Commit | Line | Data |
---|---|---|
23f87bed MB |
1 | ;;; canlock.el --- functions for Cancel-Lock feature |
2 | ||
ba318903 | 3 | ;; Copyright (C) 1998-1999, 2001-2014 Free Software Foundation, Inc. |
23f87bed MB |
4 | |
5 | ;; Author: Katsumi Yamaoka <yamaoka@jpl.org> | |
6 | ;; Keywords: news, cancel-lock, hmac, sha1, rfc2104 | |
7 | ||
4d19e846 GM |
8 | ;; This file is part of GNU Emacs. |
9 | ||
5e809f55 | 10 | ;; GNU Emacs is free software: you can redistribute it and/or modify |
23f87bed | 11 | ;; it under the terms of the GNU General Public License as published by |
5e809f55 GM |
12 | ;; the Free Software Foundation, either version 3 of the License, or |
13 | ;; (at your option) any later version. | |
23f87bed | 14 | |
4d19e846 | 15 | ;; GNU Emacs is distributed in the hope that it will be useful, |
23f87bed MB |
16 | ;; but WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ;; GNU General Public License for more details. | |
19 | ||
20 | ;; You should have received a copy of the GNU General Public License | |
5e809f55 | 21 | ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. |
23f87bed MB |
22 | |
23 | ;;; Commentary: | |
24 | ||
25 | ;; Canlock is a library for generating and verifying Cancel-Lock and/or | |
26 | ;; Cancel-Key header in news articles. This is used to protect articles | |
27 | ;; from rogue cancel, supersede or replace attacks. The method is based | |
28 | ;; on draft-ietf-usefor-cancel-lock-01.txt which was released on November | |
29 | ;; 3rd 1998. For instance, you can add Cancel-Lock (and possibly Cancel- | |
30 | ;; Key) header in a news article by using a hook which will be evaluated | |
31 | ;; just before sending an article as follows: | |
32 | ;; | |
33 | ;; (add-hook '*e**a*e-header-hook 'canlock-insert-header t) | |
34 | ;; | |
35 | ;; Verifying Cancel-Lock is mainly a function of news servers, however, | |
36 | ;; you can verify your own article using the command `canlock-verify' in | |
37 | ;; the (raw) article buffer. You will be prompted for the password for | |
38 | ;; each time if the option `canlock-password' or `canlock-password-for- | |
39 | ;; verify' is nil. Note that setting these options is a bit unsafe. | |
40 | ||
41 | ;;; Code: | |
42 | ||
43 | (eval-when-compile | |
44 | (require 'cl)) | |
45 | ||
46 | (require 'sha1) | |
47 | ||
48 | (defvar mail-header-separator) | |
49 | ||
50 | (defgroup canlock nil | |
51 | "The Cancel-Lock feature." | |
d0859c9a | 52 | :group 'news) |
23f87bed MB |
53 | |
54 | (defcustom canlock-password nil | |
55 | "Password to use when signing a Cancel-Lock or a Cancel-Key header." | |
56 | :type '(radio (const :format "Not specified " nil) | |
ad136a7c | 57 | (string :tag "Password")) |
23f87bed MB |
58 | :group 'canlock) |
59 | ||
60 | (defcustom canlock-password-for-verify canlock-password | |
61 | "Password to use when verifying a Cancel-Lock or a Cancel-Key header." | |
62 | :type '(radio (const :format "Not specified " nil) | |
ad136a7c | 63 | (string :tag "Password")) |
23f87bed MB |
64 | :group 'canlock) |
65 | ||
66 | (defcustom canlock-force-insert-header nil | |
67 | "If non-nil, insert a Cancel-Lock or a Cancel-Key header even if the | |
68 | buffer does not look like a news message." | |
69 | :type 'boolean | |
70 | :group 'canlock) | |
71 | ||
72 | (eval-when-compile | |
73 | (defmacro canlock-string-as-unibyte (string) | |
74 | "Return a unibyte string with the same individual bytes as STRING." | |
75 | (if (fboundp 'string-as-unibyte) | |
