deltachat/
decrypt.rs

1//! End-to-end decryption support.
2
3use std::collections::HashSet;
4
5use anyhow::Result;
6use deltachat_contact_tools::addr_cmp;
7use mailparse::ParsedMail;
8
9use crate::aheader::Aheader;
10use crate::context::Context;
11use crate::key::{DcKey, Fingerprint, SignedPublicKey, SignedSecretKey};
12use crate::peerstate::Peerstate;
13use crate::pgp;
14
15/// Tries to decrypt a message, but only if it is structured as an Autocrypt message.
16///
17/// If successful and the message is encrypted, returns decrypted body.
18pub fn try_decrypt<'a>(
19    mail: &'a ParsedMail<'a>,
20    private_keyring: &'a [SignedSecretKey],
21) -> Result<Option<::pgp::composed::Message<'static>>> {
22    let Some(encrypted_data_part) = get_encrypted_mime(mail) else {
23        return Ok(None);
24    };
25
26    let data = encrypted_data_part.get_body_raw()?;
27    let msg = pgp::pk_decrypt(data, private_keyring)?;
28
29    Ok(Some(msg))
30}
31
32/// Returns a reference to the encrypted payload of a message.
33pub(crate) fn get_encrypted_mime<'a, 'b>(mail: &'a ParsedMail<'b>) -> Option<&'a ParsedMail<'b>> {
34    get_autocrypt_mime(mail)
35        .or_else(|| get_mixed_up_mime(mail))
36        .or_else(|| get_attachment_mime(mail))
37}
38
39/// Returns a reference to the encrypted payload of a ["Mixed
40/// Up"][pgpmime-message-mangling] message.
41///
42/// According to [RFC 3156] encrypted messages should have
43/// `multipart/encrypted` MIME type and two parts, but Microsoft
44/// Exchange and ProtonMail IMAP/SMTP Bridge are known to mangle this
45/// structure by changing the type to `multipart/mixed` and prepending
46/// an empty part at the start.
47///
48/// ProtonMail IMAP/SMTP Bridge prepends a part literally saying
49/// "Empty Message", so we don't check its contents at all, checking
50/// only for `text/plain` type.
51///
52/// Returns `None` if the message is not a "Mixed Up" message.
53///
54/// [RFC 3156]: https://www.rfc-editor.org/info/rfc3156
55/// [pgpmime-message-mangling]: https://tools.ietf.org/id/draft-dkg-openpgp-pgpmime-message-mangling-00.html
56fn get_mixed_up_mime<'a, 'b>(mail: &'a ParsedMail<'b>) -> Option<&'a ParsedMail<'b>> {
57    if mail.ctype.mimetype != "multipart/mixed" {
58        return None;
59    }
60    if let [first_part, second_part, third_part] = &mail.subparts[..] {
61        if first_part.ctype.mimetype == "text/plain"
62            && second_part.ctype.mimetype == "application/pgp-encrypted"
63            && third_part.ctype.mimetype == "application/octet-stream"
64        {
65            Some(third_part)
66        } else {
67            None
68        }
69    } else {
70        None
71    }
72}
73
74/// Returns a reference to the encrypted payload of a message turned into attachment.
75///
76/// Google Workspace has an option "Append footer" which appends standard footer defined
77/// by administrator to all outgoing messages. However, there is no plain text part in
78/// encrypted messages sent by Delta Chat, so Google Workspace turns the message into
79/// multipart/mixed MIME, where the first part is an empty plaintext part with a footer
80/// and the second part is the original encrypted message.
81fn get_attachment_mime<'a, 'b>(mail: &'a ParsedMail<'b>) -> Option<&'a ParsedMail<'b>> {
82    if mail.ctype.mimetype != "multipart/mixed" {
83        return None;
84    }
85    if let [first_part, second_part] = &mail.subparts[..] {
86        if first_part.ctype.mimetype == "text/plain"
87            && second_part.ctype.mimetype == "multipart/encrypted"
88        {
89            get_autocrypt_mime(second_part)
90        } else {
91            None
92        }
93    } else {
94        None
95    }
96}
97
98/// Returns a reference to the encrypted payload of a valid PGP/MIME message.
