deltachat/
aheader.rs

1//! # Autocrypt header module.
2//!
3//! Parse and create [Autocrypt-headers](https://autocrypt.org/en/latest/level1.html#the-autocrypt-header).
4
5use std::collections::BTreeMap;
6use std::fmt;
7use std::str::FromStr;
8
9use anyhow::{Context as _, Error, Result, bail};
10
11use crate::key::{DcKey, SignedPublicKey};
12
13/// Possible values for encryption preference
14#[derive(PartialEq, Eq, Debug, Default, Clone, Copy, FromPrimitive, ToPrimitive)]
15#[repr(u8)]
16pub enum EncryptPreference {
17    #[default]
18    NoPreference = 0,
19    Mutual = 1,
20}
21
22impl fmt::Display for EncryptPreference {
23    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
24        match *self {
25            EncryptPreference::Mutual => write!(fmt, "mutual"),
26            EncryptPreference::NoPreference => write!(fmt, "nopreference"),
27        }
28    }
29}
30
31impl FromStr for EncryptPreference {
32    type Err = Error;
33
34    fn from_str(s: &str) -> Result<Self> {
35        match s {
36            "mutual" => Ok(EncryptPreference::Mutual),
37            "nopreference" => Ok(EncryptPreference::NoPreference),
38            _ => bail!("Cannot parse encryption preference {s}"),
39        }
40    }
41}
42
43/// Autocrypt header
44#[derive(Debug)]
45pub struct Aheader {
46    pub addr: String,
47    pub public_key: SignedPublicKey,
48    pub prefer_encrypt: EncryptPreference,
49
50    /// Whether `_verified` attribute is present.
51    ///
52    /// `_verified` attribute is an extension to `Autocrypt-Gossip`
53    /// header that is used to tell that the sender
54    /// marked this key as verified.
55    pub verified: bool,
56}
57
58impl fmt::Display for Aheader {
59    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
60        write!(fmt, "addr={};", self.addr.to_lowercase())?;
61        if self.prefer_encrypt == EncryptPreference::Mutual {
62            write!(fmt, " prefer-encrypt=mutual;")?;
63        }
64        // TODO After we reset all existing verifications,
65        // we want to start sending the _verified attribute
66        // if self.verified {
67        //     write!(fmt, " _verified=1;")?;
68        // }
69
70        // adds a whitespace every 78 characters, this allows
71        // email crate to wrap the lines according to RFC 5322
72        // (which may insert a linebreak before every whitespace)
73        let keydata = self.public_key.to_base64().chars().enumerate().fold(
74            String::new(),
75            |mut res, (i, c)| {
76                #[expect(clippy::arithmetic_side_effects)]
77                if i % 78 == 78 - "keydata=".len() {
78                    res.push(' ')
79                }
80                res.push(c);
81                res
82            },
83        );
84        write!(fmt, " keydata={keydata}")
85    }
86}
87
88impl FromStr for Aheader {
89    type Err = Error;
90
91    fn from_str(s: &str) -> Result<Self> {
92        let mut attributes: BTreeMap<String, String> = s
93            .split(';')
94            .filter_map(|a| {
95                let attribute: Vec<&str> = a.trim().splitn(2, '=').collect();
96                match &attribute[..] {
97                    [key, value] => Some((key.trim().to_string(), value.trim().to_string())),
98                    _ => None,
99                }
100            })
101            .collect();
102
103        let addr = match attributes.remove("addr") {
