securedrop_protocol_minimal/wire/setup.rs
1//! The setup steps included here are:
2//! * Newsroom onboarding (step 2 in the spec),
3//! * Journalist initial onboarding (step 3.1 in the spec),
4//! * Journalist ephemeral key replenishment (step 3.2 in the spec).
5//!
6//! The FPF setup process (step 1 in the spec) and source initial setup (step 4 in the spec)
7//! are both local only and do not involve any protocol messages.
8
9use alloc::vec::Vec;
10
11use serde::{Deserialize, Serialize};
12
13use crate::sign::{FpfOnNewsroom, NewsroomOnJournalist, Signature, VerifyingKey};
14use crate::{Enrollment, SignedKeyBundlePublic};
15
16/// Request from the newsroom to FPF for verification.
17///
18/// Step 2 in the spec.
19#[derive(Debug)]
20pub struct NewsroomSetupRequest {
21 pub newsroom_verifying_key: VerifyingKey,
22}
23
24/// Response from FPF to the newsroom.
25///
26/// Step 2 in the spec.
27#[derive(Debug)]
28pub struct NewsroomSetupResponse {
29 /// A signature over the newsroom verifying key by the FPF signing key
30 pub sig: Signature<FpfOnNewsroom>,
31}
32
33/// Request from the journalist to the newsroom for initial onboarding.
34///
35/// Step 3.1 in the spec.
36#[derive(Debug)]
37#[cfg_attr(not(hax), derive(Serialize, Deserialize))]
38pub struct JournalistSetupRequest {
39 pub enrollment: Enrollment,
40}
41
42/// Response from the newsroom to the journalist for initial onboarding.
43///
44/// Step 3.1 in the spec.
45#[derive(Debug)]
46#[cfg_attr(not(hax), derive(Serialize, Deserialize))]
47pub struct JournalistSetupResponse {
48 /// A signature over the journalist enrollment bundle by the newsroom signing key
49 pub sig: Signature<NewsroomOnJournalist>,
50}
51
52/// Request from the journalist to the SecureDrop server for ephemeral key replenishment.
53///
54/// Step 3.2 in the spec.
55#[derive(Debug)]
56#[cfg_attr(not(hax), derive(Serialize, Deserialize))]
57pub struct JournalistEphemeralKeyRequest {
58 /// The journalist's long-term signing key, used by the server to look up the journalist
59 /// and verify each bundle signature.
60 pub verifying_key: VerifyingKey,
61 /// The signed ephemeral key bundles to be stored by the server.
62 pub bundles: Vec<SignedKeyBundlePublic>,
63}
64
65/// Response from the SecureDrop server to the journalist for ephemeral key replenishment.
66///
67/// Step 3.2 in the spec.
68#[derive(Debug)]
69#[cfg_attr(not(hax), derive(Serialize, Deserialize))]
70pub struct JournalistEphemeralKeyResponse {
71 /// The number of ephemeral key bundles now stored by the server for this journalist.
72 pub stored: usize,
73}