View Issue Details

IDProjectCategoryView StatusLast Update
0003576SOGoActiveSyncpublic2016-04-13 10:07
Reporterst41ker Assigned Toludovic  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformAnyOSAnyOS VersionAny
Product Version2.3.8 
Fixed in Version2.3.10 
Summary0003576: Wrong MessageClass via ActiveSync on S/MIME mails
Description

When MUA uses Content-Type of x-pkcs7-mime for S/MIME encrypted+signed messages, SoGo sets MessageClass to IPM.Note, instead of IPM.Note.SMIME. Also, clients are getting empty(zero bytes in size) attachement in this case.

Seems like the code for this issue is located in ActiveSync/SOGoMailObject+ActiveSync.m, on line 929:
// MesssageClass and ContentClass
if ([subtype isEqualToString: @"signed"])
[s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME.MultipartSigned"];
else if ([subtype isEqualToString: @"pkcs7-mime"])
[s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME"];
else
[s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note"];
[s appendFormat: @"<ContentClass xmlns=\"Email:\">%@</ContentClass>", @"urn:content-classes:message"];

Steps To Reproduce

Change content type in email from

Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data"

to

Content-Type: application/x-pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data"

and try to decrypt email.

TagsNo tags attached.

Activities

st41ker

st41ker

2016-03-11 07:11

reporter   ~0009703

According to RFC 2311 C.1 (https://tools.ietf.org/html/rfc2311#appendix-C.1) following mime-types:

application/x-pkcs7-mime
application/x-pkcs7-signature
application/x-pkcs10

should also be supported.

st41ker

st41ker

2016-03-11 07:17

reporter   ~0009704

The same issue exists for GPG signed+encrypted emails with the following content-type:

Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";

MessageClass is set to IPM.Note, instead of IPM.Note.SMIME.

tfu

tfu

2016-03-11 10:20

reporter   ~0009705

Please attach a patch for what you have found, so that people from inverse can have a look.

st41ker

st41ker

2016-03-11 10:22

reporter   ~0009706

@tfu:
I have no experience in Object C, unfortunately.

st41ker

st41ker

2016-03-11 10:49

reporter   ~0009707

May be

else if ([subtype isEqualToString: @"pkcs7-mime"])
[s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME"];

should be replaced with the following:

else if ([subtype hasSuffix: @"pkcs7-mime"] || [subtype hasSuffix: @"encrypted"])
[s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME"];

tfu

tfu

2016-03-11 11:52

reporter   ~0009708

your sample looks ok - can you compile it and test the problem you described is fixed. i.e. test with your client which sends/use other mime-types then currently supported.

st41ker

st41ker

2016-03-11 11:54

reporter   ~0009709

I could try to do this, but I've never compiled SoGo from source.

st41ker

st41ker

2016-03-11 17:41

reporter  

sogo-2.3.8-st41ker.patch (2,538 bytes)   
diff -uNr SOGo-2.3.8/ActiveSync/SOGoMailObject+ActiveSync.m SOGo-2.3.8-2/ActiveSync/SOGoMailObject+ActiveSync.m
--- SOGo-2.3.8/ActiveSync/SOGoMailObject+ActiveSync.m	2016-03-05 21:09:27.000000000 +0200
+++ SOGo-2.3.8-2/ActiveSync/SOGoMailObject+ActiveSync.m	2016-03-11 19:27:36.554328063 +0200
@@ -522,7 +522,7 @@
   else if ([type isEqualToString: @"multipart"])
     *theNativeType = 4;
 
-  if (([subtype isEqualToString: @"signed"] || [subtype isEqualToString: @"pkcs7-mime"] ) && theMimeSupport > 0)
+  if (([subtype isEqualToString: @"signed"] || [subtype hasSuffix: @"pkcs7-mime"] || [subtype hasSuffix: @"encrypted"]) && theMimeSupport > 0)
     {
       *theNativeType = 4;
       isSMIME = YES;
@@ -900,7 +900,7 @@
       // MesssageClass and ContentClass
       if ([subtype isEqualToString: @"signed"])
         [s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME.MultipartSigned"];
-      else if ([subtype isEqualToString: @"pkcs7-mime"])
+      else if ([subtype hasSuffix: @"pkcs7-mime"] || [subtype hasSuffix: @"encrypted"])
         [s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME"];
       else
         [s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note"];
@@ -1024,7 +1024,7 @@
           // For s/mime mails type is always 4 if mimeSupport is 1 or 2.
           if (preferredBodyType == 2 && nativeBodyType == 1)
              [s appendString: @"<Type>1</Type>"];
-          else if (([subtype isEqualToString: @"signed"] || [subtype isEqualToString: @"pkcs7-mime"] ) && mimeSupport > 0)
+          else if (([subtype isEqualToString: @"signed"] || [subtype hasSuffix: @"pkcs7-mime"] || [subtype hasSuffix: @"encrypted"]) && mimeSupport > 0)
              [s appendString: @"<Type>4</Type>"];
           else
              [s appendFormat: @"<Type>%d</Type>", preferredBodyType];
diff -uNr SOGo-2.3.8/SoObjects/Mailer/SOGoMailObject.m SOGo-2.3.8-1/SoObjects/Mailer/SOGoMailObject.m
--- SOGo-2.3.8/SoObjects/Mailer/SOGoMailObject.m	2016-03-05 21:09:28.000000000 +0200
+++ SOGo-2.3.8-1/SoObjects/Mailer/SOGoMailObject.m	2016-03-11 19:26:32.017596837 +0200
@@ -851,7 +851,7 @@
 
           // We set the path to 0 in case of a smime mail if not provided.
           subtype = [[part objectForKey: @"subtype"] lowercaseString];
-          if ([subtype isEqualToString: @"pkcs7-mime"])
+          if ([subtype hasSuffix: @"pkcs7-mime"])
              path = @"0";
         }
 
sogo-2.3.8-st41ker.patch (2,538 bytes)   
st41ker

st41ker

2016-03-11 17:44

reporter   ~0009712

I've uploaded working by somehow patch.
Both PGP and SMIME are working for Outlook, BB10, Android 4.x.

st41ker

st41ker

2016-03-11 19:13

reporter   ~0009713

Last edited: 2016-03-11 19:16

The same problem with PGP signed+encrypted mail sent from Office365 account.
I've lost in the SoGo sources, so I'll just place sample mail headers below.

Content-Type: multipart/mixed;
boundary="_0032016031118073453289815328944"
MIME-Version: 1.0
X-OriginatorOrg: acme.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2016 18:07:36.1502
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a4eecb42-9843-4214-81da-4483d7e7304f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR17MB0371

--_0032016031118073453289815328944
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

--_0032016031118073453289815328944
Content-Type: application/pgp-encrypted; name="ATT00001"
Content-Description: ATT00001
Content-Disposition: attachment; filename="ATT00001";
creation-date="Fri, 11 Mar 2016 18:07:35 GMT";
modification-date="Fri, 11 Mar 2016 18:07:35 GMT"
Content-ID: <D2AA99F0B98B364D8A15B3B779B6293D@acme.com>
Content-Transfer-Encoding: base64

--_0032016031118073453289815328944
Content-Type: application/octet-stream; name="ATT00002.bin"
Content-Description: ATT00002.bin
Content-Disposition: attachment; filename="ATT00002.bin"; size=1523;
creation-date="Fri, 11 Mar 2016 18:07:35 GMT";
modification-date="Fri, 11 Mar 2016 18:07:35 GMT"
Content-ID: <7DEC469E655E3F438BC6DBE704985D24@acme.com>
Content-Transfer-Encoding: base64

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tDQoNCndjQk1BeUNWZ1hDMmZyM29BUWYvV281SG93

tfu

tfu

2016-03-11 21:19

reporter   ~0009714

Last edited: 2016-03-11 23:06

I don't understand your last update.
btw. why do you think we should return messageclass IPM.Note.SMIME for PGP encrypted emails.

st41ker

st41ker

2016-03-12 07:10

reporter   ~0009718

@tfu:
In my last reply I've provided sample email headers for email that SoGo classified as IPM.Note, since that I can not found where to look in the SoGo sources to fix this.

Your second question could be answered by MS in their AS protocol specs: https://msdn.microsoft.com/en-us/library/ee200767%28v=exchg.80%29.aspx

IPM.Note.SMIME: The message is encrypted and can also be signed.

In my example above email is a MIME email, and it is encrypted, and signed.

There is another type of PGP encryption - inline encryption. These emails should have IPM.Note MessageClass if they are not signed, and should have IPM.Note.SMIME.MultipartSigned if they're PGP signed.

At least, Office365 works exactly as I've proposed here.

tfu

tfu

2016-03-12 08:41

reporter   ~0009721

I don't think that PGP encrypted/signed emails can be handled the same way as SMIME signed/encrypted mails. EAS can deal with sMIME mails (there is the validateCert command which is used to verify signed (IPM.Note.SMIME) mails.

IPM.Note.SMIME: The message is encrypted and can also be signed.
IMHO, this is true for SMIME mails but doesn't mean PGP

st41ker

st41ker

2016-03-12 08:43

reporter   ~0009722

That is correct, but Office365 via AS provides exactly IPM.Note.SMIME for PGP\MIME emails.

st41ker

st41ker

2016-03-12 09:08

reporter   ~0009724

Last edited: 2016-03-12 09:11

Also, some MUAs (BB10 for example) rely on MessageClass so they're not checking the email body for encrypted content. Just showing secure content as attachments.

tfu

tfu

2016-03-12 09:10

reporter   ~0009725

Please share the complete email you used for the test and the AS trace from 365.

st41ker

st41ker

2016-03-12 09:15

reporter   ~0009726

Actually, I've tested it with SoGo and disabling IPM.Note.SMIME and IPM.Note.SMIME.MultipartSigned MessageClass by hand via sources.
The same PGP/SMIME messages was considered as encrypted only when IPM.Note.SMIME MessageClass was sent by SoGo. So, I've decided that if it works via Office365 all the time, then that is the root cause.

tfu

tfu

2016-03-12 11:50

reporter   ~0009728

Please send me the raw format of all emails you tested via email with a short description whether it is working or not. (tfu@aon.at)

st41ker

st41ker

2016-03-12 12:40

reporter   ~0009729

Last edited: 2016-03-12 12:40

Are you speaking about AS debug replies?
The mail messages are the same, just MessageClass in AS replies are different.

tfu

tfu

2016-03-12 13:28

reporter   ~0009730

I want to see how the content-type(s) looks like for mails which are ok and not ok.

st41ker

st41ker

2016-03-14 13:17

reporter   ~0009740

Last edited: 2016-03-14 13:51

I've used single email for tests, nothing changed in it. Please, confirm that you've understood this.

Headers below:

Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="===============0901805523=="
MIME-Version: 1.0
X-Client-ID: 57
X-Mailer: BlackBerry Email (10.3.2.2876)
Message-ID: <20160314131511.4886609.69259.57@youritcrowd.com>
Date: Mon, 14 Mar 2016 15:15:11 +0200
Subject: Test
From: Alexander Magliovany <tst@youritcrowd.com>
To: Alexander Magliovany <tst@youritcrowd.com>

--===============0901805523==
Content-Type: application/pgp-encrypted; Version="1"
MIME-Version: 1.0

--===============0901805523==
Content-Type: application/octet-stream
MIME-Version: 1.0

-----BEGIN PGP MESSAGE-----

The only change I've made - changed SoGo ActiveSync sources (aplied patch attached to this ticket), to provide IPM.Note.SMIME in MessageClass. If MessageClass on that email is not IPM.Note.SMIME then MUA shows email as simple email with attachments.

The second question is that this patch is not working with mail sent from Office365 and delivered by SoGo to MUA. Sample email headers were posted here: http://sogo.nu/bugs/view.php?id=3576#c9713
But exactly this email correctly displaed if delivered to MUA by Office365 server via AS.

st41ker

st41ker

2016-03-16 19:23

reporter  

sogo-2.3.9-pkcs-pgp.patch (2,538 bytes)   
diff -uNr SOGo-2.3.9/ActiveSync/SOGoMailObject+ActiveSync.m SOGo-2.3.9-2/ActiveSync/SOGoMailObject+ActiveSync.m
--- SOGo-2.3.9/ActiveSync/SOGoMailObject+ActiveSync.m	2016-03-16 18:14:43.000000000 +0200
+++ SOGo-2.3.9-2/ActiveSync/SOGoMailObject+ActiveSync.m	2016-03-16 20:56:20.526947500 +0200
@@ -523,7 +523,7 @@
   else if ([type isEqualToString: @"multipart"])
     *theNativeType = 4;
 
-  if (([subtype isEqualToString: @"signed"] || [subtype isEqualToString: @"pkcs7-mime"] ) && theMimeSupport > 0)
+  if (([subtype isEqualToString: @"signed"] || [subtype hasSuffix: @"pkcs7-mime"] || [subtype hasSuffix: @"encrypted"]) && theMimeSupport > 0)
     {
       *theNativeType = 4;
       isSMIME = YES;
@@ -931,7 +931,7 @@
       // MesssageClass and ContentClass
       if ([subtype isEqualToString: @"signed"])
         [s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME.MultipartSigned"];
-      else if ([subtype isEqualToString: @"pkcs7-mime"])
+      else if ([subtype hasSuffix: @"pkcs7-mime"] || [subtype hasSuffix: @"encrypted"])
         [s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME"];
       else
         [s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note"];
@@ -1096,7 +1096,7 @@
           // For s/mime mails type is always 4 if mimeSupport is 1 or 2.
           if (preferredBodyType == 2 && nativeBodyType == 1)
              [s appendString: @"<Type>1</Type>"];
-          else if (([subtype isEqualToString: @"signed"] || [subtype isEqualToString: @"pkcs7-mime"] ) && mimeSupport > 0)
+          else if (([subtype isEqualToString: @"signed"] || [subtype hasSuffix: @"pkcs7-mime"] || [subtype hasSuffix: @"encrypted"]) && mimeSupport > 0)
              [s appendString: @"<Type>4</Type>"];
           else
              [s appendFormat: @"<Type>%d</Type>", preferredBodyType];
diff -uNr SOGo-2.3.9/SoObjects/Mailer/SOGoMailObject.m SOGo-2.3.9-2/SoObjects/Mailer/SOGoMailObject.m
--- SOGo-2.3.9/SoObjects/Mailer/SOGoMailObject.m	2016-03-16 18:14:43.000000000 +0200
+++ SOGo-2.3.9-2/SoObjects/Mailer/SOGoMailObject.m	2016-03-16 20:57:30.194659195 +0200
@@ -851,7 +851,7 @@
 
           // We set the path to 0 in case of a smime mail if not provided.
           subtype = [[part objectForKey: @"subtype"] lowercaseString];
-          if ([subtype isEqualToString: @"pkcs7-mime"])
+          if ([subtype hasSuffix: @"pkcs7-mime"])
              path = @"0";
         }
 
sogo-2.3.9-pkcs-pgp.patch (2,538 bytes)   
st41ker

st41ker

2016-03-16 19:24

reporter   ~0009761

I've uploaded working patch for SOGo 2.3.9.

tfu

tfu

2016-03-16 20:14

reporter   ~0009762

For pgp encrypted mails the messageclass shouldn't be ipm.note.smime. This might be no problem for outlook or bb but prevent wp to show the pgp attachment.

What about mails with Content-Type: multipart/mixed; mentioned in you update from 2016-03-11 14:13?

st41ker

st41ker

2016-03-16 20:32

reporter   ~0009764

Following email pgp encrypted and sent from Office365.
And it displayed as email with attachement in BB10 or Outlook 2013 even with patch provided by me.

Return-Path: <fromemail@accentgold.com>
Delivered-To: toemail@youritcrowd.com
Received: from titan.youritcrowd.com
by titan.youritcrowd.com (Dovecot) with LMTP id hh3MBAjB6Vb7dwAA7FCENw
for <toemail@youritcrowd.com>; Wed, 16 Mar 2016 22:24:40 +0200
Received: from localhost (localhost [127.0.0.1])
by titan.youritcrowd.com (Postfix) with ESMTP id 076DE180B5A
for <toemail@youritcrowd.com>; Wed, 16 Mar 2016 22:24:40 +0200 (EET)
X-Virus-Scanned: amavisd-new at youritcrowd.com
Received: from titan.youritcrowd.com ([127.0.0.1])
by localhost (titan.youritcrowd.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id Q-dIUr4eLWe7 for <toemail@youritcrowd.com>;
Wed, 16 Mar 2016 22:24:38 +0200 (EET)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0081.outbound.protection.outlook.com [207.46.100.81])
by titan.youritcrowd.com (Postfix) with ESMTPS id DEF351807CA
for <toemail@youritcrowd.com>; Wed, 16 Mar 2016 22:24:37 +0200 (EET)
Received: from BLUPR17MB0372.namprd17.prod.outlook.com (10.164.17.153) by
BLUPR17MB0371.namprd17.prod.outlook.com (10.164.17.152) with Microsoft SMTP
Server (TLS) id 15.1.434.16; Wed, 16 Mar 2016 20:24:33 +0000
Received: from BLUPR17MB0372.namprd17.prod.outlook.com ([10.164.17.153]) by
BLUPR17MB0372.namprd17.prod.outlook.com ([10.164.17.153]) with mapi id
15.01.0434.019; Wed, 16 Mar 2016 20:24:33 +0000
From: Yuri Nazarenko <fromemail@accentgold.com>
To: =?koi8-r?B?4czFy9PBzsTSIO3Bx8zF18HO2co=?= <toemail@youritcrowd.com>
Subject: Encoded
Thread-Topic: Encoded
Thread-Index: AQHRf8HZt4UmfLHBVkCVvQoB7G9NRg==
Date: Wed, 16 Mar 2016 20:24:32 +0000
Message-ID: <20160316202431.5304405.29862.74@accentgold.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: youritcrowd.com; dkim=none (message not signed)
header.d=none;youritcrowd.com; dmarc=none action=none
header.from=accentgold.com;
x-originating-ip: [109.87.87.48]
x-ms-office365-filtering-correlation-id: 60f07d89-679f-41cd-09d0-08d34dd8fc84
x-microsoft-exchange-diagnostics: 1;BLUPR17MB0371;5:qj9VOMSzObnu5ec1foKBxy9czLCOwEWCIhFT4OsFhmgYeourUwiSP3VZ2ykI9jozp0kJC+rl9SFa7R2mLW6hhC87PS/uq03WlqurIDV4AIgv31wsWxxEOWFqTxNGRMeV3R7YmDaF6Wff7kul5swFFA==;24:COSIbDt3fe/NZCwWVDVf0/WeFr1wl1lW7AgWpYcoemDZ6BeYkexN6C4c4U7a1SPMOTdHgFD+Xzp/eLxlx1PwLvp7257ZjoRB1lf3Y8EM3hU=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR17MB0371;
x-microsoft-antispam-prvs: <BLUPR17MB0371C038E728579957B2C663FB8A0@BLUPR17MB0371.namprd17.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(102415293)(102615271)(6040046)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041046)(6043046);SRVR:BLUPR17MB0371;BCL:0;PCL:0;RULEID:;SRVR:BLUPR17MB0371;
x-forefront-prvs: 08831F51DC
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(621065002)(103116003)(86362001)(81166005)(5004730100002)(2900100001)(77096005)(50986999)(99936001)(10400500002)(54356999)(99286002)(221733001)(36756003)(106116001)(229853001)(5002640100001)(5008740100001)(87936001)(3280700002)(92566002)(3660700001)(73894003)(3480700003)(1076002)(586003)(450100001)(122556002)(11100500001)(1220700001)(3846002)(102836003)(6116002)(1096002)(2906002)(66066001)(107886002)(110136002);DIR:OUT;SFP:1101;SCL:1;SRVR:BLUPR17MB0371;H:BLUPR17MB0372.namprd17.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed;
boundary="_0032016031620243153044052986274accentgoldcom"
MIME-Version: 1.0
X-OriginatorOrg: accentgold.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2016 20:24:32.9939
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a4eecb42-9843-4214-81da-4483d7e7304f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR17MB0371

--_0032016031620243153044052986274accentgoldcom
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

--_0032016031620243153044052986274accentgoldcom
Content-Type: application/pgp-encrypted; name="ATT00001"
Content-Description: ATT00001
Content-Disposition: attachment; filename="ATT00001";
creation-date="Wed, 16 Mar 2016 20:24:32 GMT";
modification-date="Wed, 16 Mar 2016 20:24:32 GMT"
Content-ID: <15AFD599AC64DA459578993B260C4F58@accentgold.com>
Content-Transfer-Encoding: base64

--_0032016031620243153044052986274accentgoldcom
Content-Type: application/octet-stream; name="ATT00002.bin"
Content-Description: ATT00002.bin
Content-Disposition: attachment; filename="ATT00002.bin"; size=1513;
creation-date="Wed, 16 Mar 2016 20:24:32 GMT";
modification-date="Wed, 16 Mar 2016 20:24:32 GMT"
Content-ID: <4DB30A2A71FBBE41AE8B29887404DE7B@accentgold.com>
Content-Transfer-Encoding: base64

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tDQoNCndjQk1BeUNWZ1hDMmZyM29BUWY5RVZNWXBp
RmhVQy85Z1VjSmNWV1RWL3lqKzkvK0JEbDNSNWpoQmVBUW9rYjYNClRxQnNxb2tWTDZzV1ZrczhJ
Nmc0RUxLcG1VUHpMSnE3ckJXd25MRTFla1lJT3JGampwdktoNTdTUEd5UU1pcUgNCmo4MU9lNlQ2
Vm5vU1p5MmxaTzdNeWhQWFBudmVEYVBud2FDZlNiVUpYRnZGUWdnMlc3Q0I0NG9TZTcwdG1IY2kN
Ci9BLzJyYUlRRWFaYWZIckpoSVc2WUk2VFlaZjhXWXR5L2hTL3pOeG55YVU4cTlWaGgzSlZSTDVh
YzV2emVPSkENCk9NdlRPVVJQY1ZDclhIWThoOS9HZWdUUWhmYWt3TE1MUkdFRkVuaVprVTMvUjJZ
Q2pNVjQzL0VvdFIrSzZJU3UNCk0zbEZSOVpGanYwM0pjeStJOWpoTlVDdnUvZnpzbjhWamtZSHVY
c3JJOEhBVEFNN1drWlI5c1A2UUFFSC9SQnANCm12VFptNXZHY0lIOUVnTzF4N0paL1hWS1NmU2xT
UVIxNGZiTFMySmYyM2IyY0ZZakRiNysrMnRVb2xxc1pPTmoNCjhPVkxONlVUaGJDVDdYM3hqV3VB
dHZXNWgranVCdENlUUFKaDZYMnNpeVg4a3pPTHQ1NDhXMGlvVm1FYnV1YmoNCko2VkcwV1RmSm1D
RFBOVEFhb1JJcGJKSVNqL1U3eW05ZTR5ek43c0FkVG50NWNMcXdPWTJEakpKalVaYmtJeHgNCmVN
NS90cGRwMEVLTVNkdHdpVlV0WFpuM0NNY0IwZU01ME9vL3pLMmlYanZqOFcvUzJBSEVHRitFN0Mx
czJWK04NCmd1NFhjQldlM3FEajZlMkIzU2J4aWViZkZCOEFzUVpCZmoxM09yNE5tb3BxaUk4ZHo2
aVVHejBMdmp2N1hQaEwNCmUvV0J5Z1NKK3FiTFA4Y1NYdnZTd1RzQlNXS1c4TmxmeWpZU1U0YU1I
dHBkVWZxU2Q2SE9FTTl5VjJ5dWl6bGQNCjVYaTMzSnFZQmNTQ292b1BOY3RwZ3lsOWlXZGlGNUlI
dmY2Y0pVK3hWMFlidXJib2dSeUp6aWpPd2t0ZnBRbDUNCkM5NlJMZXVNTkI1QkxGbUNUVXYwNHQ0
ZkwyT0FlYUxtaUZLNnpubmpSUndSMDFrVTZncVBodjBoNWdLbDJpMVMNCk1nOUZlSFNzRHU5VTRM
Zm91aXNkR1BJcytKdzlqZlR6Y0hQWWRUOVJKajRQQmhodG1QYWNJcFdNU0dhdVBqaDgNCkpOZ3NM
VTltMUJ6MndFR1k5NFdHMk5RYkpQRHE3YUN5RmllL3E0WjVpcEM5cTNRaEExdEhjL0xmQ0JhR2hY
dVMNCjE1dnI2NGJPUGFyRzhWTjlQSCszZTIzbnVoeitmajNlNmFZYXhLbDljK3pFTURZRThZbXFQ
OTRaZ2I1OHBDVGYNCk0xaTdHeE5FQWpMbVdKd0RYVVJhYVVTSVpXb2x6RHhVNmZadFR3VGJ6alZh
ZGNzcCtUZCtqc2V6eTh4MU5GTnkNCkw3NWpyYU45MlEvVkg1WG1sVGNMbnpNcmlQQjFJeURWdUly
YjBoQm9Ib3NhWHZIdUdEbCtQUHZOVmRTbDdYbUINCmNlcnZjZHVPWk5hbm42RUVPUkRyVk9zRk1r
L0tTcThQL1drK29zdWpsc0dBUHNrZU5qQ1psYkRtTTRsVHBzVHkNCkFvS3NqSE5uZitWcXR4VmlU
cDFobmVVTkpxL05ydGpycGUvT3E1YXIydlpmNGFvVzdWTXNhUUFiN3M4eFBDSVcNCnVyQVcyNEJP
RGNGc3dxZm9Ld2VFZHFTWkQwQzcxOHdsbzA5U1ZrZjdlRkZ1OHluQmZGeDdwbzc4a0NJPQ0KPXd0
TjQNCi0tLS0tRU5EIFBHUCBNRVNTQUdFLS0tLS0NCg==

--_0032016031620243153044052986274accentgoldcom--

st41ker

st41ker

2016-03-16 20:32

reporter   ~0009765

For pgp encrypted mails the messageclass shouldn't be ipm.note.smime. This might be no problem for outlook or bb but prevent wp to show the pgp attachment.

Could you, please, clarify what is WP?

tfu

tfu

2016-03-16 20:51

reporter   ~0009766

wp = windows phone.

st41ker

st41ker

2016-03-16 20:57

reporter   ~0009767

Last edited: 2016-03-16 20:57

Are you 100% sure?

tfu

tfu

2016-03-16 21:07

reporter   ~0009768

about what?

st41ker

st41ker

2016-03-17 13:11

reporter   ~0009775

About WP incompatibility with MessageClass set to IPM.Note.SMIME for PGP encrypted email.

tfu

tfu

2016-03-17 13:50

reporter   ~0009776

YES, do you have other experience based on what you have tested?

st41ker

st41ker

2016-03-17 13:56

reporter   ~0009777

No, unfortunately. I've tested only PGP\MIME. With inline PGP everything works with IPM.Note MessageClass.
I've only Andriod and BlackBerry 10 devices. And, obviously, also I've tested patches on the desktop software that supports AS, and it works.

tfu

tfu

2016-03-17 14:04

reporter   ~0009778

I think I have a patch which takes care of most situations. I hope that I can finish my tests today evening. What app do you use on Android for pgp mails?

st41ker

st41ker

2016-03-17 14:10

reporter   ~0009779

I think I have a patch which takes care of most situations. I hope that I can finish my tests today evening.
Nice to hear that.

What app do you use on Android for pgp mails?
I've used R2Mail2 for Android.

tfu

tfu

2016-03-17 14:35

reporter   ~0009780

I haven't tried, but can R2Mail2 talk ActiveSync?

st41ker

st41ker

2016-03-17 14:54

reporter   ~0009781

Heh, seems like it is not.
I've used it as simple IMAP client.

st41ker

st41ker

2016-03-17 16:21

reporter   ~0009784

@tfu:

How can I help you any further?

tfu

tfu

2016-03-17 20:50

reporter  

0017-PGP.patch (6,582 bytes)   
From 8938f85a0a0f64d93320a4694bce7a893adb89e1 Mon Sep 17 00:00:00 2001
From: root <root@poldi2.hopto.org>
Date: Thu, 17 Mar 2016 20:19:12 +0100
Subject: [PATCH 17/17] PGP

---
 ActiveSync/SOGoMailObject+ActiveSync.m | 104 ++++++++++++++++++++++++++++++---
 SoObjects/Mailer/SOGoMailObject.m      |   2 +-
 2 files changed, 97 insertions(+), 9 deletions(-)

diff --git a/ActiveSync/SOGoMailObject+ActiveSync.m b/ActiveSync/SOGoMailObject+ActiveSync.m
index d9d123f..4d65f18 100644
--- a/ActiveSync/SOGoMailObject+ActiveSync.m
+++ b/ActiveSync/SOGoMailObject+ActiveSync.m
@@ -499,6 +499,91 @@ struct GlobalObjectId {
    return NO;
 }
 
+
+- (BOOL) _isSigned: (NSDictionary *) thePart
+{
+  NSMutableDictionary *currentPart;
+  NSArray *subparts;
+  NSString *type, *subtype;
+  NSUInteger i;
+
+  type = [[thePart objectForKey: @"type"] lowercaseString];
+  subtype = [[thePart objectForKey: @"subtype"] lowercaseString];
+
+  if ([type isEqualToString: @"multipart"])
+    {
+      if ([subtype isEqualToString: @"signed"])
+        return YES;
+
+      subparts = [thePart objectForKey: @"parts"];
+      for (i = 0; i < [subparts count]; i++)
+        {
+          currentPart = [subparts objectAtIndex: i];
+          if ([self _isSigned: currentPart])
+            return YES;
+        }
+    }
+
+  return NO;
+}
+
+- (BOOL) _isSmimeEncrypted: (NSDictionary *) thePart
+{
+  NSMutableDictionary *currentPart;
+  NSArray *subparts;
+  NSString *type, *subtype;
+  NSUInteger i;
+
+  type = [[thePart objectForKey: @"type"] lowercaseString];
+  subtype = [[thePart objectForKey: @"subtype"] lowercaseString];
+
+  if ([type isEqualToString: @"multipart"])
+    {
+      subparts = [thePart objectForKey: @"parts"];
+      for (i = 0; i < [subparts count]; i++)
+        {
+          currentPart = [subparts objectAtIndex: i];
+          if ([self _isSmimeEncrypted: currentPart])
+            return YES;
+        }
+    }
+  else if ([type isEqualToString: @"application"] && ([subtype isEqualToString: @"pkcs7-mime"] ||
+           [subtype isEqualToString: @"x-pkcs7-mime"]))
+    return YES;
+
+  return NO;
+}
+
+- (BOOL) _isPGP: (NSDictionary *) thePart
+{
+  NSMutableDictionary *currentPart;
+  NSArray *subparts;
+  NSString *type, *subtype, *protocol;
+  NSUInteger i;
+
+  type = [[thePart objectForKey: @"type"] lowercaseString];
+  subtype = [[thePart objectForKey: @"subtype"] lowercaseString];
+  protocol = [[[thePart objectForKey: @"parameterList"] objectForKey: @"protocol"] lowercaseString];
+
+  if ([type isEqualToString: @"multipart"])
+    {
+      if (([protocol isEqualToString: @"application/pgp-signature"] || [protocol isEqualToString: @"application/pgp-encrypted"]))
+        return YES;
+
+      subparts = [thePart objectForKey: @"parts"];
+      for (i = 0; i < [subparts count]; i++)
+        {
+          currentPart = [subparts objectAtIndex: i];
+          if ([self _isPGP: currentPart])
+            return YES;
+        }
+    }
+  else if ([type isEqualToString: @"application"] && [subtype isEqualToString: @"pgp-encrypted"])
+    return YES;
+
+  return NO;
+}
+
 //
 //
 //
@@ -523,7 +608,9 @@ struct GlobalObjectId {
   else if ([type isEqualToString: @"multipart"])
     *theNativeType = 4;
 
-  if (([subtype isEqualToString: @"signed"] || [subtype isEqualToString: @"pkcs7-mime"] ) && theMimeSupport > 0)
+  if (([self _isSigned: [self bodyStructure]] ||
+       [self _isSmimeEncrypted: [self bodyStructure]] ||
+       [self _isPGP: [self bodyStructure]]) && theMimeSupport > 0)
     {
       *theNativeType = 4;
       isSMIME = YES;
@@ -721,15 +808,13 @@ struct GlobalObjectId {
   NSData *d, *globalObjId;
   NSArray *attachmentKeys;
   iCalCalendar *calendar;
-  NSString *p, *subtype;
+  NSString *p;
   NSMutableString *s;
   id value;
       
   int preferredBodyType, mimeSupport, mimeTruncation, nativeBodyType;
   uint32_t v;
 
-  subtype = [[[self bodyStructure] valueForKey: @"subtype"] lowercaseString];
-
   preferredBodyType = [[context objectForKey: @"BodyPreferenceType"] intValue];
   mimeSupport = [[context objectForKey: @"MIMESupport"] intValue];
   mimeTruncation = [[context objectForKey: @"MIMETruncation"] intValue];
@@ -929,12 +1014,13 @@ struct GlobalObjectId {
   else
     {
       // MesssageClass and ContentClass
-      if ([subtype isEqualToString: @"signed"])
+      if ([self _isSigned: [self bodyStructure]])
         [s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME.MultipartSigned"];
-      else if ([subtype isEqualToString: @"pkcs7-mime"])
+      else if ([self _isSmimeEncrypted: [self bodyStructure]])
         [s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note.SMIME"];
       else
         [s appendFormat: @"<MessageClass xmlns=\"Email:\">%@</MessageClass>", @"IPM.Note"];
+
       [s appendFormat: @"<ContentClass xmlns=\"Email:\">%@</ContentClass>", @"urn:content-classes:message"];
     }
 
@@ -1096,7 +1182,9 @@ struct GlobalObjectId {
           // For s/mime mails type is always 4 if mimeSupport is 1 or 2.
           if (preferredBodyType == 2 && nativeBodyType == 1)
              [s appendString: @"<Type>1</Type>"];
-          else if (([subtype isEqualToString: @"signed"] || [subtype isEqualToString: @"pkcs7-mime"] ) && mimeSupport > 0)
+          else if (([self _isSigned: [self bodyStructure]] ||
+                    [self _isSmimeEncrypted: [self bodyStructure]] ||
+                    [self _isPGP: [self bodyStructure]]) && mimeSupport > 0)
              [s appendString: @"<Type>4</Type>"];
           else
              [s appendFormat: @"<Type>%d</Type>", preferredBodyType];
@@ -1112,7 +1200,7 @@ struct GlobalObjectId {
   // Attachments -namespace 16
   attachmentKeys = [self fetchFileAttachmentKeys];
 
-  if ([attachmentKeys count] && !([subtype isEqualToString: @"signed"]))
+  if ([attachmentKeys count] && !([self _isSigned: [self bodyStructure]]))
     {
       int i;
 
diff --git a/SoObjects/Mailer/SOGoMailObject.m b/SoObjects/Mailer/SOGoMailObject.m
index dd4ee03..b71b974 100644
--- a/SoObjects/Mailer/SOGoMailObject.m
+++ b/SoObjects/Mailer/SOGoMailObject.m
@@ -851,7 +851,7 @@ static BOOL debugSoParts       = NO;
 
           // We set the path to 0 in case of a smime mail if not provided.
           subtype = [[part objectForKey: @"subtype"] lowercaseString];
-          if ([subtype isEqualToString: @"pkcs7-mime"])
+          if ([subtype isEqualToString: @"pkcs7-mime"] || [subtype isEqualToString: @"x-pkcs7-mime"])
              path = @"0";
         }
 
-- 
2.1.4

0017-PGP.patch (6,582 bytes)   
tfu

tfu

2016-03-17 20:52

reporter   ~0009787

Can you please test the attached patch (0017-PGP.patch).

st41ker

st41ker

2016-03-18 15:05

reporter   ~0009791

Tested PGP/MIME enc. (and\or)signed, S/MIME enc. (and\or) signed with BB10, Outlook 2013.
Sent\received via BB10, via Office360+BB10, Office365+Outlook. Also, tested all that emails in Thunderbird (just in case).

Everything works as expected, except emails from Office365 read by Thunderbird, seems like it breaks something, but this has nothing commond with current issue.

Since that Outlook 2013 has no support for PGP in AS mailboxes, I was unable to test it.

ludovic

ludovic

2016-03-18 17:01

administrator   ~0009796

tfu's patch pushed: 9621527414f35bd13cfe6acd40781d881ecaf860

thanks for your excellent work!

Issue History

Date Modified Username Field Change
2016-03-11 07:07 st41ker New Issue
2016-03-11 07:11 st41ker Note Added: 0009703
2016-03-11 07:17 st41ker Note Added: 0009704
2016-03-11 10:20 tfu Note Added: 0009705
2016-03-11 10:22 st41ker Note Added: 0009706
2016-03-11 10:49 st41ker Note Added: 0009707
2016-03-11 11:52 tfu Note Added: 0009708
2016-03-11 11:54 st41ker Note Added: 0009709
2016-03-11 17:41 st41ker File Added: sogo-2.3.8-st41ker.patch
2016-03-11 17:44 st41ker Note Added: 0009712
2016-03-11 19:13 st41ker Note Added: 0009713
2016-03-11 19:16 st41ker Note Edited: 0009713
2016-03-11 21:19 tfu Note Added: 0009714
2016-03-11 23:06 tfu Note Edited: 0009714
2016-03-12 07:10 st41ker Note Added: 0009718
2016-03-12 08:41 tfu Note Added: 0009721
2016-03-12 08:43 st41ker Note Added: 0009722
2016-03-12 09:08 st41ker Note Added: 0009724
2016-03-12 09:10 tfu Note Added: 0009725
2016-03-12 09:11 st41ker Note Edited: 0009724
2016-03-12 09:15 st41ker Note Added: 0009726
2016-03-12 11:50 tfu Note Added: 0009728
2016-03-12 12:40 st41ker Note Added: 0009729
2016-03-12 12:40 st41ker Note Edited: 0009729
2016-03-12 13:28 tfu Note Added: 0009730
2016-03-14 13:17 st41ker Note Added: 0009740
2016-03-14 13:43 st41ker Note Edited: 0009740
2016-03-14 13:51 st41ker Note Edited: 0009740
2016-03-16 19:23 st41ker File Added: sogo-2.3.9-pkcs-pgp.patch
2016-03-16 19:24 st41ker Note Added: 0009761
2016-03-16 20:14 tfu Note Added: 0009762
2016-03-16 20:32 st41ker Note Added: 0009764
2016-03-16 20:32 st41ker Note Added: 0009765
2016-03-16 20:51 tfu Note Added: 0009766
2016-03-16 20:57 st41ker Note Added: 0009767
2016-03-16 20:57 st41ker Note Edited: 0009767
2016-03-16 21:07 tfu Note Added: 0009768
2016-03-17 13:11 st41ker Note Added: 0009775
2016-03-17 13:50 tfu Note Added: 0009776
2016-03-17 13:56 st41ker Note Added: 0009777
2016-03-17 14:04 tfu Note Added: 0009778
2016-03-17 14:10 st41ker Note Added: 0009779
2016-03-17 14:35 tfu Note Added: 0009780
2016-03-17 14:54 st41ker Note Added: 0009781
2016-03-17 16:21 st41ker Note Added: 0009784
2016-03-17 20:50 tfu File Added: 0017-PGP.patch
2016-03-17 20:52 tfu Note Added: 0009787
2016-03-18 15:05 st41ker Note Added: 0009791
2016-03-18 17:01 ludovic Note Added: 0009796
2016-03-18 17:01 ludovic Status new => resolved
2016-03-18 17:01 ludovic Fixed in Version => 2.3.10
2016-03-18 17:01 ludovic Resolution open => fixed
2016-03-18 17:01 ludovic Assigned To => ludovic