76 | (list 'string-as-unibyte string) | |
77 | string))) | |
78 | ||
79 | (defun canlock-sha1 (message) | |
80 | "Make a SHA-1 digest of MESSAGE as a unibyte string of length 20 bytes." | |
81 | (let (sha1-maximum-internal-length) | |
82 | (sha1 message nil nil 'binary))) | |
83 | ||
84 | (defun canlock-make-cancel-key (message-id password) | |
85 | "Make a Cancel-Key header." | |
86 | (when (> (length password) 20) | |
87 | (setq password (canlock-sha1 password))) | |
88 | (setq password (concat password (make-string (- 64 (length password)) 0))) | |
89 | (let ((ipad (mapconcat (lambda (byte) | |
90 | (char-to-string (logxor 54 byte))) | |
91 | password "")) | |
92 | (opad (mapconcat (lambda (byte) | |
93 | (char-to-string (logxor 92 byte))) | |
94 | password ""))) | |
95 | (base64-encode-string | |
96 | (canlock-sha1 | |
97 | (concat opad | |
98 | (canlock-sha1 | |
99 | (concat ipad (canlock-string-as-unibyte message-id)))))))) | |
100 | ||
101 | (defun canlock-narrow-to-header () | |
102 | "Narrow the buffer to the head of the message." | |
103 | (let (case-fold-search) | |
104 | (narrow-to-region | |
105 | (goto-char (point-min)) | |
106 | (goto-char (if (re-search-forward | |
107 | (format "^$\\|^%s$" | |
108 | (regexp-quote mail-header-separator)) | |
109 | nil t) | |
110 | (match-beginning 0) | |
111 | (point-max)))))) | |
112 | ||
113 | (defun canlock-delete-headers () | |
114 | "Delete Cancel-Key or Cancel-Lock headers in the narrowed buffer." | |
115 | (let ((case-fold-search t)) | |
116 | (goto-char (point-min)) | |
117 | (while (re-search-forward "^Cancel-\\(Key\\|Lock\\):" nil t) | |
118 | (delete-region (match-beginning 0) | |
119 | (if (re-search-forward "^[^\t ]" nil t) | |
120 | (goto-char (match-beginning 0)) | |
121 | (point-max)))))) | |
122 | ||
123 | (defun canlock-fetch-fields (&optional key) | |
124 | "Return a list of the values of Cancel-Lock header. | |
125 | If KEY is non-nil, look for a Cancel-Key header instead. The buffer | |
126 | is expected to be narrowed to just the headers of the message." | |
127 | (let ((field (mail-fetch-field (if key "Cancel-Key" "Cancel-Lock"))) | |
128 | fields rest | |
129 | (case-fold-search t)) | |
130 | (when field | |
131 | (setq fields (split-string field "[\t\n\r ,]+")) | |
132 | (while fields | |
133 | (when (string-match "^sha1:" (setq field (pop fields))) | |
134 | (push (substring field 5) rest))) | |
135 | (nreverse rest)))) | |
136 | ||
137 | (defun canlock-fetch-id-for-key () | |
138 | "Return a Message-ID in Cancel, Supersedes or Replaces header. | |
139 | The buffer is expected to be narrowed to just the headers of the | |
140 | message." | |
141 | (or (let ((cancel (mail-fetch-field "Control"))) | |
142 | (and cancel | |
143 | (string-match "^cancel[\t ]+\\(<[^\t\n @<>]+@[^\t\n @<>]+>\\)" | |
144 | cancel) | |
145 | (match-string 1 cancel))) | |
146 | (mail-fetch-field "Supersedes") | |
147 | (mail-fetch-field "Replaces"))) | |
148 | ||
149 | ;;;###autoload | |
150 | (defun canlock-insert-header (&optional id-for-key id-for-lock password) | |
151 | "Insert a Cancel-Key and/or a Cancel-Lock header if possible." | |
152 | (let (news control key-for-key key-for-lock) | |
153 | (save-excursion | |
154 | (save-restriction | |
155 | (canlock-narrow-to-header) | |
156 | (when (setq news (or canlock-force-insert-header | |
157 | (mail-fetch-field "Newsgroups"))) | |
158 | (unless id-for-key | |
159 | (setq id-for-key (canlock-fetch-id-for-key))) | |
160 | (if (and (setq control (mail-fetch-field "Control")) | |
