feat: Remove detached signature validation

2026-05-02 12:56:30 +03:00 · 2026-04-30 17:10:34 +02:00
6 changed files with 18 additions and 294 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2280,24 +2280,11 @@ dependencies = [
 "cfg-if",
 "js-sys",
 "libc",
- "r-efi 5.2.0",
+ "r-efi",
 "wasi 0.14.2+wasi-0.2.4",
 "wasm-bindgen",
 ]

-[[package]]
-name = "getrandom"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555"
-dependencies = [
- "cfg-if",
- "libc",
- "r-efi 6.0.0",
- "wasip2",
- "wasip3",
-]
-
 [[package]]
 name = "ghash"
 version = "0.5.1"
@@ -2814,12 +2801,6 @@ dependencies = [
 "syn 2.0.117",
 ]

-[[package]]
-name = "id-arena"
-version = "2.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954"
-
 [[package]]
 name = "idea"
 version = "0.5.1"
@@ -2922,8 +2903,6 @@ checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5"
 dependencies = [
 "equivalent",
 "hashbrown",
- "serde",
- "serde_core",
 ]

 [[package]]
@@ -3279,12 +3258,6 @@ dependencies = [
 "spin 0.9.8",
 ]

-[[package]]
-name = "leb128fmt"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2"
-
 [[package]]
 name = "libc"
 version = "0.2.184"
@@ -4582,16 +4555,6 @@ dependencies = [
 "yansi",
 ]

-[[package]]
-name = "prettyplease"
-version = "0.2.37"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
-dependencies = [
- "proc-macro2",
- "syn 2.0.117",
-]
-
 [[package]]
 name = "primeorder"
 version = "0.13.6"
@@ -4795,12 +4758,6 @@ version = "5.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5"

-[[package]]
-name = "r-efi"
-version = "6.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf"
-
 [[package]]
 name = "radium"
 version = "0.7.0"
@@ -6626,11 +6583,11 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"

 [[package]]
 name = "uuid"
-version = "1.23.1"
+version = "1.20.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ddd74a9687298c6858e9b88ec8935ec45d22e8fd5e6394fa1bd4e99a87789c76"
+checksum = "ee48d38b119b0cd71fe4141b30f5ba9c7c5d9f4e7a3a8b4a674e4b6ef789976f"
 dependencies = [
- "getrandom 0.4.2",
+ "getrandom 0.3.3",
 "js-sys",
 "serde_core",
 "wasm-bindgen",
@@ -6688,24 +6645,6 @@ dependencies = [
 "wit-bindgen-rt",
 ]

-[[package]]
-name = "wasip2"
-version = "1.0.3+wasi-0.2.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6"
-dependencies = [
- "wit-bindgen 0.57.1",
-]
-
-[[package]]
-name = "wasip3"
-version = "0.4.0+wasi-0.3.0-rc-2026-01-06"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5"
-dependencies = [
- "wit-bindgen 0.51.0",
-]
-
 [[package]]
 name = "wasite"
 version = "0.1.0"
@@ -6783,28 +6722,6 @@ dependencies = [
 "unicode-ident",
 ]

-[[package]]
-name = "wasm-encoder"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319"
-dependencies = [
- "leb128fmt",
- "wasmparser",
-]
-
-[[package]]
-name = "wasm-metadata"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909"
-dependencies = [
- "anyhow",
- "indexmap",
- "wasm-encoder",
- "wasmparser",
-]
-
 [[package]]
 name = "wasm-streams"
 version = "0.4.1"
@@ -6818,18 +6735,6 @@ dependencies = [
 "web-sys",
 ]

-[[package]]
-name = "wasmparser"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe"
-dependencies = [
- "bitflags 2.11.0",
- "hashbrown",
- "indexmap",
- "semver",
-]
-
 [[package]]
 name = "web-sys"
 version = "0.3.77"
@@ -7325,32 +7230,6 @@ dependencies = [
 "windows-sys 0.48.0",
 ]

