Skip to main content

securedrop_protocol_minimal/wire/
core.rs

1use crate::FetchResponse;
2use crate::keys::{SignedKeyBundlePublic, SignedLongtermPubKeyBytes};
3use crate::message::MessagePublicKey;
4use crate::primitives::x25519::DHPublicKey;
5use crate::sign::{
6    FpfOnNewsroom, JournalistLongTermKey, NewsroomOnJournalist, Signature, VerifyingKey,
7};
8use alloc::vec::Vec;
9use serde::{Deserialize, Serialize};
10use uuid::Uuid;
11
12/// A journalist's long-term public key material, as carried in the
13/// [`WelcomeBundle`].
14///
15/// Combined with a one-time [`SignedKeyBundlePublic`] (fetched separately
16/// by an ephemeral key request) to reconstruct a `JournalistPublicView` for
17/// encryption.
18#[cfg_attr(not(hax), derive(Serialize, Deserialize))]
19pub struct JournalistLongTermView {
20    pub vk: VerifyingKey,
21    pub fetch_pk: DHPublicKey,
22    pub reply_apke_pk: MessagePublicKey,
23    pub signed_longterm_key_bytes: SignedLongtermPubKeyBytes,
24    pub selfsig: Signature<JournalistLongTermKey>,
25    pub nr_signature: Signature<NewsroomOnJournalist>,
26}
27
28/// The newsroom "welcome bundle" (step 5): this is everything a sender needs to
29/// begin - the newsroom verifying key, FPF's signature over it, and the roster
30/// of journalists' long-term keys/signatures.
31#[cfg_attr(not(hax), derive(Serialize, Deserialize))]
32pub struct WelcomeBundle {
33    pub newsroom_verifying_key: VerifyingKey,
34    pub fpf_sig: Signature<FpfOnNewsroom>,
35    pub journalists: Vec<JournalistLongTermView>,
36}
37
38/// One journalist's one-time (ephemeral) key bundle. `vk` identifies which
39/// journalist - the server consumes the bundle when it serves it.
40#[cfg_attr(not(hax), derive(Serialize, Deserialize))]
41pub struct JournalistEphemeralKeys {
42    pub vk: VerifyingKey,
43    pub ephemeral: SignedKeyBundlePublic,
44}
45
46/// User (source or journalist) fetches message IDs
47///
48/// This corresponds to step 7 in the spec.
49pub struct MessageChallengeFetchRequest {}
50
51/// Server returns encrypted message IDs
52///
53/// This corresponds to step 7 in the spec.
54#[cfg_attr(not(hax), derive(Serialize, Deserialize))]
55pub struct MessageChallengeFetchResponse {
56    /// Number of message entries returned
57    /// TODO: constant size array
58    pub count: usize,
59    /// Array of FetchResponses, aka (enc_id, pmgdh) pairs, where encid/cid is encrypted message ID and pmgdh (Q) is the group DH share
60    pub messages: Vec<FetchResponse>,
61}
62
63/// User fetches a specific message by ID
64///
65/// This corresponds to step 8 and 10 in the spec.
66pub struct MessageFetchRequest {
67    /// Message ID to fetch
68    pub message_id: Uuid,
69}