Skip to main content

Source

securedrop_protocol_minimal::source

Struct Source 

Source 
pub struct Source { /* private fields */ }
Expand description

A source and their long-term key material (step 4).

A source’s keys are fully determined by their passphrase: the fetch key, APKE key, and PKE key are all derived from a master key via Argon2id and a domain-separated KDF. Returning sources reconstruct the same keys by calling Source::from_passphrase with the same passphrase.

Implementations§

Source§

impl Source

Source

pub fn new<R: RngCore + CryptoRng>(rng: R) -> Self

Create a new source with a randomly generated passphrase.

TODO / For testing only - in production the passphrase must be a mnemonic of sufficient entropy generated and displayed to the source.

Source

pub fn passphrase(&self) -> &[u8]

Returns the source’s passphrase.

§Security

The passphrase is the root secret from which all source keys are derived. It MUST be stored and transmitted only over secure channels.

Source

pub fn from_passphrase(passphrase: &[u8]) -> Self

Reconstruct source keys from a passphrase (step 4).

Derives a master key via Source::derive_master_key, then derives each private key from the master key using a domain-separated KDF.

Source

pub fn public(&self) -> SourcePublicView

Returns the public key material for this source.

Trait Implementations§

Source§

impl Client for Source

Source§

fn newsroom_verifying_key(&self) -> Option<&VerifyingKey>

Returns the stored newsroom verifying key, if one has been verified.
Source§

fn set_newsroom_verifying_key(&mut self, key: VerifyingKey)

Stores a verified newsroom verifying key.
Source§

impl Debug for Source

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl UserSecret for Source

Private, common to all users, implemented for sources

Source§

fn num_bundles(&self) -> usize

Source§

fn fetch_keypair(&self) -> (&DHPrivateKey, &DHPublicKey)

Source§

fn message_auth_key(&self) -> &MessagePrivateKey

The long-term SD-APKE private key sk^APKE.
Source§

fn message_auth_pk(&self) -> &MessagePublicKey

The long-term SD-APKE public key pk^APKE.
Source§

fn build_message(&self, message: Vec<u8>) -> Plaintext

Source§

fn keybundles(&self) -> Vec<&MessageKeyBundle>

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Api for T
where T: Client,

Source§

fn fetch_newsroom_keys(&self) -> SourceNewsroomKeyRequest

Creates a request to fetch the newsroom’s public keys from the server.

This is the first part of step 5 in the protocol spec.

Source§

fn fetch_journalist_keys(&self) -> SourceJournalistKeyRequest

Creates a request to fetch journalist public keys from the server.

This is the second part of step 5 in the protocol spec. The server responds with long-term keys and a one-time ephemeral key bundle for each available journalist.

Source§

fn fetch_message_ids<R>(&self, _rng: &mut R) -> MessageChallengeFetchRequest
where R: RngCore + CryptoRng,

Creates a request to fetch encrypted message IDs from the server.

Corresponds to step 7 in the protocol spec. The server returns a fixed-size set of challenges (encrypted message IDs) that the client must solve using solve_fetch_challenges.

Source§

fn solve_fetch_challenges( &self, challenges: &[FetchResponse], ) -> Result<Vec<Uuid>, Error>
where T: UserSecret,

Solves the encrypted message-ID challenges returned by the server.

Each FetchResponse contains an encrypted message ID and a per-request DH share. The client uses its fetch keypair to recover message IDs that were addressed to it, discarding the rest.

Returns the set of Uuids for messages belonging to this client.

Source§

fn fetch_message(&self, message_id: Uuid) -> Option<MessageFetchRequest>

Creates a request to fetch a specific message by its ID.

Corresponds to steps 8 and 10 in the protocol spec. Returns None if the request cannot be constructed (the default implementation always returns Some).

Source§

fn submit_message<R, S, P>( &self, rng: &mut R, message: &[u8], sender: &S, recipient: &P, ) -> Result<Envelope, Error>
where R: RngCore + CryptoRng, S: UserSecret, P: UserPublic,

Encrypts and submits a message from sender to recipient.

Handles padding, plaintext construction (including sender reply keys), and hybrid encryption. This covers step 6 (source submissions) and step 9 (journalist replies) in the protocol spec.

§Errors

Returns an error if encryption fails.

Source§

fn handle_newsroom_key_response( &mut self, response: &SourceNewsroomKeyResponse, fpf_verifying_key: &VerifyingKey, ) -> Result<(), Error>

Verifies and stores the newsroom’s verifying key from a server response.

Checks the FPF signature over the newsroom verifying key, and if valid, stores it for subsequent journalist key verification.

§Errors

Returns an error if the FPF signature is invalid.

Source§

fn handle_journalist_key_response( &self, response: &SourceJournalistKeyResponse, newsroom_verifying_key: &VerifyingKey, ) -> Result<(), Error>

Verifies a journalist’s key response against the newsroom’s signature.

Performs three signature checks:

  1. The newsroom’s signature over the journalist’s verifying key.
  2. The journalist’s self-signature over their long-term key bundle.
  3. The journalist’s self-signature over their one-time keys.
§Errors

Returns an error if any signature check fails.

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> Classify for T

§

type Classified = T

§

fn classify(self) -> T

§

impl<T> Classify for T

§

type Classified = T

§

fn classify(self) -> T

§

impl<T> Declassify for T

§

type Declassified = T

§

fn declassify(self) -> T

§

impl<T> Declassify for T

§

type Declassified = T

§

fn declassify(self) -> T

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V