pub struct Source { /* private fields */ }Expand description
A source and their long-term key material (step 4).
A source’s keys are fully determined by their passphrase, a 12-word BIP39
mnemonic. The mnemonic’s 16-byte entropy is used directly as the master key
mk, from which the fetch key, APKE key, and PKE key are derived with a
domain-separated KDF. Returning sources reconstruct the same keys by calling
Source::from_passphrase with the same mnemonic.
Implementations§
Source§impl Source
impl Source
Sourcepub fn new<R: RngCore + CryptoRng>(rng: R) -> Self
pub fn new<R: RngCore + CryptoRng>(rng: R) -> Self
Create a new source with a randomly generated 12-word BIP39 mnemonic.
Sourcepub fn passphrase(&self) -> &str
pub fn passphrase(&self) -> &str
Returns the source’s passphrase as a 12-word BIP39 mnemonic.
§Security
The passphrase is the root secret from which all source keys are derived. It MUST be stored and transmitted only over secure channels.
Sourcepub fn from_passphrase(passphrase: &str) -> Result<Self, Error>
pub fn from_passphrase(passphrase: &str) -> Result<Self, Error>
Reconstruct source keys from a 12-word BIP39 mnemonic (step 4).
§Errors
Returns an error if passphrase is not a valid 12-word BIP39 mnemonic,
i.e. it contains an unknown word, has the wrong length, or fails the
checksum.
Sourcepub fn public(&self) -> SourcePublicView
pub fn public(&self) -> SourcePublicView
Returns the public key material for this source.
Trait Implementations§
Source§impl Client for Source
impl Client for Source
Source§fn newsroom_verifying_key(&self) -> Option<&VerifyingKey>
fn newsroom_verifying_key(&self) -> Option<&VerifyingKey>
Source§fn set_newsroom_verifying_key(&mut self, key: VerifyingKey)
fn set_newsroom_verifying_key(&mut self, key: VerifyingKey)
Source§impl UserSecret for Source
Private, common to all users, implemented for sources
impl UserSecret for Source
Private, common to all users, implemented for sources
fn num_bundles(&self) -> usize
fn fetch_keypair(&self) -> (&DHPrivateKey, &DHPublicKey)
Source§fn message_auth_key(&self) -> &MessagePrivateKey
fn message_auth_key(&self) -> &MessagePrivateKey
sk^APKE.Source§fn own_message_auth_pk(&self) -> &MessagePublicKey
fn own_message_auth_pk(&self) -> &MessagePublicKey
pk^APKE.fn build_message(&self, message: Vec<u8>) -> Plaintext
fn keybundles(&self) -> Vec<&MessageKeyBundle>
Auto Trait Implementations§
impl Freeze for Source
impl RefUnwindSafe for Source
impl Send for Source
impl Sync for Source
impl Unpin for Source
impl UnsafeUnpin for Source
impl UnwindSafe for Source
Blanket Implementations§
Source§impl<T> Api for Twhere
T: Client,
impl<T> Api for Twhere
T: Client,
Source§fn fetch_message_ids<R>(&self, _rng: &mut R) -> MessageChallengeFetchRequestwhere
R: RngCore + CryptoRng,
fn fetch_message_ids<R>(&self, _rng: &mut R) -> MessageChallengeFetchRequestwhere
R: RngCore + CryptoRng,
Creates a request to fetch encrypted message IDs from the server.
Corresponds to step 7 in the protocol spec. The server returns a
fixed-size set of challenges (encrypted message IDs) that the client
must solve using solve_fetch_challenges.
Source§fn solve_fetch_challenges(
&self,
challenges: &[FetchResponse],
) -> Result<Vec<Uuid>, Error>where
T: UserSecret,
fn solve_fetch_challenges(
&self,
challenges: &[FetchResponse],
) -> Result<Vec<Uuid>, Error>where
T: UserSecret,
Solves the encrypted message-ID challenges returned by the server.
Each FetchResponse contains an encrypted message ID and a
per-request DH share. The client uses its fetch keypair to recover
message IDs that were addressed to it, discarding the rest.
Returns the set of Uuids for messages belonging to this client.
Source§fn fetch_message(&self, message_id: Uuid) -> Option<MessageFetchRequest>
fn fetch_message(&self, message_id: Uuid) -> Option<MessageFetchRequest>
Creates a request to fetch a specific message by its ID.
Corresponds to steps 8 and 10 in the protocol spec. Returns None
if the request cannot be constructed (the default implementation
always returns Some).
Source§fn submit_message<R, S, P>(
&self,
rng: &mut R,
message: &[u8],
sender: &S,
recipient: &P,
) -> Result<Envelope, Error>where
R: RngCore + CryptoRng,
S: UserSecret,
P: UserPublic,
fn submit_message<R, S, P>(
&self,
rng: &mut R,
message: &[u8],
sender: &S,
recipient: &P,
) -> Result<Envelope, Error>where
R: RngCore + CryptoRng,
S: UserSecret,
P: UserPublic,
Encrypts and submits a message from sender to recipient.
Handles padding, plaintext construction (including sender reply keys), and hybrid encryption. This covers step 6 (source submissions) and step 9 (journalist replies) in the protocol spec.
§Errors
Returns an error if encryption fails.
Source§fn handle_welcome(
&mut self,
welcome: &WelcomeBundle,
fpf_verifying_key: &VerifyingKey,
) -> Result<(), Error>
fn handle_welcome( &mut self, welcome: &WelcomeBundle, fpf_verifying_key: &VerifyingKey, ) -> Result<(), Error>
WelcomeBundle and stores the newsroom key (step 5). Read moreSource§fn verify_long_term(
&self,
journalist: &JournalistLongTermView,
newsroom_verifying_key: &VerifyingKey,
) -> Result<(), Error>
fn verify_long_term( &self, journalist: &JournalistLongTermView, newsroom_verifying_key: &VerifyingKey, ) -> Result<(), Error>
Source§fn verify_ephemeral(
&self,
long_term: &JournalistLongTermView,
ephemeral: &(KeyBundlePublic, Signature<JournalistEphemeralKey>),
) -> Result<JournalistPublicView, Error>
fn verify_ephemeral( &self, long_term: &JournalistLongTermView, ephemeral: &(KeyBundlePublic, Signature<JournalistEphemeralKey>), ) -> Result<JournalistPublicView, Error>
JournalistPublicView for encryption. Read more