deltachat/
aheader.rs

1//! # Autocrypt header module.
2//!
3//! Parse and create [Autocrypt-headers](https://autocrypt.org/en/latest/level1.html#the-autocrypt-header).
4
5use std::collections::BTreeMap;
6use std::fmt;
7use std::str::FromStr;
8
9use anyhow::{Context as _, Error, Result, bail};
10
11use crate::key::{DcKey, SignedPublicKey};
12
13/// Possible values for encryption preference
14#[derive(PartialEq, Eq, Debug, Default, Clone, Copy, FromPrimitive, ToPrimitive)]
15#[repr(u8)]
16pub enum EncryptPreference {
17    #[default]
18    NoPreference = 0,
19    Mutual = 1,
20}
21
22impl fmt::Display for EncryptPreference {
23    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
24        match *self {
25            EncryptPreference::Mutual => write!(fmt, "mutual"),
26            EncryptPreference::NoPreference => write!(fmt, "nopreference"),
27        }
28    }
29}
30
31impl FromStr for EncryptPreference {
32    type Err = Error;
33
34    fn from_str(s: &str) -> Result<Self> {
35        match s {
36            "mutual" => Ok(EncryptPreference::Mutual),
37            "nopreference" => Ok(EncryptPreference::NoPreference),
38            _ => bail!("Cannot parse encryption preference {s}"),
39        }
40    }
41}
42
43/// Autocrypt header
44#[derive(Debug)]
45pub struct Aheader {
46    pub addr: String,
47    pub public_key: SignedPublicKey,
48    pub prefer_encrypt: EncryptPreference,
49
50    // Whether `_verified` attribute is present.
51    //
52    // `_verified` attribute is an extension to `Autocrypt-Gossip`
53    // header that is used to tell that the sender
54    // marked this key as verified.
55    pub verified: bool,
56}
57
58impl fmt::Display for Aheader {
59    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
60        write!(fmt, "addr={};", self.addr.to_lowercase())?;
61        if self.prefer_encrypt == EncryptPreference::Mutual {
62            write!(fmt, " prefer-encrypt=mutual;")?;
63        }
64        // TODO After we reset all existing verifications,
65        // we want to start sending the _verified attribute
66        // if self.verified {
67        //     write!(fmt, " _verified=1;")?;
68        // }
69
70        // adds a whitespace every 78 characters, this allows
71        // email crate to wrap the lines according to RFC 5322
72        // (which may insert a linebreak before every whitespace)
73        let keydata = self.public_key.to_base64().chars().enumerate().fold(
74            String::new(),
75            |mut res, (i, c)| {
76                #[expect(clippy::arithmetic_side_effects)]
77                if i % 78 == 78 - "keydata=".len() {
78                    res.push(' ')
79                }
80                res.push(c);
81                res
82            },
83        );
84        write!(fmt, " keydata={keydata}")
85    }
86}
87
88impl FromStr for Aheader {
89    type Err = Error;
90
91    fn from_str(s: &str) -> Result<Self> {
92        let mut attributes: BTreeMap<String, String> = s
93            .split(';')
94            .filter_map(|a| {
95                let attribute: Vec<&str> = a.trim().splitn(2, '=').collect();
96                match &attribute[..] {
97                    [key, value] => Some((key.trim().to_string(), value.trim().to_string())),
98                    _ => None,
99                }
100            })
101            .collect();
102
103        let addr = match attributes.remove("addr") {
104            Some(addr) => addr,
