridgeToken, check its fields while deserializing,
+// check that its fields match the report's fields while deserializing a report
+
+use crate::{get_date, CONFIG, COUNTRY_CODES};
+
+use curve25519_dalek::Scalar;
+use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
 use lox_library::{cred::Lox, proto::positive_report as lox_pr, IssuerPubKey};
 use serde::{Deserialize, Serialize};
 use sha1::{Digest, Sha1};
@@ -86,6 +93,43 @@ impl PositiveReport {
             Err(_) => Err(PositiveReportError::FailedToDeserialize),
         }
     }
+
+    /// Verify everything except the Lox proof.
+    /// Parameters:
+    ///   - The bucket ID for the bucket containing this bridge
+    ///   - The bridge verifying key for this bridge
+    /// These parameters are assumed to be correct and are NOT checked against
+    /// the fingerprint listed in the report.
+    pub fn verify_excluding_lox_proof(
+        self,
+        bucket: Scalar,
+        bridge_key: Option<VerifyingKey>,
+    ) -> bool {
+        // Verify bridge token
+        if CONFIG.require_bridge_token {
+            let bridge_token = self.bridge_token.unwrap();
+            if bridge_key.is_none() {
+                return false;
+            }
+            if bridge_key
+                .unwrap()
+                .verify(
+                    &bincode::serialize(&bridge_token.unsigned_bridge_token).unwrap(),
+                    &bridge_token.sig,
+                )
+                .is_err()
+            {
+                return false;
+            }
+        }
+        // Verify knowledge of bucket ID
+        let H = self.lox_proof.H;
+        let BP = self.lox_proof.BP;
+        if bucket * H != BP {
+            return false;
+        }
+        true
+    }
 }
 
 /// (De)serializable positive report object which must be consumed by the