-[[package]]
-name = "wit-bindgen"
-version = "0.51.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5"
-dependencies = [
- "wit-bindgen-rust-macro",
-]
-
-[[package]]
-name = "wit-bindgen"
-version = "0.57.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e"
-
-[[package]]
-name = "wit-bindgen-core"
-version = "0.51.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc"
-dependencies = [
- "anyhow",
- "heck 0.5.0",
- "wit-parser",
-]
-
 [[package]]
 name = "wit-bindgen-rt"
 version = "0.39.0"
@@ -7360,74 +7239,6 @@ dependencies = [
 "bitflags 2.11.0",
 ]

-[[package]]
-name = "wit-bindgen-rust"
-version = "0.51.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21"
-dependencies = [
- "anyhow",
- "heck 0.5.0",
- "indexmap",
- "prettyplease",
- "syn 2.0.117",
- "wasm-metadata",
- "wit-bindgen-core",
- "wit-component",
-]
-
-[[package]]
-name = "wit-bindgen-rust-macro"
-version = "0.51.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a"
-dependencies = [
- "anyhow",
- "prettyplease",
- "proc-macro2",
- "quote",
- "syn 2.0.117",
- "wit-bindgen-core",
- "wit-bindgen-rust",
-]
-
-[[package]]
-name = "wit-component"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2"
-dependencies = [
- "anyhow",
- "bitflags 2.11.0",
- "indexmap",
- "log",
- "serde",
- "serde_derive",
- "serde_json",
- "wasm-encoder",
- "wasm-metadata",
- "wasmparser",
- "wit-parser",
-]
-
-[[package]]
-name = "wit-parser"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736"
-dependencies = [
- "anyhow",
- "id-arena",
- "indexmap",
- "log",
- "semver",
- "serde",
- "serde_derive",
- "serde_json",
- "unicode-xid",
- "wasmparser",
-]
-
 [[package]]
 name = "wmi"
 version = "0.14.5"
--- a/src/decrypt.rs
+++ b/src/decrypt.rs
@@ -1,7 +1,6 @@
 //! Helper functions for decryption.
 //! The actual decryption is done in the [`crate::pgp`] module.

-use std::collections::HashSet;
 use std::io::Cursor;

 use anyhow::{Context as _, Result, bail};
@@ -19,8 +18,8 @@ use crate::chat::ChatId;
 use crate::constants::Chattype;
 use crate::contact::ContactId;
 use crate::context::Context;
+use crate::key::load_self_secret_keyring;
 use crate::key::self_fingerprint;
-use crate::key::{Fingerprint, SignedPublicKey, load_self_secret_keyring};
 use crate::token::Namespace;

 /// Tries to decrypt the message,
@@ -335,36 +334,6 @@ fn get_autocrypt_mime<'a, 'b>(mail: &'a ParsedMail<'b>) -> Option<&'a ParsedMail
    }
 }

-/// Validates signatures of Multipart/Signed message part, as defined in RFC 1847.
-///
-/// Returns the signed part and the set of key
-/// fingerprints for which there is a valid signature.
-///
-/// Returns None if the message is not Multipart/Signed or doesn't contain necessary parts.
-pub(crate) fn validate_detached_signature<'a, 'b>(
-    mail: &'a ParsedMail<'b>,
-    public_keyring_for_validate: &[SignedPublicKey],
-) -> Option<(&'a ParsedMail<'b>, HashSet<Fingerprint>)> {
-    if mail.ctype.mimetype != "multipart/signed" {
-        return None;
-    }
-
-    if let [first_part, second_part] = &mail.subparts[..] {
-        // First part is the content, second part is the signature.
-        let content = first_part.raw_bytes;
-        let ret_valid_signatures = match second_part.get_body_raw() {
-            Ok(signature) => {
-                crate::pgp::pk_validate(content, &signature, public_keyring_for_validate)
-                    .unwrap_or_default()
-            }
-            Err(_) => Default::default(),
-        };
-        Some((first_part, ret_valid_signatures))
-    } else {
-        None
-    }
-}
-
 #[cfg(test)]
 mod tests {
    use super::*;
--- a/src/location.rs
+++ b/src/location.rs
@@ -871,7 +871,7 @@ mod tests {
    use crate::config::Config;
    use crate::message::MessageState;
    use crate::receive_imf::receive_imf;
-    use crate::test_utils::{ExpectedEvents, TestContext, TestContextManager};
+    use crate::test_utils::{TestContext, TestContextManager};
    use crate::tools::SystemTime;