105            None => bail!("Autocrypt header has no addr"),
106        };
107        let public_key: SignedPublicKey = attributes
108            .remove("keydata")
109            .context("keydata attribute is not found")
110            .and_then(|raw| {
111                SignedPublicKey::from_base64(&raw).context("autocrypt key cannot be decoded")
112            })
113            .and_then(|key| {
114                key.verify_bindings()
115                    .and(Ok(key))
116                    .context("Autocrypt key cannot be verified")
117            })?;
118
119        let prefer_encrypt = attributes
120            .remove("prefer-encrypt")
121            .and_then(|raw| raw.parse().ok())
122            .unwrap_or_default();
123
124        let verified = attributes.remove("_verified").is_some();
125
126        // Autocrypt-Level0: unknown attributes starting with an underscore can be safely ignored
127        // Autocrypt-Level0: unknown attribute, treat the header as invalid
128        if attributes.keys().any(|k| !k.starts_with('_')) {
129            bail!("Unknown Autocrypt attribute found");
130        }
131
132        Ok(Aheader {
133            addr,
134            public_key,
135            prefer_encrypt,
136            verified,
137        })
138    }
139}
140
141#[cfg(test)]
142mod tests {
143    use super::*;
144
145    const RAWKEY: &str = "xsBNBFzG3j0BCAC6iNhT8zydvCXi8LI/gFnkadMbfmSE/rTJskRRra/utGbLyDta/yTrJgWL7O3y/g4HdDW/dN2z26Y6W13IMzx9gLInn1KQZChtqWAcr/ReUucXcymwcfg1mdkBGk3TSLeLihN6CJx8Wsv8ig+kgAzte4f5rqEEAJVQ9WZHuti7UiYs6oRzqTo06CRe9owVXxzdMf0VDQtf7ZFm9dpzKKbhH7Lu8880iiotQ9/yRCkDGp9fNThsrLdZiK6OIAcIBAqi2rI89aS1dAmnRbktQieCx5izzyYkR1KvVL3gTTllHOzfKVEC2asmtWu2e4se/+O4WMIS1eGrn7GeWVb0Vwc5ABEBAAHNETxhQEBiLmV4YW1wbGUuZGU+wsCJBBABCAAzAhkBBQJcxt5FAhsDBAsJCAcGFQgJCgsCAxYCARYhBI4xxYKBgH3ANh5cufaKrc9mtiMLAAoJEPaKrc9mtiML938H/18F+3Wf9/JaAy/8hCO1v4S2PVBhxaKCokaNFtkfaMRne2l087LscCFPiFNyb4mv6Z3YeK8Xpxlp2sI0ecvdiqLUOGfnxS6tQrj+83EjtIrZ/hXOk1h121QFWH9Zg2VNHtODXjAgdLDC0NWUrclR0ZOqEDQHeo0ibTILdokVfXFN25wakPmGaYJP2y729cb1ve7RzvIvwn+Dddfxo3ao72rBfLi7l4NQ4S0KsY4cw+/6l5bRCKYCP77wZtvCwUvfVVosLdT43agtSiBI49+ayqvZ8OCvSJa61i+v81brTiEy9GBod4eAp45Ibsuemkw+gon4ZOvUXHTjwFB+h63MrozOwE0EXMbePQEIAL/vauf1zK8JgCu3V+G+SOX0iWw5xUlCPX+ERpBbWfwu3uAqn4wYXD3JDE/fVAF668xiV4eTPtlSUd5h0mn+G7uXMMOtkb+20SoEt50f8zw8TrL9t+ZsV11GKZWJpCar5AhXWsn6EEi8I2hLL5vn55ZZmHuGgN4jjmkRl3ToKCLhaXwTBjCJem7N5EH7F75wErEITa55v4Lb4Nfca7vnvtYrI1OA446xa8gHra0SINelTD09/JM/Fw4sWVPBaRZmJK/Tnu79N23No9XBUubmFPv1pNexZsQclicnTpt/BEWhiun7d6lfGB63K1aoHRTR1pcrWvBuALuuz0gqar2zlI0AEQEAAcLAdgQYAQgAIAUCXMbeRQIbDBYhBI4xxYKBgH3ANh5cufaKrc9mtiMLAAoJEPaKrc9mtiMLKSEIAIyLCRO2OyZ0IYRvRPpMn4p7E+7Pfcz/0mSkOy+1hshgJnqivXurm8zwGrwdMqeV4eslKR9H1RUdWGUQJNbtwmmjrt5DHpIhYHl5t3FpCBaGbV20Omo00Q38lBl9MtrmZkZw+ktEk6X+0xCKssMF+2MADkSOIufbR5HrDVB89VZOHCO9DeXvCUUAw2hyJiL/LHmLzJ40zYoTmb+F//f0k0j+tRdbkefyRoCmwG7YGiT+2hnCdgcezswnzah5J3ZKlrg7jOGo1LxtbvNUzxNBbC6S/aNgwm6qxo7xegRhmEl5uZ16zwyj4qz+xkjGy25Of5mWfUDoNw7OT7sjUbHOOMc=";
146
147    #[test]
148    fn test_from_str() -> Result<()> {
149        let h: Aheader =
150            format!("addr=me@mail.com; prefer-encrypt=mutual; keydata={RAWKEY}").parse()?;
151
152        assert_eq!(h.addr, "me@mail.com");
153        assert_eq!(h.prefer_encrypt, EncryptPreference::Mutual);
154        assert_eq!(h.verified, false);
155        Ok(())
156    }
157
158    // Non-standard values of prefer-encrypt such as `reset` are treated as no preference.
