Skip to main content

securedrop_protocol_minimal/wire/
core.rs

1use crate::sign::{FpfOnNewsroom, NewsroomOnJournalist, Signature, VerifyingKey};
2use crate::{FetchResponse, JournalistPublicView};
3use alloc::vec::Vec;
4use uuid::Uuid;
5
6/// Source fetches keys for the newsroom
7///
8/// This is the first request in step 5 of the spec.
9pub struct SourceNewsroomKeyRequest {}
10
11/// Newsroom returns their keys and proof of onboarding.
12///
13/// This is the first response in step 5 of the spec.
14pub struct SourceNewsroomKeyResponse {
15    pub newsroom_verifying_key: VerifyingKey,
16    pub fpf_sig: Signature<FpfOnNewsroom>,
17}
18
19/// Source fetches journalist keys for the newsroom
20///
21/// This is part of step 5 in the spec.
22///
23/// Note: This isn't currently written down in the spec, but
24/// should occur right before the server provides a long-term
25/// key and an ephmeral key bundle for the journalist.
26pub struct SourceJournalistKeyRequest {}
27
28/// Server returns journalist long-term keys and ephemeral keys
29///
30/// This is the second part of step 5 in the spec.
31///
32/// Updated for 0.3 spec with new key types:
33/// - ephemeral_dh_pk: MLKEM-768 for message enc PSK (one-time)
34/// - ephemeral_kem_pk: DH-AKEM for message enc (one-time)
35/// - ephemeral_pke_pk: XWING for metadata enc (one-time)
36/// TODO: this may be split into 2 responses, one that contains
37/// static keys and one that contains one-time keys
38pub struct SourceJournalistKeyResponse {
39    pub journalist: JournalistPublicView,
40    pub nr_signature: Signature<NewsroomOnJournalist>,
41}
42
43/// User (source or journalist) fetches message IDs
44///
45/// This corresponds to step 7 in the spec.
46pub struct MessageChallengeFetchRequest {}
47
48/// Server returns encrypted message IDs
49///
50/// This corresponds to step 7 in the spec.
51pub struct MessageChallengeFetchResponse {
52    /// Number of message entries returned
53    /// TODO: constant size array
54    pub count: usize,
55    /// Array of FetchResponses, aka (enc_id, pmgdh) pairs, where encid/cid is encrypted message ID and pmgdh (Q) is the group DH share
56    pub messages: Vec<FetchResponse>,
57}
58
59/// User fetches a specific message by ID
60///
61/// This corresponds to step 8 and 10 in the spec.
62pub struct MessageFetchRequest {
63    /// Message ID to fetch
64    pub message_id: Uuid,
65}