feat: Send Intended Recipient Fingerprint subpackets

Implement "5.2.3.36. Intended Recipient Fingerprint" from RFC 9580.

Author: iequidoo

src/mimeparser/mimeparser_tests.rs

@@ -1420,6 +1420,34 @@ async fn test_extra_imf_headers() -> Result<()> {
     Ok(())
 }
 
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_intended_recipient_fingerprint() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let t = &tcm.alice().await;
+    let members = [tcm.bob().await, tcm.fiona().await];
+    let chat_id = chat::create_group(t, "").await?;
+
+    chat::send_text_msg(t, chat_id, "hi!".to_string()).await?;
+    let t_fp = t.add_or_lookup_contact(t).await.fingerprint().unwrap();
+    let sent_msg = t.pop_sent_msg().await;
+    let (fp, recipient_fps) = t.parse_msg(&sent_msg).await.signature.unwrap();
+    assert_eq!(fp, t_fp);
+    assert!(recipient_fps.is_empty());
+
+    for i in 0..members.len() {
+        let member = &members[i];
+        let contact = t.add_or_lookup_contact(member).await;
+        chat::add_contact_to_chat(t, chat_id, contact.id).await?;
+        let sent_msg = t.pop_sent_msg().await;
+        let (fp, recipient_fps) = t.parse_msg(&sent_msg).await.signature.unwrap();
+        assert_eq!(fp, t_fp);
+        assert_eq!(recipient_fps.len(), i + 1);
+        assert!(!recipient_fps.contains(&t_fp));
+        assert!(recipient_fps.contains(&contact.fingerprint().unwrap()));
+    }
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_long_in_reply_to() -> Result<()> {
     let t = TestContext::new_alice().await;

src/pgp.rs

@@ -10,15 +10,16 @@ use pgp::armor::BlockType;
 use pgp::composed::{
     ArmorOptions, DecryptionOptions, Deserializable, DetachedSignature, KeyType as PgpKeyType,
     Message, MessageBuilder, SecretKeyParamsBuilder, SignedPublicKey, SignedPublicSubKey,
-    SignedSecretKey, SubkeyParamsBuilder, TheRing,
+    SignedSecretKey, SubkeyParamsBuilder, SubpacketConfig, TheRing,
 };
 use pgp::crypto::aead::{AeadAlgorithm, ChunkSize};
 use pgp::crypto::ecc_curve::ECCCurve;
 use pgp::crypto::hash::HashAlgorithm;
 use pgp::crypto::sym::SymmetricKeyAlgorithm;
 use pgp::packet::{SignatureConfig, SignatureType, Subpacket, SubpacketData};
 use pgp::types::{
-    CompressionAlgorithm, KeyDetails, Password, PublicKeyTrait, SecretKeyTrait as _, StringToKey,
+    CompressionAlgorithm, KeyDetails, KeyVersion, Password, PublicKeyTrait, SecretKeyTrait as _,
+    StringToKey,
 };
 use rand_old::{Rng as _, thread_rng};
 use tokio::runtime::Handle;
@@ -190,6 +191,35 @@ pub async fn pk_encrypt(
             let pkeys = public_keys_for_encryption
                 .iter()
                 .filter_map(select_pk_for_encryption);
+            let subpkts = {
+                let private_key_fp = private_key_for_signing.fingerprint();
+                let mut hashed = Vec::with_capacity(1 + public_keys_for_encryption.len());
+                hashed.push(Subpacket::critical(SubpacketData::SignatureCreationTime(
+                    chrono::Utc::now().trunc_subsecs(0),
+                ))?);
+                for key in &public_keys_for_encryption {
+                    let fp = key.fingerprint();
+                    if fp == private_key_fp {
+                        continue;
+                    }
+                    let data = SubpacketData::IntendedRecipientFingerprint(fp);
+                    let subpkt = match private_key_for_signing.version() < KeyVersion::V6 {
+                        true => Subpacket::regular(data)?,
+                        false => Subpacket::critical(data)?,
+                    };
+                    hashed.push(subpkt);
+                }
+                hashed.push(Subpacket::regular(SubpacketData::IssuerFingerprint(
+                    private_key_fp,
+                ))?);
+                let mut unhashed = vec![];
+                if private_key_for_signing.version() <= KeyVersion::V4 {
+                    unhashed.push(Subpacket::regular(SubpacketData::Issuer(
+                        private_key_for_signing.key_id(),
+                    ))?);
+                }
+                SubpacketConfig::UserDefined { hashed, unhashed }
+            };
 
             let msg = MessageBuilder::from_bytes("", plain);
             let encoded_msg = match seipd_version {
@@ -205,7 +235,12 @@ pub async fn pk_encrypt(
                     }
 
                     let hash_algorithm = private_key_for_signing.hash_alg();
-                    msg.sign(&*private_key_for_signing, Password::empty(), hash_algorithm);
+                    msg.sign_with_subpackets(
+                        &*private_key_for_signing,
+                        Password::empty(),
+                        hash_algorithm,
+                        subpkts,
+                    );
                     if compress {
                         msg.compression(CompressionAlgorithm::ZLIB);
                     }
@@ -229,7 +264,12 @@ pub async fn pk_encrypt(
                     }
 
                     let hash_algorithm = private_key_for_signing.hash_alg();
-                    msg.sign(&*private_key_for_signing, Password::empty(), hash_algorithm);
+                    msg.sign_with_subpackets(
+                        &*private_key_for_signing,
+                        Password::empty(),
+                        hash_algorithm,
+                        subpkts,
+                    );
                     if compress {
                         msg.compression(CompressionAlgorithm::ZLIB);
                     }
@@ -264,9 +304,14 @@ pub fn pk_calc_signature(
             chrono::Utc::now().trunc_subsecs(0),
         ))?,
     ];
-    config.unhashed_subpackets = vec![Subpacket::regular(SubpacketData::Issuer(
-        private_key_for_signing.key_id(),
-    ))?];
+    config.unhashed_subpackets = vec![];
+    if private_key_for_signing.version() <= KeyVersion::V4 {
+        config
+            .unhashed_subpackets
+            .push(Subpacket::regular(SubpacketData::Issuer(
+                private_key_for_signing.key_id(),
+            ))?);
+    }
 
     let signature = config.sign(
         &private_key_for_signing.primary_key,
@@ -634,8 +679,7 @@ mod tests {
         assert_eq!(content, CLEARTEXT);
         assert_eq!(valid_signatures.len(), 1);
         for recipient_fps in valid_signatures.values() {
-            // Intended Recipient Fingerprint subpackets aren't added currently.
-            assert_eq!(recipient_fps.len(), 0);
+            assert_eq!(recipient_fps.len(), 1);
         }
 
         // Check decrypting as Bob
@@ -650,7 +694,7 @@ mod tests {
         assert_eq!(content, CLEARTEXT);
         assert_eq!(valid_signatures.len(), 1);
         for recipient_fps in valid_signatures.values() {
-            assert_eq!(recipient_fps.len(), 0);
+            assert_eq!(recipient_fps.len(), 1);
         }
     }