104            Some(addr) => addr,
105            None => bail!("Autocrypt header has no addr"),
106        };
107        let public_key: SignedPublicKey = attributes
108            .remove("keydata")
109            .context("keydata attribute is not found")
110            .and_then(|raw| {
111                SignedPublicKey::from_base64(&raw).context("Autocrypt key cannot be decoded")
112            })?;
113        public_key
114            .verify_bindings()
115            .context("Autocrypt key cannot be verified")?;
116
117        let prefer_encrypt = attributes
118            .remove("prefer-encrypt")
119            .and_then(|raw| raw.parse().ok())
120            .unwrap_or_default();
121
122        let verified = attributes.remove("_verified").is_some();
123
124        // Autocrypt-Level0: unknown attributes starting with an underscore can be safely ignored
125        // Autocrypt-Level0: unknown attribute, treat the header as invalid
126        if attributes.keys().any(|k| !k.starts_with('_')) {
127            bail!("Unknown Autocrypt attribute found");
128        }
129
130        Ok(Aheader {
131            addr,
132            public_key,
133            prefer_encrypt,
134            verified,
135        })
136    }
137}
138
139#[cfg(test)]
140mod tests {
141    use super::*;
142
143    const RAWKEY: &str = "xsBNBFzG3j0BCAC6iNhT8zydvCXi8LI/gFnkadMbfmSE/rTJskRRra/utGbLyDta/yTrJgWL7O3y/g4HdDW/dN2z26Y6W13IMzx9gLInn1KQZChtqWAcr/ReUucXcymwcfg1mdkBGk3TSLeLihN6CJx8Wsv8ig+kgAzte4f5rqEEAJVQ9WZHuti7UiYs6oRzqTo06CRe9owVXxzdMf0VDQtf7ZFm9dpzKKbhH7Lu8880iiotQ9/yRCkDGp9fNThsrLdZiK6OIAcIBAqi2rI89aS1dAmnRbktQieCx5izzyYkR1KvVL3gTTllHOzfKVEC2asmtWu2e4se/+O4WMIS1eGrn7GeWVb0Vwc5ABEBAAHNETxhQEBiLmV4YW1wbGUuZGU+wsCJBBABCAAzAhkBBQJcxt5FAhsDBAsJCAcGFQgJCgsCAxYCARYhBI4xxYKBgH3ANh5cufaKrc9mtiMLAAoJEPaKrc9mtiML938H/18F+3Wf9/JaAy/8hCO1v4S2PVBhxaKCokaNFtkfaMRne2l087LscCFPiFNyb4mv6Z3YeK8Xpxlp2sI0ecvdiqLUOGfnxS6tQrj+83EjtIrZ/hXOk1h121QFWH9Zg2VNHtODXjAgdLDC0NWUrclR0ZOqEDQHeo0ibTILdokVfXFN25wakPmGaYJP2y729cb1ve7RzvIvwn+Dddfxo3ao72rBfLi7l4NQ4S0KsY4cw+/6l5bRCKYCP77wZtvCwUvfVVosLdT43agtSiBI49+ayqvZ8OCvSJa61i+v81brTiEy9GBod4eAp45Ibsuemkw+gon4ZOvUXHTjwFB+h63MrozOwE0EXMbePQEIAL/vauf1zK8JgCu3V+G+SOX0iWw5xUlCPX+ERpBbWfwu3uAqn4wYXD3JDE/fVAF668xiV4eTPtlSUd5h0mn+G7uXMMOtkb+20SoEt50f8zw8TrL9t+ZsV11GKZWJpCar5AhXWsn6EEi8I2hLL5vn55ZZmHuGgN4jjmkRl3ToKCLhaXwTBjCJem7N5EH7F75wErEITa55v4Lb4Nfca7vnvtYrI1OA446xa8gHra0SINelTD09/JM/Fw4sWVPBaRZmJK/Tnu79N23No9XBUubmFPv1pNexZsQclicnTpt/BEWhiun7d6lfGB63K1aoHRTR1pcrWvBuALuuz0gqar2zlI0AEQEAAcLAdgQYAQgAIAUCXMbeRQIbDBYhBI4xxYKBgH3ANh5cufaKrc9mtiMLAAoJEPaKrc9mtiMLKSEIAIyLCRO2OyZ0IYRvRPpMn4p7E+7Pfcz/0mSkOy+1hshgJnqivXurm8zwGrwdMqeV4eslKR9H1RUdWGUQJNbtwmmjrt5DHpIhYHl5t3FpCBaGbV20Omo00Q38lBl9MtrmZkZw+ktEk6X+0xCKssMF+2MADkSOIufbR5HrDVB89VZOHCO9DeXvCUUAw2hyJiL/LHmLzJ40zYoTmb+F//f0k0j+tRdbkefyRoCmwG7YGiT+2hnCdgcezswnzah5J3ZKlrg7jOGo1LxtbvNUzxNBbC6S/aNgwm6qxo7xegRhmEl5uZ16zwyj4qz+xkjGy25Of5mWfUDoNw7OT7sjUbHOOMc=";
144
145    #[test]
146    fn test_from_str() -> Result<()> {
147        let h: Aheader =
148            format!("addr=me@mail.com; prefer-encrypt=mutual; keydata={RAWKEY}").parse()?;
149
150        assert_eq!(h.addr, "me@mail.com");
151        assert_eq!(h.prefer_encrypt, EncryptPreference::Mutual);
152        assert_eq!(h.verified, false);
153        Ok(())
154    }
155
156    // Non-standard values of prefer-encrypt such as `reset` are treated as no preference.