99///
100/// Returns `None` if the message is not a valid PGP/MIME message.
101fn get_autocrypt_mime<'a, 'b>(mail: &'a ParsedMail<'b>) -> Option<&'a ParsedMail<'b>> {
102    if mail.ctype.mimetype != "multipart/encrypted" {
103        return None;
104    }
105    if let [first_part, second_part] = &mail.subparts[..] {
106        if first_part.ctype.mimetype == "application/pgp-encrypted"
107            && second_part.ctype.mimetype == "application/octet-stream"
108        {
109            Some(second_part)
110        } else {
111            None
112        }
113    } else {
114        None
115    }
116}
117
118/// Validates signatures of Multipart/Signed message part, as defined in RFC 1847.
119///
120/// Returns the signed part and the set of key
121/// fingerprints for which there is a valid signature.
122///
123/// Returns None if the message is not Multipart/Signed or doesn't contain necessary parts.
124pub(crate) fn validate_detached_signature<'a, 'b>(
125    mail: &'a ParsedMail<'b>,
126    public_keyring_for_validate: &[SignedPublicKey],
127) -> Option<(&'a ParsedMail<'b>, HashSet<Fingerprint>)> {
128    if mail.ctype.mimetype != "multipart/signed" {
129        return None;
130    }
131
132    if let [first_part, second_part] = &mail.subparts[..] {
133        // First part is the content, second part is the signature.
134        let content = first_part.raw_bytes;
135        let ret_valid_signatures = match second_part.get_body_raw() {
136            Ok(signature) => pgp::pk_validate(content, &signature, public_keyring_for_validate)
137                .unwrap_or_default(),
138            Err(_) => Default::default(),
139        };
140        Some((first_part, ret_valid_signatures))
141    } else {
142        None
143    }
144}
145
146/// Returns public keyring for `peerstate`.
147pub(crate) fn keyring_from_peerstate(peerstate: Option<&Peerstate>) -> Vec<SignedPublicKey> {
148    let mut public_keyring_for_validate = Vec::new();
149    if let Some(peerstate) = peerstate {
150        if let Some(key) = &peerstate.public_key {
151            public_keyring_for_validate.push(key.clone());
152        } else if let Some(key) = &peerstate.gossip_key {
153            public_keyring_for_validate.push(key.clone());
154        }
155    }
156    public_keyring_for_validate
157}
158
159/// Applies Autocrypt header to Autocrypt peer state and saves it into the database.
160///
161/// If we already know this fingerprint from another contact's peerstate, return that
162/// peerstate in order to make AEAP work, but don't save it into the db yet.
163///
164/// Returns updated peerstate.
165pub(crate) async fn get_autocrypt_peerstate(
166    context: &Context,
167    from: &str,
168    autocrypt_header: Option<&Aheader>,
169    message_time: i64,
170    allow_aeap: bool,
171) -> Result<Option<Peerstate>> {
172    let allow_change = !context.is_self_addr(from).await?;
173    let mut peerstate;
174
175    // Apply Autocrypt header
176    if let Some(header) = autocrypt_header {
177        if allow_aeap {
178            // If we know this fingerprint from another addr,
179            // we may want to do a transition from this other addr
180            // (and keep its peerstate)
181            // For security reasons, for now, we only do a transition
182            // if the fingerprint is verified.