159    #[test]
160    fn test_from_str_reset() -> Result<()> {
161        let raw = format!("addr=reset@example.com; prefer-encrypt=reset; keydata={RAWKEY}");
162        let h: Aheader = raw.parse()?;
163
164        assert_eq!(h.addr, "reset@example.com");
165        assert_eq!(h.prefer_encrypt, EncryptPreference::NoPreference);
166        Ok(())
167    }
168
169    #[test]
170    fn test_from_str_non_critical() -> Result<()> {
171        let raw = format!("addr=me@mail.com; _foo=one; _bar=two; keydata={RAWKEY}");
172        let h: Aheader = raw.parse()?;
173
174        assert_eq!(h.addr, "me@mail.com");
175        assert_eq!(h.prefer_encrypt, EncryptPreference::NoPreference);
176        Ok(())
177    }
178
179    #[test]
180    fn test_from_str_superflous_critical() {
181        let raw = format!("addr=me@mail.com; _foo=one; _bar=two; other=me; keydata={RAWKEY}");
182        assert!(raw.parse::<Aheader>().is_err());
183    }
184
185    #[test]
186    fn test_good_headers() -> Result<()> {
187        let fixed_header = concat!(
188            "addr=a@b.example.org; prefer-encrypt=mutual; ",
189            "keydata=xsBNBFzG3j0BCAC6iNhT8zydvCXi8LI/gFnkadMbfmSE/rTJskRRra/utGbLyDta/yTrJg",
190            " WL7O3y/g4HdDW/dN2z26Y6W13IMzx9gLInn1KQZChtqWAcr/ReUucXcymwcfg1mdkBGk3TSLeLihN6",
191            " CJx8Wsv8ig+kgAzte4f5rqEEAJVQ9WZHuti7UiYs6oRzqTo06CRe9owVXxzdMf0VDQtf7ZFm9dpzKK",
192            " bhH7Lu8880iiotQ9/yRCkDGp9fNThsrLdZiK6OIAcIBAqi2rI89aS1dAmnRbktQieCx5izzyYkR1Kv",
193            " VL3gTTllHOzfKVEC2asmtWu2e4se/+O4WMIS1eGrn7GeWVb0Vwc5ABEBAAHNETxhQEBiLmV4YW1wbG",
194            " UuZGU+wsCJBBABCAAzAhkBBQJcxt5FAhsDBAsJCAcGFQgJCgsCAxYCARYhBI4xxYKBgH3ANh5cufaK",
195            " rc9mtiMLAAoJEPaKrc9mtiML938H/18F+3Wf9/JaAy/8hCO1v4S2PVBhxaKCokaNFtkfaMRne2l087",
196            " LscCFPiFNyb4mv6Z3YeK8Xpxlp2sI0ecvdiqLUOGfnxS6tQrj+83EjtIrZ/hXOk1h121QFWH9Zg2VN",
197            " HtODXjAgdLDC0NWUrclR0ZOqEDQHeo0ibTILdokVfXFN25wakPmGaYJP2y729cb1ve7RzvIvwn+Ddd",
198            " fxo3ao72rBfLi7l4NQ4S0KsY4cw+/6l5bRCKYCP77wZtvCwUvfVVosLdT43agtSiBI49+ayqvZ8OCv",
199            " SJa61i+v81brTiEy9GBod4eAp45Ibsuemkw+gon4ZOvUXHTjwFB+h63MrozOwE0EXMbePQEIAL/vau",
200            " f1zK8JgCu3V+G+SOX0iWw5xUlCPX+ERpBbWfwu3uAqn4wYXD3JDE/fVAF668xiV4eTPtlSUd5h0mn+",
201            " G7uXMMOtkb+20SoEt50f8zw8TrL9t+ZsV11GKZWJpCar5AhXWsn6EEi8I2hLL5vn55ZZmHuGgN4jjm",
202            " kRl3ToKCLhaXwTBjCJem7N5EH7F75wErEITa55v4Lb4Nfca7vnvtYrI1OA446xa8gHra0SINelTD09",
203            " /JM/Fw4sWVPBaRZmJK/Tnu79N23No9XBUubmFPv1pNexZsQclicnTpt/BEWhiun7d6lfGB63K1aoHR",
204            " TR1pcrWvBuALuuz0gqar2zlI0AEQEAAcLAdgQYAQgAIAUCXMbeRQIbDBYhBI4xxYKBgH3ANh5cufaK",
205            " rc9mtiMLAAoJEPaKrc9mtiMLKSEIAIyLCRO2OyZ0IYRvRPpMn4p7E+7Pfcz/0mSkOy+1hshgJnqivX",
206            " urm8zwGrwdMqeV4eslKR9H1RUdWGUQJNbtwmmjrt5DHpIhYHl5t3FpCBaGbV20Omo00Q38lBl9Mtrm",
207            " ZkZw+ktEk6X+0xCKssMF+2MADkSOIufbR5HrDVB89VZOHCO9DeXvCUUAw2hyJiL/LHmLzJ40zYoTmb",
208            " +F//f0k0j+tRdbkefyRoCmwG7YGiT+2hnCdgcezswnzah5J3ZKlrg7jOGo1LxtbvNUzxNBbC6S/aNg",
209            " wm6qxo7xegRhmEl5uZ16zwyj4qz+xkjGy25Of5mWfUDoNw7OT7sjUbHOOMc="
210        );
211
212        let ah = Aheader::from_str(fixed_header)?;
213        assert_eq!(ah.addr, "a@b.example.org");
