Fix #1753 In opportunistic chats, a wrongly signed message should be readable eventually

2026-04-02 05:22:14 +03:00 · 2020-08-02 10:49:45 +02:00
parent 6e8808f69b
commit ac232a5dbf
2 changed files with 21 additions and 14 deletions
--- a/src/e2ee.rs
+++ b/src/e2ee.rs
@@ -116,11 +116,13 @@ impl EncryptHelper {
 }

 /// Tries to decrypt a message, but only if it is structured as an
-/// Autocrypt message, i.e.  encrypted and signed with a valid
-/// signature.
+/// Autocrypt message.
 ///
 /// Returns decrypted body and a set of valid signature fingerprints
 /// if successful.
+///
+/// If the message is wrongly signed, this will still return the decrypted
+/// message but the HashSet will be empty.
 pub async fn try_decrypt(
    context: &Context,
    mail: &ParsedMail<'_>,
@@ -219,13 +221,6 @@ async fn decrypt_if_autocrypt_message<'a>(
    public_keyring_for_validate: Keyring<SignedPublicKey>,
    ret_valid_signatures: &mut HashSet<Fingerprint>,
 ) -> Result<Option<Vec<u8>>> {
-    //  The returned bool is true if we detected an Autocrypt-encrypted
-    // message and successfully decrypted it. Decryption then modifies the
-    // passed in mime structure in place. The returned bool is false
-    // if it was not an Autocrypt message.
-    //
-    // Errors are returned for failures related to decryption of AC-messages.
-
    let encrypted_data_part = match get_autocrypt_mime(mail) {
        Err(_) => {
            // not an autocrypt mime message, abort and ignore
@@ -265,7 +260,9 @@ async fn decrypt_part(
        )
        .await?;

-        ensure!(!ret_valid_signatures.is_empty(), "no valid signatures");
+        // If the message was wrongly or not signed, still return the plain text.
+        // The caller has to check the signatures then.
+
        return Ok(Some(plain));
    }

--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -141,10 +141,14 @@ impl MimeMessage {

                    // Handle any gossip headers if the mail was encrypted.  See section
                    // "3.6 Key Gossip" of https://autocrypt.org/autocrypt-spec-1.1.0.pdf
-                    let gossip_headers = decrypted_mail.headers.get_all_values("Autocrypt-Gossip");
-                    gossipped_addr =
-                        update_gossip_peerstates(context, message_time, &mail, gossip_headers)
-                            .await?;
+                    // but only if the mail was correctly signed:
+                    if !signatures.is_empty() {
+                        let gossip_headers =
+                            decrypted_mail.headers.get_all_values("Autocrypt-Gossip");
+                        gossipped_addr =
+                            update_gossip_peerstates(context, message_time, &mail, gossip_headers)
+                                .await?;
+                    }

                    // let known protected headers from the decrypted
                    // part override the unencrypted top-level
@@ -200,6 +204,12 @@ impl MimeMessage {
        parser.heuristically_parse_ndn(context).await;
        parser.parse_headers(context)?;

+        if parser.signatures.is_empty() {
+            for part in parser.parts.iter_mut() {
+                part.error = "No valid signature".to_string();
+            }
+        }
+
        Ok(parser)
    }