Trait Api

Source

pub trait Api: Client {
    // Required methods
    fn fetch_newsroom_keys(&self) -> SourceNewsroomKeyRequest;
    fn fetch_journalist_keys(&self) -> SourceJournalistKeyRequest;
    fn fetch_message_ids<R: RngCore + CryptoRng>(
        &self,
        _rng: &mut R,
    ) -> MessageChallengeFetchRequest;
    fn solve_fetch_challenges(
        &self,
        challenges: &[FetchResponse],
    ) -> Result<Vec<Uuid>, Error>
       where Self: Sized + UserSecret;
    fn fetch_message(&self, message_id: Uuid) -> Option<MessageFetchRequest>;
    fn submit_message<R, S, P>(
        &self,
        rng: &mut R,
        message: &[u8],
        sender: &S,
        recipient: &P,
    ) -> Result<Envelope, Error>
       where R: RngCore + CryptoRng,
             S: UserSecret,
             P: UserPublic;
    fn handle_newsroom_key_response(
        &mut self,
        response: &SourceNewsroomKeyResponse,
        fpf_verifying_key: &VerifyingKey,
    ) -> Result<(), Error>;
    fn handle_journalist_key_response(
        &self,
        response: &SourceJournalistKeyResponse,
        newsroom_verifying_key: &VerifyingKey,
    ) -> Result<(), Error>;
}

Expand description

Common API shared by sources and journalists. Api users must provide a Client implementation (local storage abstraction). All users use the same API, but hax does not support default trait implementations (cryspen/hax/issues/888) so the trait is defined separately.

Required Methods§

Source

fn fetch_newsroom_keys(&self) -> SourceNewsroomKeyRequest

Creates a request to fetch the newsroom’s public keys from the server.

This is the first part of step 5 in the protocol spec.

Source

fn fetch_journalist_keys(&self) -> SourceJournalistKeyRequest

Creates a request to fetch journalist public keys from the server.

This is the second part of step 5 in the protocol spec. The server responds with long-term keys and a one-time ephemeral key bundle for each available journalist.

Source

fn fetch_message_ids<R: RngCore + CryptoRng>( &self, _rng: &mut R, ) -> MessageChallengeFetchRequest

Creates a request to fetch encrypted message IDs from the server.

Corresponds to step 7 in the protocol spec. The server returns a fixed-size set of challenges (encrypted message IDs) that the client must solve using solve_fetch_challenges.

Source

fn solve_fetch_challenges( &self, challenges: &[FetchResponse], ) -> Result<Vec<Uuid>, Error>
where Self: Sized + UserSecret,

Solves the encrypted message-ID challenges returned by the server.

Each FetchResponse contains an encrypted message ID and a per-request DH share. The client uses its fetch keypair to recover message IDs that were addressed to it, discarding the rest.

Returns the set of Uuids for messages belonging to this client.

Source

fn fetch_message(&self, message_id: Uuid) -> Option<MessageFetchRequest>

Creates a request to fetch a specific message by its ID.

Corresponds to steps 8 and 10 in the protocol spec. Returns None if the request cannot be constructed (the default implementation always returns Some).

Source

fn submit_message<R, S, P>( &self, rng: &mut R, message: &[u8], sender: &S, recipient: &P, ) -> Result<Envelope, Error>
where R: RngCore + CryptoRng, S: UserSecret, P: UserPublic,

Encrypts and submits a message from sender to recipient.

Handles padding, plaintext construction (including sender reply keys), and hybrid encryption. This covers step 6 (source submissions) and step 9 (journalist replies) in the protocol spec.

§Errors

Returns an error if encryption fails.

Source

fn handle_newsroom_key_response( &mut self, response: &SourceNewsroomKeyResponse, fpf_verifying_key: &VerifyingKey, ) -> Result<(), Error>

Verifies and stores the newsroom’s verifying key from a server response.

Checks the FPF signature over the newsroom verifying key, and if valid, stores it for subsequent journalist key verification.

§Errors

Returns an error if the FPF signature is invalid.

Source

fn handle_journalist_key_response( &self, response: &SourceJournalistKeyResponse, newsroom_verifying_key: &VerifyingKey, ) -> Result<(), Error>

Verifies a journalist’s key response against the newsroom’s signature.

Performs three signature checks:

The newsroom’s signature over the journalist’s verifying key.
The journalist’s self-signature over their long-term key bundle.
The journalist’s self-signature over their one-time keys.

§Errors

Returns an error if any signature check fails.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§

Source §

Api

Trait Api Copy item path

Required Methods§

fn fetch_newsroom_keys(&self) -> SourceNewsroomKeyRequest

fn fetch_journalist_keys(&self) -> SourceJournalistKeyRequest

fn fetch_message_ids<R: RngCore + CryptoRng>( &self, _rng: &mut R, ) -> MessageChallengeFetchRequest

fn solve_fetch_challenges( &self, challenges: &[FetchResponse], ) -> Result<Vec<Uuid>, Error>where Self: Sized + UserSecret,

fn fetch_message(&self, message_id: Uuid) -> Option<MessageFetchRequest>

fn submit_message<R, S, P>( &self, rng: &mut R, message: &[u8], sender: &S, recipient: &P, ) -> Result<Envelope, Error>where R: RngCore + CryptoRng, S: UserSecret, P: UserPublic,

§Errors

fn handle_newsroom_key_response( &mut self, response: &SourceNewsroomKeyResponse, fpf_verifying_key: &VerifyingKey, ) -> Result<(), Error>

§Errors

fn handle_journalist_key_response( &self, response: &SourceJournalistKeyResponse, newsroom_verifying_key: &VerifyingKey, ) -> Result<(), Error>

§Errors

Dyn Compatibility§

Implementors§

impl<T> Api for Twhere T: Client,

Trait Api

fn solve_fetch_challenges( &self, challenges: &[FetchResponse], ) -> Result<Vec<Uuid>, Error>
where Self: Sized + UserSecret,

fn submit_message<R, S, P>( &self, rng: &mut R, message: &[u8], sender: &S, recipient: &P, ) -> Result<Envelope, Error>
where R: RngCore + CryptoRng, S: UserSecret, P: UserPublic,

impl<T> Api for T
where T: Client,