157    #[test]
158    fn test_from_str_reset() -> Result<()> {
159        let raw = format!("addr=reset@example.com; prefer-encrypt=reset; keydata={RAWKEY}");
160        let h: Aheader = raw.parse()?;
161
162        assert_eq!(h.addr, "reset@example.com");
163        assert_eq!(h.prefer_encrypt, EncryptPreference::NoPreference);
164        Ok(())
165    }
166
167    #[test]
168    fn test_from_str_non_critical() -> Result<()> {
169        let raw = format!("addr=me@mail.com; _foo=one; _bar=two; keydata={RAWKEY}");
170        let h: Aheader = raw.parse()?;
171
172        assert_eq!(h.addr, "me@mail.com");
173        assert_eq!(h.prefer_encrypt, EncryptPreference::NoPreference);
174        Ok(())
175    }
176
177    #[test]
178    fn test_from_str_superflous_critical() {
179        let raw = format!("addr=me@mail.com; _foo=one; _bar=two; other=me; keydata={RAWKEY}");
180        assert!(raw.parse::<Aheader>().is_err());
181    }
182
183    #[test]
184    fn test_good_headers() -> Result<()> {
185        let fixed_header = concat!(
186            "addr=a@b.example.org; prefer-encrypt=mutual; ",
187            "keydata=xsBNBFzG3j0BCAC6iNhT8zydvCXi8LI/gFnkadMbfmSE/rTJskRRra/utGbLyDta/yTrJg",
188            " WL7O3y/g4HdDW/dN2z26Y6W13IMzx9gLInn1KQZChtqWAcr/ReUucXcymwcfg1mdkBGk3TSLeLihN6",
189            " CJx8Wsv8ig+kgAzte4f5rqEEAJVQ9WZHuti7UiYs6oRzqTo06CRe9owVXxzdMf0VDQtf7ZFm9dpzKK",
190            " bhH7Lu8880iiotQ9/yRCkDGp9fNThsrLdZiK6OIAcIBAqi2rI89aS1dAmnRbktQieCx5izzyYkR1Kv",
191            " VL3gTTllHOzfKVEC2asmtWu2e4se/+O4WMIS1eGrn7GeWVb0Vwc5ABEBAAHNETxhQEBiLmV4YW1wbG",
192            " UuZGU+wsCJBBABCAAzAhkBBQJcxt5FAhsDBAsJCAcGFQgJCgsCAxYCARYhBI4xxYKBgH3ANh5cufaK",
193            " rc9mtiMLAAoJEPaKrc9mtiML938H/18F+3Wf9/JaAy/8hCO1v4S2PVBhxaKCokaNFtkfaMRne2l087",
194            " LscCFPiFNyb4mv6Z3YeK8Xpxlp2sI0ecvdiqLUOGfnxS6tQrj+83EjtIrZ/hXOk1h121QFWH9Zg2VN",
195            " HtODXjAgdLDC0NWUrclR0ZOqEDQHeo0ibTILdokVfXFN25wakPmGaYJP2y729cb1ve7RzvIvwn+Ddd",
196            " fxo3ao72rBfLi7l4NQ4S0KsY4cw+/6l5bRCKYCP77wZtvCwUvfVVosLdT43agtSiBI49+ayqvZ8OCv",
197            " SJa61i+v81brTiEy9GBod4eAp45Ibsuemkw+gon4ZOvUXHTjwFB+h63MrozOwE0EXMbePQEIAL/vau",
198            " f1zK8JgCu3V+G+SOX0iWw5xUlCPX+ERpBbWfwu3uAqn4wYXD3JDE/fVAF668xiV4eTPtlSUd5h0mn+",
199            " G7uXMMOtkb+20SoEt50f8zw8TrL9t+ZsV11GKZWJpCar5AhXWsn6EEi8I2hLL5vn55ZZmHuGgN4jjm",
200            " kRl3ToKCLhaXwTBjCJem7N5EH7F75wErEITa55v4Lb4Nfca7vnvtYrI1OA446xa8gHra0SINelTD09",
201            " /JM/Fw4sWVPBaRZmJK/Tnu79N23No9XBUubmFPv1pNexZsQclicnTpt/BEWhiun7d6lfGB63K1aoHR",
202            " TR1pcrWvBuALuuz0gqar2zlI0AEQEAAcLAdgQYAQgAIAUCXMbeRQIbDBYhBI4xxYKBgH3ANh5cufaK",
203            " rc9mtiMLAAoJEPaKrc9mtiMLKSEIAIyLCRO2OyZ0IYRvRPpMn4p7E+7Pfcz/0mSkOy+1hshgJnqivX",
204            " urm8zwGrwdMqeV4eslKR9H1RUdWGUQJNbtwmmjrt5DHpIhYHl5t3FpCBaGbV20Omo00Q38lBl9Mtrm",
205            " ZkZw+ktEk6X+0xCKssMF+2MADkSOIufbR5HrDVB89VZOHCO9DeXvCUUAw2hyJiL/LHmLzJ40zYoTmb",
206            " +F//f0k0j+tRdbkefyRoCmwG7YGiT+2hnCdgcezswnzah5J3ZKlrg7jOGo1LxtbvNUzxNBbC6S/aNg",
207            " wm6qxo7xegRhmEl5uZ16zwyj4qz+xkjGy25Of5mWfUDoNw7OT7sjUbHOOMc="
208        );
209
210        let ah = Aheader::from_str(fixed_header)?;
211        assert_eq!(ah.addr, "a@b.example.org");
