Skip to main content

securedrop_protocol_minimal/
traits.rs

1use crate::VerifyingKey;
2use crate::message::{MessagePrivateKey, MessagePublicKey};
3use crate::metadata::MetadataPublicKey;
4use crate::primitives::x25519::DHPrivateKey;
5use crate::primitives::x25519::DHPublicKey;
6use crate::sign::{JournalistEphemeralKey, JournalistLongTermKey, Signature};
7use alloc::vec::Vec;
8
9use crate::ciphertext::Plaintext;
10use crate::keys::{
11    Enrollment, KeyBundlePublic, MessageKeyBundle, SignedKeyBundlePublic, SignedLongtermPubKeyBytes,
12};
13
14// Sealed traits that downstream crates should not implement.
15// Do not re-export!
16use crate::sealed;
17
18////////////////////////
19///
20/// Users have the following (public traits) in common:
21/// They expose a fetch pubkey, a message auth pubkey
22/// (implicit authentication),
23/// and a collection of KeyBundles (tuples of keys - a keybundle contains
24/// all the key material required to send a message to a given user).
25/// A Source has a KeyBundle collection of size 1.
26/// A Journalist has KeyBundle collection of size > 1.
27/// Some users (Sources) use a key from their message bundle as
28/// their message auth key.
29pub trait UserPublic {
30    fn fetch_pk(&self) -> &DHPublicKey;
31    /// The long-term SD-APKE public key `pk^APKE`.
32    fn message_auth_pk(&self) -> &MessagePublicKey;
33    fn message_metadata_pk(&self) -> &MetadataPublicKey;
34    /// The ephemeral SD-APKE public key `pk^{APKE_E}` from a key bundle.
35    fn message_enc_pk(&self) -> &MessagePublicKey;
36}
37
38pub trait JournalistPublic: UserPublic {
39    fn verifying_key(&self) -> &VerifyingKey;
40    fn self_signature(&self) -> &Signature<JournalistLongTermKey>;
41    fn signed_keybytes(&self) -> &SignedLongtermPubKeyBytes;
42    fn ephemeral_bundle(&self) -> &KeyBundlePublic;
43    fn ephemeral_signature(&self) -> &Signature<JournalistEphemeralKey>;
44}
45
46pub trait Enrollable: sealed::Sealed {
47    fn signing_key(&self) -> &VerifyingKey;
48    fn enroll(&self) -> Enrollment;
49    /// Each item is a [`SignedKeyBundlePublic`]: the public keys together with the
50    /// journalist's self-signature over them.
51    fn signed_keybundles(&self) -> Vec<SignedKeyBundlePublic>;
52}
53
54/// Users have the following (secret traits) in common:
55/// They have a fetching keypair used to retrieve messages;
56/// They have a message authentication keypair used to implicitly
57/// authenticate their messages (via DH-AKEM);
58/// They can index a KeyBundle (tuple) and use it to attempt to
59/// decrypt a message.
60pub trait UserSecret: sealed::Sealed {
61    fn num_bundles(&self) -> usize;
62    fn fetch_keypair(&self) -> (&DHPrivateKey, &DHPublicKey);
63    /// The long-term SD-APKE private key `sk^APKE`.
64    fn message_auth_key(&self) -> &MessagePrivateKey;
65    /// The long-term SD-APKE public key `pk^APKE`.
66    fn message_auth_pk(&self) -> &MessagePublicKey;
67    fn build_message(&self, message: Vec<u8>) -> Plaintext;
68    fn keybundles(&self) -> Vec<&MessageKeyBundle>;
69}
70
71pub(crate) trait RestrictedApi: sealed::Sealed {}