    #[test]
@@ -1103,9 +1103,6 @@ Content-Disposition: attachment; filename="location.kml"
            .await?;

        let alice_chat = alice.create_chat(bob).await;
-        // Bob needs the chat accepted so that "normal" messages from Alice trigger `IncomingMsg`.
-        // Location-only messages still must trigger `MsgsChanged`.
-        bob.create_chat(alice).await;

        // Alice enables location streaming.
        // Bob receives a message saying that Alice enabled location streaming.
@@ -1120,18 +1117,7 @@ Content-Disposition: attachment; filename="location.kml"
        SystemTime::shift(Duration::from_secs(10));
        delete_expired(alice, time()).await?;
        maybe_send(alice).await?;
-        bob.evtracker.clear_events();
        bob.recv_msg_opt(&alice.pop_sent_msg().await).await;
-        bob.evtracker
-            .get_matching_ex(
-                bob,
-                ExpectedEvents {
-                    expected: |e| matches!(e, EventType::MsgsChanged { .. }),
-                    unexpected: |e| matches!(e, EventType::IncomingMsg { .. }),
-                },
-            )
-            .await
-            .unwrap();
        assert_eq!(get_range(alice, None, None, 0, 0).await?.len(), 1);
        assert_eq!(get_range(bob, None, None, 0, 0).await?.len(), 1);

--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -20,7 +20,7 @@ use crate::config::Config;
 use crate::constants;
 use crate::contact::{ContactId, import_public_key};
 use crate::context::Context;
-use crate::decrypt::{self, validate_detached_signature};
+use crate::decrypt::{self};
 use crate::dehtml::dehtml;
 use crate::download::PostMsgMetadata;
 use crate::events::EventType;
@@ -487,17 +487,6 @@ impl MimeMessage {
            HashMap::new()
        };

-        let mail = mail.as_ref().map(|mail| {
-            let (content, signatures_detached) = validate_detached_signature(mail, &public_keyring)
-                .unwrap_or((mail, Default::default()));
-            let signatures_detached = signatures_detached
-                .into_iter()
-                .map(|fp| (fp, Vec::new()))
-                .collect::<HashMap<_, _>>();
-            signatures.extend(signatures_detached);
-            content
-        });
-
        if let Some(expected_sender_fingerprint) = expected_sender_fingerprint {
            ensure!(
                !signatures.is_empty(),
@@ -513,7 +502,7 @@ impl MimeMessage {
            );
        }

-        if let (Ok(mail), true) = (mail, is_encrypted) {
+        if let (Ok(mail), true) = (&mail, is_encrypted) {
            if !signatures.is_empty() {
                // Unsigned "Subject" mustn't be prepended to messages shown as encrypted
                // (<https://github.com/deltachat/deltachat-core-rust/issues/1790>).
@@ -538,7 +527,7 @@ impl MimeMessage {
                &mut inner_from,
                &mut list_post,
                &mut chat_disposition_notification_to,
-                mail,
+                &mail,
            );

            if !signatures.is_empty() {
@@ -582,7 +571,7 @@ impl MimeMessage {
            signatures.clear();
        }

