securedrop_protocol_minimal/wire/setup.rs
1//! The setup steps included here are:
2//! * Newsroom onboarding (step 2 in the spec),
3//! * Journalist initial onboarding (step 3.1 in the spec),
4//! * Journalist ephemeral key replenishment (step 3.2 in the spec).
5//!
6//! The FPF setup process (step 1 in the spec) and source initial setup (step 4 in the spec)
7//! are both local only and do not involve any protocol messages.
8
9use alloc::vec::Vec;
10
11use crate::sign::{FpfOnNewsroom, NewsroomOnJournalist, Signature, VerifyingKey};
12use crate::{Enrollment, SignedKeyBundlePublic};
13
14/// Request from the newsroom to FPF for verification.
15///
16/// Step 2 in the spec.
17#[derive(Debug)]
18pub struct NewsroomSetupRequest {
19 pub newsroom_verifying_key: VerifyingKey,
20}
21
22/// Response from FPF to the newsroom.
23///
24/// Step 2 in the spec.
25#[derive(Debug)]
26pub struct NewsroomSetupResponse {
27 /// A signature over the newsroom verifying key by the FPF signing key
28 pub sig: Signature<FpfOnNewsroom>,
29}
30
31/// Request from the journalist to the newsroom for initial onboarding.
32///
33/// Step 3.1 in the spec.
34#[derive(Debug)]
35pub struct JournalistSetupRequest {
36 pub enrollment: Enrollment,
37}
38
39/// Response from the newsroom to the journalist for initial onboarding.
40///
41/// Step 3.1 in the spec.
42#[derive(Debug)]
43pub struct JournalistSetupResponse {
44 /// A signature over the journalist enrollment bundle by the newsroom signing key
45 pub sig: Signature<NewsroomOnJournalist>,
46}
47
48/// Request from the journalist to the SecureDrop server for ephemeral key replenishment.
49///
50/// Step 3.2 in the spec.
51#[derive(Debug)]
52pub struct JournalistEphemeralKeyRequest {
53 /// The journalist's long-term signing key, used by the server to look up the journalist
54 /// and verify each bundle signature.
55 pub verifying_key: VerifyingKey,
56 /// The signed ephemeral key bundles to be stored by the server.
57 pub bundles: Vec<SignedKeyBundlePublic>,
58}