212        assert_eq!(ah.prefer_encrypt, EncryptPreference::Mutual);
213        assert_eq!(format!("{ah}"), fixed_header);
214
215        let rendered = ah.to_string();
216        assert_eq!(rendered, fixed_header);
217
218        let ah = Aheader::from_str(&format!(
219            " _foo; __FOO=BAR ;;; addr = a@b.example.org ;\r\n   prefer-encrypt = mutual ; keydata = {RAWKEY}"
220        ))?;
221        assert_eq!(ah.addr, "a@b.example.org");
222        assert_eq!(ah.prefer_encrypt, EncryptPreference::Mutual);
223
224        Aheader::from_str(&format!(
225            "addr=a@b.example.org; prefer-encrypt=ignoreUnknownValues; keydata={RAWKEY}"
226        ))?;
227
228        Aheader::from_str(&format!("addr=a@b.example.org; keydata={RAWKEY}"))?;
229        Ok(())
230    }
231
232    #[test]
233    fn test_bad_headers() {
234        assert!(Aheader::from_str("").is_err());
235        assert!(Aheader::from_str("foo").is_err());
236        assert!(Aheader::from_str("\n\n\n").is_err());
237        assert!(Aheader::from_str(" ;;").is_err());
238        assert!(Aheader::from_str("addr=a@t.de; unknown=1; keydata=jau").is_err());
239    }
240
241    #[test]
242    fn test_display_aheader() {
243        assert!(
244            format!(
245                "{}",
246                Aheader {
247                    addr: "test@example.com".to_string(),
248                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
249                    prefer_encrypt: EncryptPreference::Mutual,
250                    verified: false
251                }
252            )
253            .contains("prefer-encrypt=mutual;")
254        );
255
256        // According to Autocrypt Level 1 specification,
257        // only "prefer-encrypt=mutual;" can be used.
258        // If the setting is nopreference, the whole attribute is omitted.
259        assert!(
260            !format!(
261                "{}",
262                Aheader {
263                    addr: "test@example.com".to_string(),
264                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
265                    prefer_encrypt: EncryptPreference::NoPreference,
266                    verified: false
267                }
268            )
269            .contains("prefer-encrypt")
270        );
271
272        // Always lowercase the address in the header.
273        assert!(
274            format!(
275                "{}",
276                Aheader {
277                    addr: "TeSt@eXaMpLe.cOm".to_string(),
278                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
279                    prefer_encrypt: EncryptPreference::Mutual,
280                    verified: false
281                }
282            )
283            .contains("test@example.com")
284        );
285
286        // We don't send the _verified header yet:
287        assert!(
288            !format!(
289                "{}",
290                Aheader {
291                    addr: "test@example.com".to_string(),
292                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
293                    prefer_encrypt: EncryptPreference::NoPreference,
294                    verified: true
295                }
296            )
297            .contains("_verified")
298        );
299    }
300}
deltachat/aheader.rs

deltachat/
aheader.rs