-        if let (Ok(mail), true) = (mail, is_encrypted)
+        if let (Ok(mail), true) = (&mail, is_encrypted)
            && let Some(post_msg_rfc724_mid) =
                mail.headers.get_header_value(HeaderDef::ChatPostMessageId)
        {
@@ -640,7 +629,7 @@ impl MimeMessage {
            from,
            incoming,
            chat_disposition_notification_to,
-            decryption_error: mail.err().map(|err| format!("{err:#}")),
+            decryption_error: mail.as_ref().err().map(|err| format!("{err:#}")),

            // only non-empty if it was a valid autocrypt message
            signature,
@@ -666,9 +655,9 @@ impl MimeMessage {
            pre_message,
        };

-        match mail {
+        match &mail {
            Ok(mail) => {
-                parser.parse_mime_recursive(context, mail, false).await?;
+                parser.parse_mime_recursive(context, &mail, false).await?;
            }
            Err(err) => {
                let txt = "[This message cannot be decrypted.\n\n• It might already help to simply reply to this message and ask the sender to send the message again.\n\n• If you just re-installed Delta Chat then it is best if you re-setup Delta Chat now and choose \"Add as second device\" or import a backup.]";
--- a/src/receive_imf.rs
+++ b/src/receive_imf.rs
@@ -1019,15 +1019,8 @@ UPDATE msgs SET state=? WHERE
        let is_bot = context.get_config_bool(Config::Bot).await?;
        let is_pre_message = matches!(mime_parser.pre_message, PreMessageMode::Pre { .. });
        let skip_bot_notify = is_bot && is_pre_message;
-        let is_empty = !is_pre_message
-            && mime_parser.parts.first().is_none_or(|p| {
-                p.typ == Viewtype::Text && p.msg.is_empty() && p.param.get(Param::Quote).is_none()
-            });
-        let important = mime_parser.incoming
-            && !is_empty
-            && fresh
-            && !is_old_contact_request
-            && !skip_bot_notify;
+        let important =
+            mime_parser.incoming && fresh && !is_old_contact_request && !skip_bot_notify;

        for msg_id in &received_msg.msg_ids {
            chat_id.emit_msg_event(context, *msg_id, important);
--- a/src/test_utils.rs
+++ b/src/test_utils.rs
@@ -1431,12 +1431,6 @@ pub fn fiona_keypair() -> SignedSecretKey {
 #[derive(Debug)]
 pub struct EventTracker(EventEmitter);

-/// See [`super::EventTracker::get_matching_ex`].
-pub struct ExpectedEvents<E: Fn(&EventType) -> bool, U: Fn(&EventType) -> bool> {
-    pub expected: E,
-    pub unexpected: U,
-}
-
 impl Deref for EventTracker {
    type Target = EventEmitter;

@@ -1473,39 +1467,21 @@ impl EventTracker {
        .expect("timeout waiting for event match")
    }

-    /// Consumes all emitted events returning the first matching one if any.
+    /// Consumes emitted events returning the first matching one if any.
    pub async fn get_matching_opt<F: Fn(&EventType) -> bool>(
        &self,
        ctx: &Context,
        event_matcher: F,
-    ) -> Option<EventType> {
-        self.get_matching_ex(
-            ctx,
-            ExpectedEvents {
-                expected: event_matcher,
-                unexpected: |_| false,
-            },
-        )
-        .await
-    }
-
-    /// Consumes all emitted events returning the first matching one if any. Panics on unexpected
-    /// events.
-    pub async fn get_matching_ex<E: Fn(&EventType) -> bool, U: Fn(&EventType) -> bool>(
-        &self,
-        ctx: &Context,
-        args: ExpectedEvents<E, U>,
    ) -> Option<EventType> {
        ctx.emit_event(EventType::Test);
        let mut found_event = None;
        loop {
            let event = self.recv().await.unwrap();
-            assert!(!(args.unexpected)(&event.typ));
            if let EventType::Test = event.typ {
                return found_event;
            }
-            if (args.expected)(&event.typ) {
-                found_event.get_or_insert(event.typ);
+            if event_matcher(&event.typ) {
+                found_event = Some(event.typ);
            }
        }
    }