183            peerstate = Peerstate::from_verified_fingerprint_or_addr(
184                context,
185                &header.public_key.dc_fingerprint(),
186                from,
187            )
188            .await?;
189        } else {
190            peerstate = Peerstate::from_addr(context, from).await?;
191        }
192
193        if let Some(ref mut peerstate) = peerstate {
194            if addr_cmp(&peerstate.addr, from) {
195                if allow_change {
196                    peerstate.apply_header(context, header, message_time);
197                    peerstate.save_to_db(&context.sql).await?;
198                } else {
199                    info!(
200                        context,
201                        "Refusing to update existing peerstate of {}", &peerstate.addr
202                    );
203                }
204            }
205            // If `peerstate.addr` and `from` differ, this means that
206            // someone is using the same key but a different addr, probably
207            // because they made an AEAP transition.
208            // But we don't know if that's legit until we checked the
209            // signatures, so wait until then with writing anything
210            // to the database.
211        } else {
212            let p = Peerstate::from_header(header, message_time);
213            p.save_to_db(&context.sql).await?;
214            peerstate = Some(p);
215        }
216    } else {
217        peerstate = Peerstate::from_addr(context, from).await?;
218    }
219
220    Ok(peerstate)
221}
222
223#[cfg(test)]
224mod tests {
225    use super::*;
226    use crate::receive_imf::receive_imf;
227    use crate::test_utils::TestContext;
228
229    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
230    async fn test_mixed_up_mime() -> Result<()> {
231        // "Mixed Up" mail as received when sending an encrypted
232        // message using Delta Chat Desktop via ProtonMail IMAP/SMTP
233        // Bridge.
234        let mixed_up_mime = include_bytes!("../test-data/message/protonmail-mixed-up.eml");
235        let mail = mailparse::parse_mail(mixed_up_mime)?;
236        assert!(get_autocrypt_mime(&mail).is_none());
237        assert!(get_mixed_up_mime(&mail).is_some());
238        assert!(get_attachment_mime(&mail).is_none());
239
240        // Same "Mixed Up" mail repaired by Thunderbird 78.9.0.
241        //
242        // It added `X-Enigmail-Info: Fixed broken PGP/MIME message`
243        // header although the repairing is done by the built-in
244        // OpenPGP support, not Enigmail.
245        let repaired_mime = include_bytes!("../test-data/message/protonmail-repaired.eml");
246        let mail = mailparse::parse_mail(repaired_mime)?;
247        assert!(get_autocrypt_mime(&mail).is_some());
248        assert!(get_mixed_up_mime(&mail).is_none());
249        assert!(get_attachment_mime(&mail).is_none());
250
251        // Another form of "Mixed Up" mail created by Google Workspace,
252        // where original message is turned into attachment to empty plaintext message.
253        let attachment_mime = include_bytes!("../test-data/message/google-workspace-mixed-up.eml");
254        let mail = mailparse::parse_mail(attachment_mime)?;
255        assert!(get_autocrypt_mime(&mail).is_none());
256        assert!(get_mixed_up_mime(&mail).is_none());
257        assert!(get_attachment_mime(&mail).is_some());
258
259        let bob = TestContext::new_bob().await;
260        receive_imf(&bob, attachment_mime, false).await?;
261        let msg = bob.get_last_msg().await;
262        assert_eq!(msg.text, "Hello from Thunderbird!");
263
264        Ok(())
265    }
266
267    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
268    async fn test_mixed_up_mime_long() -> Result<()> {
269        // Long "mixed-up" mail as received when sending an encrypted message using Delta Chat
270        // Desktop via MS Exchange (actually made with TB though).
271        let mixed_up_mime = include_bytes!("../test-data/message/mixed-up-long.eml");
272        let bob = TestContext::new_bob().await;
273        receive_imf(&bob, mixed_up_mime, false).await?;
274        let msg = bob.get_last_msg().await;
275        assert!(!msg.get_text().is_empty());
276        assert!(msg.has_html());
277        assert!(msg.id.get_html(&bob).await?.unwrap().len() > 40000);
278        Ok(())
279    }
280}
deltachat/decrypt.rs

deltachat/
decrypt.rs
