1 ;;; canlock.el --- functions for Cancel-Lock feature
3 ;; Copyright (C) 1998-1999, 2001-2012 Free Software Foundation, Inc.
5 ;; Author: Katsumi Yamaoka <yamaoka@jpl.org>
6 ;; Keywords: news, cancel-lock, hmac, sha1, rfc2104
8 ;; This file is part of GNU Emacs.
10 ;; GNU Emacs is free software: you can redistribute it and/or modify
11 ;; it under the terms of the GNU General Public License as published by
12 ;; the Free Software Foundation, either version 3 of the License, or
13 ;; (at your option) any later version.
15 ;; GNU Emacs is distributed in the hope that it will be useful,
16 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ;; GNU General Public License for more details.
20 ;; You should have received a copy of the GNU General Public License
21 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
25 ;; Canlock is a library for generating and verifying Cancel-Lock and/or
26 ;; Cancel-Key header in news articles. This is used to protect articles
27 ;; from rogue cancel, supersede or replace attacks. The method is based
28 ;; on draft-ietf-usefor-cancel-lock-01.txt which was released on November
29 ;; 3rd 1998. For instance, you can add Cancel-Lock (and possibly Cancel-
30 ;; Key) header in a news article by using a hook which will be evaluated
31 ;; just before sending an article as follows:
33 ;; (add-hook '*e**a*e-header-hook 'canlock-insert-header t)
35 ;; Verifying Cancel-Lock is mainly a function of news servers, however,
36 ;; you can verify your own article using the command `canlock-verify' in
37 ;; the (raw) article buffer. You will be prompted for the password for
38 ;; each time if the option `canlock-password' or `canlock-password-for-
39 ;; verify' is nil. Note that setting these options is a bit unsafe.
48 (defvar mail-header-separator)
51 "The Cancel-Lock feature."
54 (defcustom canlock-password nil
55 "Password to use when signing a Cancel-Lock or a Cancel-Key header."
56 :type '(radio (const :format "Not specified " nil)
57 (string :tag "Password"))
60 (defcustom canlock-password-for-verify canlock-password
61 "Password to use when verifying a Cancel-Lock or a Cancel-Key header."
62 :type '(radio (const :format "Not specified " nil)
63 (string :tag "Password"))
66 (defcustom canlock-force-insert-header nil
67 "If non-nil, insert a Cancel-Lock or a Cancel-Key header even if the
68 buffer does not look like a news message."
73 (defmacro canlock-string-as-unibyte (string)
74 "Return a unibyte string with the same individual bytes as STRING."
75 (if (fboundp 'string-as-unibyte)
76 (list 'string-as-unibyte string)
79 (defun canlock-sha1 (message)
80 "Make a SHA-1 digest of MESSAGE as a unibyte string of length 20 bytes."
81 (let (sha1-maximum-internal-length)
82 (sha1 message nil nil 'binary)))
84 (defun canlock-make-cancel-key (message-id password)
85 "Make a Cancel-Key header."
86 (when (> (length password) 20)
87 (setq password (canlock-sha1 password)))
88 (setq password (concat password (make-string (- 64 (length password)) 0)))
89 (let ((ipad (mapconcat (lambda (byte)
90 (char-to-string (logxor 54 byte)))
92 (opad (mapconcat (lambda (byte)
93 (char-to-string (logxor 92 byte)))
99 (concat ipad (canlock-string-as-unibyte message-id))))))))
101 (defun canlock-narrow-to-header ()
102 "Narrow the buffer to the head of the message."
103 (let (case-fold-search)
105 (goto-char (point-min))
106 (goto-char (if (re-search-forward
108 (regexp-quote mail-header-separator))
113 (defun canlock-delete-headers ()
114 "Delete Cancel-Key or Cancel-Lock headers in the narrowed buffer."
115 (let ((case-fold-search t))
116 (goto-char (point-min))
117 (while (re-search-forward "^Cancel-\\(Key\\|Lock\\):" nil t)