161 | (string-match "^cancel[\t ]+<[^\t\n @<>]+@[^\t\n @<>]+>" | |
162 | control)) | |
163 | (setq id-for-lock nil) | |
164 | (unless id-for-lock | |
165 | (setq id-for-lock (mail-fetch-field "Message-ID")))) | |
166 | (canlock-delete-headers) | |
167 | (goto-char (point-max)))) | |
168 | (when news | |
169 | (if (not (or id-for-key id-for-lock)) | |
170 | (message "There are no Message-ID(s)") | |
171 | (unless password | |
172 | (setq password (or canlock-password | |
173 | (read-passwd | |
174 | "Password for Canlock: ")))) | |
175 | (if (or (not (stringp password)) (zerop (length password))) | |
176 | (message "Password for Canlock is bad") | |
177 | (setq key-for-key (when id-for-key | |
178 | (canlock-make-cancel-key | |
179 | id-for-key password)) | |
180 | key-for-lock (when id-for-lock | |
181 | (canlock-make-cancel-key | |
182 | id-for-lock password))) | |
183 | (if (not (or key-for-key key-for-lock)) | |
184 | (message "Couldn't insert Canlock header") | |
185 | (when key-for-key | |
186 | (insert "Cancel-Key: sha1:" key-for-key "\n")) | |
187 | (when key-for-lock | |
188 | (insert "Cancel-Lock: sha1:" | |
189 | (base64-encode-string (canlock-sha1 key-for-lock)) | |
190 | "\n"))))))))) | |
191 | ||
192 | ;;;###autoload | |
193 | (defun canlock-verify (&optional buffer) | |
194 | "Verify Cancel-Lock or Cancel-Key in BUFFER. | |
195 | If BUFFER is nil, the current buffer is assumed. Signal an error if | |
196 | it fails." | |
197 | (interactive) | |
198 | (let (keys locks errmsg id-for-key id-for-lock password | |
199 | key-for-key key-for-lock match) | |
200 | (save-excursion | |
201 | (when buffer | |
202 | (set-buffer buffer)) | |
203 | (save-restriction | |
204 | (widen) | |
205 | (canlock-narrow-to-header) | |
206 | (setq keys (canlock-fetch-fields 'key) | |
207 | locks (canlock-fetch-fields)) | |
208 | (if (not (or keys locks)) | |
209 | (setq errmsg | |
210 | "There are neither Cancel-Lock nor Cancel-Key headers") | |
211 | (setq id-for-key (canlock-fetch-id-for-key) | |
212 | id-for-lock (mail-fetch-field "Message-ID")) | |
213 | (or id-for-key id-for-lock | |
214 | (setq errmsg "There are no Message-ID(s)"))))) | |
215 | (if errmsg | |
216 | (error "%s" errmsg) | |
217 | (setq password (or canlock-password-for-verify | |
218 | (read-passwd "Password for Canlock: "))) | |
219 | (if (or (not (stringp password)) (zerop (length password))) | |
220 | (error "Password for Canlock is bad") | |
221 | (when keys | |
222 | (when id-for-key | |
223 | (setq key-for-key (canlock-make-cancel-key id-for-key password)) | |
224 | (while (and keys (not match)) | |
225 | (setq match (string-equal key-for-key (pop keys))))) | |
226 | (setq keys (if match "good" "bad"))) | |
227 | (setq match nil) | |
228 | (when locks | |
229 | (when id-for-lock | |
230 | (setq key-for-lock | |
231 | (base64-encode-string | |
232 | (canlock-sha1 (canlock-make-cancel-key id-for-lock | |
233 | password)))) | |
234 | (when (and locks (not match)) | |
235 | (setq match (string-equal key-for-lock (pop locks))))) | |
236 | (setq locks (if match "good" "bad"))) | |
237 | (prog1 | |
238 | (when (member "bad" (list keys locks)) | |
239 | "bad") | |
240 | (cond ((and keys locks) | |
241 | (message "Cancel-Key is %s, Cancel-Lock is %s" keys locks)) | |
242 | (locks | |
243 | (message "Cancel-Lock is %s" locks)) | |
244 | (keys | |
245 | (message "Cancel-Key is %s" keys)))))))) | |
246 | ||
247 | (provide 'canlock) | |
248 | ||
23f87bed | 249 | ;;; canlock.el ends here |