pub trait Api: Client {
// Required methods
fn fetch_message_ids<R: RngCore + CryptoRng>(
&self,
_rng: &mut R,
) -> MessageChallengeFetchRequest;
fn solve_fetch_challenges(
&self,
challenges: &[FetchResponse],
) -> Result<Vec<Uuid>, Error>
where Self: Sized + UserSecret;
fn fetch_message(&self, message_id: Uuid) -> Option<MessageFetchRequest>;
fn submit_message<R, S, P>(
&self,
rng: &mut R,
message: &[u8],
sender: &S,
recipient: &P,
) -> Result<Envelope, Error>
where R: RngCore + CryptoRng,
S: UserSecret,
P: UserPublic;
fn handle_welcome(
&mut self,
welcome: &WelcomeBundle,
fpf_verifying_key: &VerifyingKey,
) -> Result<(), Error>;
fn verify_long_term(
&self,
journalist: &JournalistLongTermView,
newsroom_verifying_key: &VerifyingKey,
) -> Result<(), Error>;
fn verify_ephemeral(
&self,
long_term: &JournalistLongTermView,
ephemeral: &SignedKeyBundlePublic,
) -> Result<JournalistPublicView, Error>;
}Expand description
Common API shared by sources and journalists. Api users must provide
a Client implementation (local storage abstraction).
All users use the same API, but hax does not support default trait implementations
(cryspen/hax/issues/888) so the trait is defined separately.
Required Methods§
Sourcefn fetch_message_ids<R: RngCore + CryptoRng>(
&self,
_rng: &mut R,
) -> MessageChallengeFetchRequest
fn fetch_message_ids<R: RngCore + CryptoRng>( &self, _rng: &mut R, ) -> MessageChallengeFetchRequest
Creates a request to fetch encrypted message IDs from the server.
Corresponds to step 7 in the protocol spec. The server returns a
fixed-size set of challenges (encrypted message IDs) that the client
must solve using solve_fetch_challenges.
Sourcefn solve_fetch_challenges(
&self,
challenges: &[FetchResponse],
) -> Result<Vec<Uuid>, Error>where
Self: Sized + UserSecret,
fn solve_fetch_challenges(
&self,
challenges: &[FetchResponse],
) -> Result<Vec<Uuid>, Error>where
Self: Sized + UserSecret,
Solves the encrypted message-ID challenges returned by the server.
Each FetchResponse contains an encrypted message ID and a
per-request DH share. The client uses its fetch keypair to recover
message IDs that were addressed to it, discarding the rest.
Returns the set of Uuids for messages belonging to this client.
Sourcefn fetch_message(&self, message_id: Uuid) -> Option<MessageFetchRequest>
fn fetch_message(&self, message_id: Uuid) -> Option<MessageFetchRequest>
Creates a request to fetch a specific message by its ID.
Corresponds to steps 8 and 10 in the protocol spec. Returns None
if the request cannot be constructed (the default implementation
always returns Some).
Sourcefn submit_message<R, S, P>(
&self,
rng: &mut R,
message: &[u8],
sender: &S,
recipient: &P,
) -> Result<Envelope, Error>where
R: RngCore + CryptoRng,
S: UserSecret,
P: UserPublic,
fn submit_message<R, S, P>(
&self,
rng: &mut R,
message: &[u8],
sender: &S,
recipient: &P,
) -> Result<Envelope, Error>where
R: RngCore + CryptoRng,
S: UserSecret,
P: UserPublic,
Encrypts and submits a message from sender to recipient.
Handles padding, plaintext construction (including sender reply keys), and hybrid encryption. This covers step 6 (source submissions) and step 9 (journalist replies) in the protocol spec.
§Errors
Returns an error if encryption fails.
Sourcefn handle_welcome(
&mut self,
welcome: &WelcomeBundle,
fpf_verifying_key: &VerifyingKey,
) -> Result<(), Error>
fn handle_welcome( &mut self, welcome: &WelcomeBundle, fpf_verifying_key: &VerifyingKey, ) -> Result<(), Error>
Verifies a newsroom WelcomeBundle and stores the newsroom key (step 5).
We check the FPF signature using the newsroom verifying key, then for every journalist in the roster we verify:
- the newsroom’s signature over the journalist’s verifying key
- the journalist’s signature over their long term keys
On success the newsroom key is stored, and the long term views can be cached and reused.
§Errors
Returns an error if the FPF signature or any journalist signature is invalid.
Sourcefn verify_long_term(
&self,
journalist: &JournalistLongTermView,
newsroom_verifying_key: &VerifyingKey,
) -> Result<(), Error>
fn verify_long_term( &self, journalist: &JournalistLongTermView, newsroom_verifying_key: &VerifyingKey, ) -> Result<(), Error>
Verifies one journalist’s long-term view against a trusted newsroom verifying key, the newsroom’s signature over the journalist’s verifying key, and the journalist’s signature over their long term keys.
§Errors
Returns an error if either signature is invalid.
Sourcefn verify_ephemeral(
&self,
long_term: &JournalistLongTermView,
ephemeral: &SignedKeyBundlePublic,
) -> Result<JournalistPublicView, Error>
fn verify_ephemeral( &self, long_term: &JournalistLongTermView, ephemeral: &SignedKeyBundlePublic, ) -> Result<JournalistPublicView, Error>
Verifies a journalist’s one-time bundle against their already verified
long-term view and assembles a JournalistPublicView for encryption.
§Errors
Returns an error if the signature on the one-time bundle is invalid.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.