214        assert_eq!(ah.prefer_encrypt, EncryptPreference::Mutual);
215        assert_eq!(format!("{ah}"), fixed_header);
216
217        let rendered = ah.to_string();
218        assert_eq!(rendered, fixed_header);
219
220        let ah = Aheader::from_str(&format!(
221            " _foo; __FOO=BAR ;;; addr = a@b.example.org ;\r\n   prefer-encrypt = mutual ; keydata = {RAWKEY}"
222        ))?;
223        assert_eq!(ah.addr, "a@b.example.org");
224        assert_eq!(ah.prefer_encrypt, EncryptPreference::Mutual);
225
226        Aheader::from_str(&format!(
227            "addr=a@b.example.org; prefer-encrypt=ignoreUnknownValues; keydata={RAWKEY}"
228        ))?;
229
230        Aheader::from_str(&format!("addr=a@b.example.org; keydata={RAWKEY}"))?;
231        Ok(())
232    }
233
234    #[test]
235    fn test_bad_headers() {
236        assert!(Aheader::from_str("").is_err());
237        assert!(Aheader::from_str("foo").is_err());
238        assert!(Aheader::from_str("\n\n\n").is_err());
239        assert!(Aheader::from_str(" ;;").is_err());
240        assert!(Aheader::from_str("addr=a@t.de; unknown=1; keydata=jau").is_err());
241    }
242
243    #[test]
244    fn test_display_aheader() {
245        assert!(
246            format!(
247                "{}",
248                Aheader {
249                    addr: "test@example.com".to_string(),
250                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
251                    prefer_encrypt: EncryptPreference::Mutual,
252                    verified: false
253                }
254            )
255            .contains("prefer-encrypt=mutual;")
256        );
257
258        // According to Autocrypt Level 1 specification,
259        // only "prefer-encrypt=mutual;" can be used.
260        // If the setting is nopreference, the whole attribute is omitted.
261        assert!(
262            !format!(
263                "{}",
264                Aheader {
265                    addr: "test@example.com".to_string(),
266                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
267                    prefer_encrypt: EncryptPreference::NoPreference,
268                    verified: false
269                }
270            )
271            .contains("prefer-encrypt")
272        );
273
274        // Always lowercase the address in the header.
275        assert!(
276            format!(
277                "{}",
278                Aheader {
279                    addr: "TeSt@eXaMpLe.cOm".to_string(),
280                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
281                    prefer_encrypt: EncryptPreference::Mutual,
282                    verified: false
283                }
284            )
285            .contains("test@example.com")
286        );
287
288        // We don't send the _verified header yet:
289        assert!(
290            !format!(
291                "{}",
292                Aheader {
293                    addr: "test@example.com".to_string(),
294                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
295                    prefer_encrypt: EncryptPreference::NoPreference,
296                    verified: true
297                }
298            )
299            .contains("_verified")
300        );
301    }
302}