Add verify function for PRs, doesn't handle Lox proof verification
This commit is contained in:
parent
e4ee46866a
commit
d971e420a2
|
|
@ -23,7 +23,7 @@ lox-library = { git = "https://gitlab.torproject.org/vecna/lox.git", version = "
|
||||||
select = "0.6.0"
|
select = "0.6.0"
|
||||||
serde = "1.0.195"
|
serde = "1.0.195"
|
||||||
serde_json = "1.0"
|
serde_json = "1.0"
|
||||||
serde_with = {version = "3.4.0", features = ["json"]}
|
serde_with = {version = "3.5.0", features = ["json"]}
|
||||||
sha1 = "0.10"
|
sha1 = "0.10"
|
||||||
sha3 = "0.10"
|
sha3 = "0.10"
|
||||||
sled = "0.34.7"
|
sled = "0.34.7"
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,13 @@
|
||||||
use crate::{CONFIG, get_date, COUNTRY_CODES};
|
// For Lox-related code where points are uppercase and scalars are lowercase
|
||||||
|
#![allow(non_snake_case)]
|
||||||
|
|
||||||
use ed25519_dalek::{Signature, Signer, SigningKey};
|
// TODO: Make SerializableBridgeToken, check its fields while deserializing,
|
||||||
|
// check that its fields match the report's fields while deserializing a report
|
||||||
|
|
||||||
|
use crate::{get_date, CONFIG, COUNTRY_CODES};
|
||||||
|
|
||||||
|
use curve25519_dalek::Scalar;
|
||||||
|
use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
|
||||||
use lox_library::{cred::Lox, proto::positive_report as lox_pr, IssuerPubKey};
|
use lox_library::{cred::Lox, proto::positive_report as lox_pr, IssuerPubKey};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use sha1::{Digest, Sha1};
|
use sha1::{Digest, Sha1};
|
||||||
|
|
@ -86,6 +93,43 @@ impl PositiveReport {
|
||||||
Err(_) => Err(PositiveReportError::FailedToDeserialize),
|
Err(_) => Err(PositiveReportError::FailedToDeserialize),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Verify everything except the Lox proof.
|
||||||
|
/// Parameters:
|
||||||
|
/// - The bucket ID for the bucket containing this bridge
|
||||||
|
/// - The bridge verifying key for this bridge
|
||||||
|
/// These parameters are assumed to be correct and are NOT checked against
|
||||||
|
/// the fingerprint listed in the report.
|
||||||
|
pub fn verify_excluding_lox_proof(
|
||||||
|
self,
|
||||||
|
bucket: Scalar,
|
||||||
|
bridge_key: Option<VerifyingKey>,
|
||||||
|
) -> bool {
|
||||||
|
// Verify bridge token
|
||||||
|
if CONFIG.require_bridge_token {
|
||||||
|
let bridge_token = self.bridge_token.unwrap();
|
||||||
|
if bridge_key.is_none() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if bridge_key
|
||||||
|
.unwrap()
|
||||||
|
.verify(
|
||||||
|
&bincode::serialize(&bridge_token.unsigned_bridge_token).unwrap(),
|
||||||
|
&bridge_token.sig,
|
||||||
|
)
|
||||||
|
.is_err()
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Verify knowledge of bucket ID
|
||||||
|
let H = self.lox_proof.H;
|
||||||
|
let BP = self.lox_proof.BP;
|
||||||
|
if bucket * H != BP {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
true
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// (De)serializable positive report object which must be consumed by the
|
/// (De)serializable positive report object which must be consumed by the
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue