search

deltachat / deltachat-core-rust

Delta Chat Rust Core library, used by Android/iOS/desktop apps, bindings and bots 📧
https://delta.chat/en/contribute
Other
682 stars 87 forks source link

Accept multipart/mixed autocrypt messages #2320

Closed link2xt closed 3 years ago

link2xt commented 3 years ago

ProtonMail IMAP/SMTP Bridge, when used with Delta Chat, corrupts encrypted Autocrypt messages as follows:

To: ...
From: ...
Reply-To: ...
Subject: ...
Message-ID: ...
In-Reply-To: ...
References: ...
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="b1_01FB8kHjERilpSep0FbmgBMNYR3TvWQ30jPthW5L0"
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,TVD_SPACE_RATIO shortcircuit=no
        autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
        mailout.protonmail.ch
X-Spam: Yes

This is a multi-part message in MIME format.

--b1_01FB8kHjERilpSep0FbmgBMNYR3TvWQ30jPthW5L0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Empty Message
--b1_01FB8kHjERilpSep0FbmgBMNYR3TvWQ30jPthW5L0
Content-Type: application/pgp-encrypted; name=attachment.pgp
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=attachment.pgp

VmVyc2lvbjogMQ0KDQo=

--b1_01FB8kHjERilpSep0FbmgBMNYR3TvWQ30jPthW5L0
Content-Type: application/octet-stream; name=encrypted.asc
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=encrypted.asc

<base64 encrypted message snipped>

--b1_01FB8kHjERilpSep0FbmgBMNYR3TvWQ30jPthW5L0--

Thunderbird 78.9.0 proposes to fix the message: 1

After clicking "Repair message", it changes the message as follows:

...
Message-ID: ...
In-Reply-To: ...
References: ...
MIME-Version: 1.0
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,TVD_SPACE_RATIO shortcircuit=no
        autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
        mailout.protonmail.ch
X-Spam: Yes
Content-Type: multipart/encrypted;
  protocol="application/pgp-encrypted";
  boundary="b1_01FB8kHjERilpSep0FbmgBMNYR3TvWQ30jPthW5L0"
X-Enigmail-Info: Fixed broken PGP/MIME message

--b1_01FB8kHjERilpSep0FbmgBMNYR3TvWQ30jPthW5L0
Content-Type: application/pgp-encrypted; name=attachment.pgp
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=attachment.pgp

VmVyc2lvbjogMQ0KDQo=

--b1_01FB8kHjERilpSep0FbmgBMNYR3TvWQ30jPthW5L0
Content-Type: application/octet-stream; name=encrypted.asc
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=encrypted.asc

<base64 encrypted message snipped>

--b1_01FB8kHjERilpSep0FbmgBMNYR3TvWQ30jPthW5L0--

It removes "Empty message" part and changes the type of the outer message to multipart/encrypted instead of multipart/mixed. To accept such messages, we need to recognize multipart/mixed (instead of correct multipart/encrypted) messages which contain necessary application/pgp-encrypted and encrypted.asc parts as Autocrypt messages and ignore any irrelevant parts.

ProtonMail IMAP/SMTP bridge also strips Autocrypt header, but this is another issue to be reported to https://github.com/ProtonMail/proton-bridge/issues

link2xt commented 3 years ago

Message structure corruption should also be reported to ProtonMail, but copying the message correction logic from Thunderbird would be a nice enhancement anyway.

Here I also found a discussion about adding thing workaround to notmuch: https://notmuchmail.org/pipermail/notmuch/2019/028802.html

link2xt commented 3 years ago

Without the workaround, the message is received like this: 1

This is the message Thunderbird was able to recover.

link2xt commented 3 years ago

The code which extracts encrypted payload resides in e2ee::get_autocrypt_mime and can be unit-tested.

link2xt commented 3 years ago

There is a draft RFC which describes this kind of "mixed up" encryption: https://tools.ietf.org/id/draft-dkg-openpgp-pgpmime-message-mangling-00.html